SSL Archives

Disable ECDH public server param reuse in Windows Server IIS

ECDH public server param reuse is when a server uses the same DH (Diffie-Hellman) key value for multiple handshakes, instead of generating a new one for every handshake. They should be "ephemeral" though which is why it is called "DHE" or "ECDHE", and this means the key is single-use and should never be reused. Windows Server IIS is known for reusing DH key values, but there is a way to disable ECDH public server param reuse in Windows Server IIS.

By Jan Reilink 09/04/2024Windows Server

PowerShell

Use PowerShell with SSL client certificates for HTTPS GET requests

How to use a specific TLS/SSL certificate or thumbprint for your outgoing HTTPS requests using PowerShell.

By Jan Reilink 02/11/2023PowerShell

Windows Server

Install SSL/TLS certificates in Windows Server using PowerShell

Use PowerShell to install SSL certificate in Windows Server and change its FriendlyName property. As a bonus, I show you how to verify a certificate's Common Name (Subject) and Subject Alternative Name (SAN) using certutil.exe and PowerShell Get-PfxCertificate.

By Jan Reilink 10/08/2023Windows Server

GNU Linux

Force HSTS in Apache .htaccess

Learn how to enable HSTS (HTTP Strict Transport Security) in Linux Apache .htaccess. I wrote about enabling HTTP Strict Transport Security (HSTS) in IIS earlier. But what about enabling HSTS in Apache .htaccess? Here is how.

By Jan Reilink 18/12/2020GNU Linux

Code base

How to use SSL in PHP Data Objects (PDO) mysql

Connect securely to your MySQL database using PHP Data Objects (PDO) and SSL/TLS; Here is how to connect to MySQL with PHP PDO using an SSL encrypted connection.

By Jan Reilink 07/08/2018Code base

plain FTP without TLS configured in an FileZilla Site Manager entry.

Windows Server

How to turn off the TLS default in FileZilla?

Here is how to disable TLS encryption in FileZilla and turn off the FTP over TLS default setting. Connect plain FTP without TLS.

By Jan Reilink 10/07/2017Windows Server

WordPress

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You'll learn the important steps to move WordPress from http to https

By Jan Reilink 15/07/2016WordPress

Windows Server

Ghost on IIS with HTTPS, how to resolve a “Too many redirects” error

When you use iisnode to host the Node.js blogging software Ghost on your IIS web server, and you set up an SSL certificate for your Ghost website, you may run into too many redirect issues when changing Ghost's config.js file. This happend to me yesterday, and here is the solution.

By Jan Reilink 17/05/2016Windows Server

Windows Server

How to enable HTTP Strict-Transport-Security (HSTS) on IIS

Learn how to enable HTTP Strict-Transport-Security (HSTS) response header in Windows Server IIS 10 web servers.

By Jan Reilink 06/06/2015Windows Server

GNU Linux Windows Server

Redirect HTTP to HTTPS

Various HTTP to HTTPS redirection methods, for Windows Server IIS and Linux Apache.

By Jan Reilink 13/03/2015GNU Linux, Windows Server

MONIT - Barking at daemons. Monit is a small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

GNU Linux

Monit monitoring on Ubuntu 14.04 VM on Hyper-V

Set up a Monit monitoring service for your websites and services. Monit is a free and open source service monitoring application which can perform various event-based actions. Monit can send email notifications, restart a service or application, or take other responsive actions. We set Monit up on a Ubuntu 14.04 VM, built on Hyper-V. And we use Monit to monitor several websites, and send out notifications on downtime.

By Jan Reilink 15/02/2015GNU Linux

Code base

Check website availability with PHP and cURL

Perform a PHP cURL request to check if your website is up or not. Verify your website's online status and availability using just PHP.

By Jan Reilink 10/09/2014Code base

WordPress

Send authenticated SMTP email over TLS from WordPress

How to configure TLS for SMTP email in WordPress. I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using authenticated SMTP or TLS transport for security. A quick Google search showed me multiple plugins to handle this, but I wanted to create something myself. Here is how to override the wp-mail() function and send email using authenticated SMTP and StartTLS from WordPress.

By Jan Reilink 29/07/2014WordPress

Windows Server

Send email with Ghost using SMTP authentication and TLS encryption

As you know, more and more web hosting providers require SMTP authentication (often abbreviated as SMTP AUTH) and a TLS encrypted connection to send email. Here you'll find some script examples to Send secure SMTP email from your website.

By Jan Reilink 19/06/2014Windows Server

Web application security

Test SMTP Authentication and StartTLS

Investigate SMTP authentication issues like a boss! Particular over TLS encrypted SMTP connections, it's always handy if you are able to test the SMTP authentication and StartTLS connection. Preferably from your command line. This post shows you how to test SMTP servers, create base64 encoded logon information, verify SMTP authentication over an opportunistic TLS connection, all from the Linux and Windows command line using OpenSSL.

By Jan Reilink 17/05/2014Web application security