LITTLEBLACKDOG.COM Forum Index LITTLEBLACKDOG.COM

 
LWD LWD   FAQ FAQ   Memberlist Memberlist   Usergroups Usergroups   Active Topics Active Topics   Register Register  
  Profile Profile   Log in to check your private messages Log in to check your private messages   Log in Log in  
  Who is Online Who is Online   Image Gallery Image Gallery   Chat Chat   Search Search  
  LWDGear       LBDGear  

View next topic
View previous topic
Post new topic     Reply to topic   LITTLEBLACKDOG.COM Forum Index » Article Discussions
Author Message
Fido
Big Dog
Big Dog


Joined: 18 Oct 2000
Posts: 4423

Post Posted: Mon Mar 01, 2004 7:43 pm   Post subject: An introduction to SSL Certificates Reply with quote Back to top  

Feel free to post any questions, comments, or feedback regarding this article. We will do our best to answer any questions you may have, and look forward to your feedback on this article!

Original Article - http://www.littlewhitedog.com/content-71.html
View user's profile Send private message Send e-mail Visit poster's website
ThunderDawg
Alpha Dog
Alpha Dog


Joined: 14 Apr 2002
Posts: 18602
Location: Where Summer Spends the Winter

Post Posted: Tue Mar 02, 2004 4:37 am   Post subject: Reply with quote Back to top  

Good article, Demon. It's always refreshing to read from someone who knows their own language well.

/me looks forward to the sequel

_________________
View user's profile Send private message Visit poster's website
soup4you2
Tail-Wagger
Tail-Wagger


Joined: 15 Mar 2002
Posts: 2471
Location: Desolate wastelands of Virginia

Post Posted: Tue Mar 02, 2004 5:39 am   Post subject: Reply with quote Back to top  

now thats what i'm talking about... good job...

for those interested building a cert in *nix is pretty easy...

($:~)=> vi pst.cnf

Code: Select all

RANDFILE = /etc/postfix/ssl/post.rand     

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no     

[ req_dn ] C=countryName Two letters!
ST=stateOrProvinceName
L=localityName
O=organizationName
OU=OrganizationalUnitName
CN=commonName
emailAddress=emailAddress     

[ cert_type ]
nsCertType = server


($:~)=> dd if=/dev/urandom of=./post.rand count=1 2>/dev/null

($:~)=> /usr/sbin/openssl req -new -x509 -days 365 -nodes \
-config ./pst.cnf -out ./post.pem -keyout ./post.pem

($:~)=> /usr/sbin/openssl gendh -rand ./post.rand 512 \ >>/etc/postfix/ssl/post.pem

($:~)=> /usr/sbin/openssl x509 -subject -dates -fingerprint -noout -in ./post.pem

And *Bamm* u got certs... which reminds me mine expire this month Sad i need to do something about that..

_________________
tomorrow will be canceled due to lack of interest
View user's profile Send private message Send e-mail
creed
Veteran Dog
Veteran Dog


Joined: 08 Nov 2003
Age: 106
Posts: 6426
Location: A red dot in a blue sea

Post Posted: Thu Jul 15, 2004 8:58 pm   Post subject: Reply with quote Back to top  

Demon wrote:
Heh. *giggle*

A quick Google for SSL Certificates has this article in fifth place already. Smile


can we say we rock? I knew we could

_________________
The Seven faces of Creed

View user's profile Send private message
hericp
Butt Sniffer
Butt Sniffer


Joined: 28 Mar 2003
Age: 44
Posts: 1293
Location: Morro Bay, CA

Post Posted: Fri Jul 16, 2004 1:43 pm   Post subject: Reply with quote Back to top  

Wow! great article. and what timing! recently i've started caring more about security and last night i even went so far as to get my own personal email certificate from Thawte. of course it's all still greek to me but this article was a big help. now get back to work on some follow up articles! Smile

_________________
-eric painter
View user's profile Send private message Send e-mail Yahoo Messenger MSN Messenger
Doomhammer
Leg Humper
Leg Humper


Joined: 01 Jun 2004
Posts: 4700
Location: Utah

Post Posted: Fri Aug 13, 2004 12:59 pm   Post subject: Reply with quote Back to top  

Haven't read it yet, but I've been thinking about using SSL for my admin script I'm planning on writing. I'm sure this'll be a big help, since I know nothing of SSL at the moment, besides that it uses 128bit encryption...

_________________
"The depth of your jealousy concerning my leetness astounds even me." - Ethan - CTRL+ALT+DEL
"Spare monies for a noob? Heal plz? How I mine for fish?" - Leo - VGCats # 160
"I hurt in my everywhere." - VGCats

Q: If a tree falls when nobody can hear it, does it make a sound?
A: Chuck Norris can hear it.


Lycander wrote:

see, the typical responses I see from Doomy follow a vein of: "wtf d00d, why are you doing it like that? do it like ME, because I'm ultimate roxxor LOLBBQ"


'Tis true LOL !
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
3Lark
Stray Dog


Joined: 23 Feb 2016
Age: 30
Posts: 1

Post Posted: Wed Feb 24, 2016 1:37 am   Post subject: Reply with quote Back to top  

I didn't realize SSl certificates were so old. I thought they were a new thing.

I have a question, how do I change the contents of an SSL certificate?

I see some people have https as their site address, how did they get this, by changing their SSL certificate?
View user's profile Send private message
Slymer
Big Dog
Big Dog


Joined: 29 May 2003
Age: 39
Posts: 4498
Location: Texas, land of good eatin

Post Posted: Thu Feb 25, 2016 8:29 pm   Post subject: Reply with quote Back to top  

some use self-signed. other buy their certs from the providers. Those with "official" certs don't have browsers griping about their sites using insecure certs. Most folks that run a personal server for giggles that uses SSL will use self-signed certs. Sites for businesses should use official certs as they loose credibility with customers if they use insecure certs as they are even less assured of their payments methods being secure.

_________________
The Sly One
======================================
Windows is like crack. It feels good, it's easy to start into, it hooks you bad, it costs a ton of money, and it makes you crazy. And you still love it. - EdisonRex

Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Albert Einstein

View user's profile Send private message Visit poster's website AIM Address ICQ Number
EdisonRex
Lead Dog
Lead Dog


Joined: 06 May 2002
Posts: 10982
Location: 4 Corfe Close

Post Posted: Wed Mar 09, 2016 6:29 pm   Post subject: Reply with quote Back to top  

Welcome, 3Lark.

The https:// vs. http:// is actually which port you are telling your http server to listen on. 80 is http:// and 443 is https:// I have a server that doesn't listen on 80 at all except to redirect to 443.

As for certificates, well, there are some much cheaper sources for trusted certificates available. Generally the methods haven't changed since that article was written, but you could look to one of the cheaper cert providers like startssl.com or Let's Encrypt whose certs are as secure as those $600 ones.

BTW while you're getting your certs in place, mind your ciphers and upgrade your TLS and stop using SSL. And stop tracking mud across my nice clean floor Laughing

_________________
Garret: It's so retro.
EGM: What does retro mean to you?
Parker: Like, old and outdated.
View user's profile Send private message AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic     Reply to topic

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
phpBB SEO
All times are GMT - 8 Hours

Help us keep advertisements off this site. Donate today!