ssl

Java: Loading self-signed, CA, and SAN certificates into a Java Keystore

The JRE comes preloaded with a set of trusted root authorities, but if you are working with self-signed certificates, or SAN server certificates that were signed using your own Certificate Authority then you are going to need to add these certificates to your trusted keystore. If your Java application attempts to communicate via TLS to Java: Loading self-signed, CA, and SAN certificates into a Java Keystore

Ubuntu: Testing authenticated SMTP over TLS/SSL

SMTP mail relays exposed to the internet typically use a combination of SSL and authenticated SMTP to avoid abuse by malicious actors. This is an excellent choice from a security perspective, but makes smoke testing a bit more complex than just opening telnet.

HAProxy: Using HAProxy for SSL termination on Ubuntu

HAProxy is a high performance TCP/HTTP (Level 4 and Level 7) load balancer and reverse proxy.  A common pattern is allowing HAProxy to be the fronting SSL-termination point, and then HAProxy determines which pooled backend server serves the request.

Nginx: Using Nginx for SSL termination on Ubuntu

Nginx is a popular reverse proxy and load balancer that focuses on level 7 (application) traffic.  A common pattern is allowing Nginx to be the fronting SSL-termination point, and then Nginx determines which pooled backend server is best available to serve the request.

OpenSSL: Using OpenSSL to enumerate protocols and ciphers in use by web applications

Update Feb 2023: enumerating the secure protocols and ciphers of a remote site can be done more efficiently by nmap, as described in my other article here. While enabling HTTPS is a important step in securing your web application, it is critical that you take steps to disable legacy protocols and low strength ciphers that OpenSSL: Using OpenSSL to enumerate protocols and ciphers in use by web applications