Total 24 Posts

Getting started with Let's Encrypt!

Let's Encrypt, the brand new and free Certificate Authority (CA), is now in public beta and I've just switched over to start using their certificates along with auto-renewal. No more re-issuing every year, that's right, it's all auto-magic! Let's Encrypt! There are many attractions to using Let's Encrypt (LE) but…

Continue Reading

Guidance on setting up HPKP

Having recently released my HPKP toolset, I thought I'd give some guidance on the various ways you can setup HPKP and the benefits and drawbacks of each. HTTP Public Key Pinning If you aren't familiar with HPKP then you should start by reading my introductory blog, HPKP: HTTP Public Key…

Continue Reading

The HPKP toolset!

HPKP is an incredibly powerful response header that allows you to whitelist the fingerprints of specific cryptographic identities. This offers you protection against a rogue Certificate Authority issuing a certificate for your site. My new HPKP toolset will make implementing and testing your HPKP policy much easier! HTTP Public Key…

Continue Reading

Demonstrating HPKP validation failures

I have a couple of subdomains on scotthelme.co.uk to show how good a TLS config can be and how bad a TLS config can be and still not attract any warnings in the browser. I'm now adding a third subdomain to demonstrate what happens when your HPKP policy…

Continue Reading

Major update for report-uri.io

Over the weekend I finalised a major update for https://report-uri.io, my new CSP and HPKP violation reporting service. Designed to make setting up and using your CSP even easier, this update has now been pushed out to the live site. Here are the details. New branding The first…

Continue Reading