In the early days of the encrypted web you could get certificates valid for any period of time. Long gone are those days and as more time goes by we realise just how much we need to be doing a lot more to greatly reduce the maximum validity period on…
Tag: Let's Encrypt
Total 22 Posts
Migrating your site to HTTPS can be hard, really hard. There are countless different ways to perform your migration and various tools and techniques that can help you smooth out the transition. This is a high-level deployment plan that should help you to consider all of the aspects that you…
There, I said it! It might sound like a weird thing to stay but stick with me on this one. We really do need more phishing sites on HTTPS, all of them, encrypt all the things, and not for the reason you might think. The web is going HTTPS There's…
I was having a period of really high load on securityheaders.io earlier and whilst I looked into it and sorted out the root cause I wanted to throw some more cloud behind the site to bolster it. That introduced an interesting problem that I wanted to solve quickly. DNS…
I've written quite a few blogs on how to get started with Let's Encrypt and covered both RSA and ECDSA certificates. In this blog I'm going to look at how we revoke them. Let's Encrypt If you haven't come across Let's Encrypt yet, they're a CA that you can use…
I don't think anyone can disagree with the tremendous amount of progress that has been made in deploying web encryption over the last year or so and Let's Encrypt have played a monumental part in that. Recently though I've seen some negative comments about the CA and some concerns over…
The www subdomain is so overrated I decided it was time for a change. What else could be better than 3 padlocks for my new subdomain?! Yes, it really works! You can try out the new subdomain and link to it just like you would any other. Here is the…
NginX version 1.11.0 just became available and that means we can now serve both RSA and ECDSA certificates for maximum performance without having to drop support for older clients. Nginx 1.11.0 As I noted a couple of days ago, the 1.11.0 release of NginX…
Very often people tell me "we don't need HTTPS" and most of the time the justification is based on 1 of 2 arguments. It's either "we don't have a login screen" or "we don't serve any sensitive data". Supporting HTTPS on your site has…
I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current Alexa Top 1 Million with additional metrics being tracked, I thought I'd compare the results and see how much progress…
