How to Resolve Java HTTPS Exceptions

java TLDR: Most java HTTPS connection problems can be fixed by updating the JVM. Don't import into cacerts unless you really need to (eg you have an internal CA within your organization). Test other http clients to make sure it is really a java problem.

This entry was:

HackMyCF Adds SSL/TLS Scanner

coldfusion web I'm pleased to announce a feature of HackMyCF that I've been excited about for a while: SSL / TLS Scanning.

If you stay up to date with security news you know that there have been a large number of vulnerabilities or weaknesses discovered in SSL or TLS protocols and implementations.

This entry was:

Using Mozilla's Certificate Authority List for Java SSL

java Every so often you run into an issue where you need to import a certificate signing authority's certificate into Java's cacerts certificate authority file. Oracle does a update the cacerts file every so often, but they never seam to be as up to date as a browser like FireFox.

This entry was:

HTTP Strict Transport Security

web An emerging standard called Strict Transport Security is starting to gain some traction among web browsers. Google Chrome supports it and Firefox is working on it (currently supported in the noscript FF extension).

This entry was:

How to Get a Green SSL Certificate

web Just as SSL Certificates were starting to become really inexpensive, they figured out a way to start charging more money again.

This entry was:

Howto Require SSL for ColdFusion Administrator

coldfusion A good security practice is to require SSL for ColdFusion administrator access (an even better practice is to limit access to localhost). This should only take less than five minutes on either Apache or IIS.

This entry was:

IIS: Disabling Weak SSL Protocols and Ciphers

web It's no secret by now that if your web site sees credit card numbers (even if they are passed to a third party gateway) you need to comply with the PCI DSS standards.

Requirement 4.

This entry was:

How To Scream Unsecured

web I was considering purchasing something from a foreign site today (I'm not going to name names), but then I noticed this link on the order form page:

I'm speechless!

This entry was:

Secure Forms

web Chris Shiflett, the author of Essential PHP Security posted a cool idea on his blog about secure forms. His idea was to have browsers show visually that a form action is secure (going to a HTTPS page). A good idea, I hope to see that implemented.

This entry was:

SSL for International Domain Names

web I didn't know that you couldn't buy SSL certs for international domain names (naive americans). I have only ever bought them for .com names.

This entry was:

Free SSL Certificates for OpenSource projects

web GoDaddy is giving away free SSL Certificates for open source projects. Sign up here.

Go Daddy is committed to the open source community. We want your site and data to be secure and we're willing to foot the cost to make them just that.

Just make sure that you Disable SSLv2!

This entry was:

Moving SSL Certs from IIS to Apache

linux web I found some instructions for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

Run mmc.

This entry was:


did you hack my cf?