This post details how to set up a root OpenSSL Certificate Authority using Elliptic-curve cryptography (ECC) based on the following two resources. OpenSSL Cookbook — Another great resource by Ivan Ristić and it’s FREE! Building an OpenSSL Certificate Authority — Multi-post series on the F5 dev/central community by Chase Abbott. Update — 2021–7–28 …

Relayd is a free load-balancer, application layer gateway, transparent proxy, and SSL/TLS gateway. It’s safe to say I would avoid placing a web server directly on the internet without placing relayd infront of it. While it may not have all the functionality of competing products (e.g. …

The default web server in OpenBSD is httpd. A lightweight server with only the essentials and built secure from the ground up. There are occasions when a website must be placed into maintenance and httpd.conf makes this easy with pattern matching. Tested on: OpenBSD 6.6 GENERIC Create Maintenance Page Save the following (or…

Content Security Policy (CSP) is an HTTP response header used to protect the client against XSS, clickjacking, and loading untrusted content. When a page has internal scripts or styles, CSP can allow it by using a nonce or specifying it’s hash as a base64 encoded value. …

Welcome to my write-up! Here you’ll find the steps needed to complete objectives and challenges. However some will not provide the answer. This is because if you follow the steps and understand what you’re doing; you’ll get the answer. If you’re only looking for the answer, there are other write-ups…

Online Certificate Status Protocol (OCSP) stapling is a standard for checking certificate revocation. Most commonly deployed on web servers using TLS and required if you’re aiming for an A+ on Qualys SSL Server Test. Even better, CloudFlare reports connection time improvement by up to 30% in some cases. [0] The…

Microsoft Desired State Configuration (DSC) is a management platform where configurations use a declarative syntax. Traditionally configurations are made by finding the particular Group Policy setting (local or otherwise). With DSC, all of the settings are in a text file stating the desired value (i.e. …

There are services within Microsoft Windows operating system that one cannot easily configure as in StartupType=Disabled. This post will show how to ensure a service is disabled regardless of errors encountered when using traditional means (e.g. gui (MMC), commandline (cmd), PowerShell) and without delving into ACLs. This issue was identified…

When implementing Server Side Includes (SSI) on nginx 1.16.1, extra bytes were being returned in the responses. While this wouldn’t be noticed when viewed in a webpage, it can provide information disclosure when viewing the raw stream. …