Website Security Solutions | Latest Guides | Blog

Forcing older .Net applications to use strong cryptography

Microsoft’s .NET framework is a collection of tools and libraries accessible from various “.NET Programming Languages” used by developers to build applications on the Windows Platform. ASP.NET, which runs natively on IIS (Microsoft’s web server bundled with Windows Server), Visual Basic .NET, C# .NET and Windows Powershell are all examples of languages which can natively take advantage of the abstrac… [read more →]

What to do when you take control/inherit a Secure Network Environment.

There are a lot of reasons why you might inherit a network. Maybe the person who handled SSL/TLS left abruptly, or perhaps you’re doing a favor for a friend. Whatever the reason, it can be overwhelming to get a handle on the sorts of care and feeding a computer system requires from an SSL/TLS standpoint. This is understandable. It’s a lot of responsibility to ensure that a system keeps running wit… [read more →]

How to use Wireshark to Troubleshoot SSL/TLS App Network issues

Wireshark is an extremely powerful tool for analyzing the conversations your computer is having over the network. When an application’s logs come up empty, Wireshark is often the best way to figure out what’s going with software. When troubleshooting issues with SSL/TLS, Wireshark is invaluable. Have you ever gotten an error message complaining about secure negotiation? Most Sysadmins have. Where is … [read more →]

Setup Varnish with Nginx and SSL

Two of the most important considerations for any website owner are security and speed. Historically, these goals have been ever at odds. One of the most effective techniques for insuring a consistent experience for end users is a caching layer. Varnish, the most well-known, does not natively support SSL/TLS. Luckily, by combining Varnish with a reverse proxy like nginx, we can take advantage of… [read more →]

Setup HAProxy 2 with KeepAliveD and Layer 7 Retries

HAProxy is an extremely powerful free and open-source load balancing solution. With it, you can insure high availability within your datacenter. Highly available systems are better for business continuity and better for security, as they can be patched with updates without taking the service down. A common pattern in the design of highly available systems is to use a pair of load balancers in… [read more →]

The Complete and Easy Guide to TLS1.3

Transport Layer Security (TLS) provides the foundation for encryption in-flight. The first version of TLS, 1.0, replaced Secure Sockets Layer (SSL) in 1999. The latest version, 1.3, was finalized as a proposed standard in RFC 8446 in December of 2018. With it, comes enhancements in both speed and security. One of the biggest differences between TLS 1.2 and TLS 1.3 is that perfect forward secrecy… [read more →]

Setup OCSP Stapling

OCSP Stapling is an exciting technology supported by all recent servers and clients that with just a few minutes of your time will allow you to reduce the network load on your servers and provide faster load times for your sites and services. How it works SSL/TLS certificates signed by a Certificate Authority such as GeoTrust or Comodo must have a programmatic revocation mechanism. Traditionally,… [read more →]

Create CSR and Key with Microsoft Management Console (MMC)

Generating a CSR can be performed in a lot of different ways. However, only the Certificates MMC comes installed by default on Microsoft Windows clients and servers. It can be a little finicky at first, but once you understand the underpinnings of the utility, it is an excellent tool. Use these instructions to generate a Certificate Signing Request (CSR) in Microsoft Management Console (MMC).… [read more →]

Installing a Cheaper SSL on Godaddy Web Hosting 2019

Godaddy like to charge a premium price for SSL Certificates, even after they discount them. The good news is; you don't have to pay their high price. You can purchase an SSL Certificate at a much cheaper price and install it within minutes. This guide will go through the entire process to get you up and secure quick. It can be used to install a lower priced SSL Certificate, with the same security… [read more →]

Securing Microsoft SQL Server with SSL/TLS

SQL Server is a popular database platform choice for database-driven applications. Based on interpreting TSQL, Microsoft’s proprietary dialect of SQL, SQL Server facilitates remote connections to your structured data. Unfortunately, SQL Server is not secured by default. Other machines communicating with it over TCP Port 1433 are doing so in clear-text, and a sniffer like WireShark could intercept t… [read more →]