Currently Viewing Posts Tagged comodo

5 Free SSL Tools You Must Try in 2016

It is 2016, your website must be SSL encrypted. Now, you have questions, how about my server and how about my SSL installation? This is the answer to this question. You must try these five free tools to test, check, analyse your https website.

No.1 SSLShopper

It is an SSL checker. Enter server hostname and click check SSL button. It will give you the brief results, including server type, certificate CA, expiration day, etc.

sslshopper

LINK:  https://www.sslshopper.com/ssl-checker.html

No.2 Symantec CryptoReport

It is a powerful tool with good design. The result is more and it is the only one can tell you how many certificates installed. Look at below, the report said, I have RSA and ECC certificates installed.  The report

The report has following information:

  • Certificate is installed correctly.
  • Certificate chain installation part.
  • Server configuration:(Server type, IP, Port, Protocols, Cipher suites, etc.)

symantecLINK: https://cryptoreport.websecurity.symantec.com/checker/

Continue reading “5 Free SSL Tools You Must Try in 2016”

Add my Blog to HSTS preload list

Now my Blog, David Yin Blog is https encrypted . And it is also HSTS enabled. And latest, it is HSTS preload enabled.

It has three layers meaning.

  1. https support.
  2. HSTS enabled.
  3. HSTS preload enabled.

Let me explain them one by one.

First, add https support. I did this step on Feb. 2016, when I announced that SSL added. I recorded how I get the SSL certificate and install it on Nginx web server.

After that, all content send back and force from my Blog to an audience is encrypted. Even ISP can not read the content from the data traffic.

comodo-positive ssl-certificate

Second, I add the HSTS into the Nginx configuration, to make it more secure.

What is HSTS?

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,[1] and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797

Continue reading “Add my Blog to HSTS preload list”

SSL added

To provide higher security and better privacy protection, I added SSL certificate on my Blog, here.

When you enter the url of my blog: http:///www.yinfor.com/, it will redirect you to the SSL version, https://www.yinfor.com/

The certificate is purchased from gogetssl.com , three years certificate of Comodo PositiveSSL.

The latest price is $13.15/3years.

comodo_secure_100x85_white

Look at the comodo secure lock, it is a site seal.

Continue reading “SSL added”

Certificate Installation: NGINX with Comodo SSL

Here is the guide to show you how to install the Comodo SSL certificate in Nginx.

  1. Order Comodo Certificate. And received the Certificate files.
    I don’t discuss how to get it, where to get it. It is another topic. You will receive following files.
    Positive SSL certificate, it is a zip file emailed to you. Unzip it and get four files.
    PositiveSSL-Shalom-Campus1

    • Root CA Certificate – AddTrustExternalCARoot.crt
    • Intermediate CA Certificate – COMODORSAAddTrustCA.crt
    • Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
    • Your PositiveSSL Certificate – www_example_com.crt (or the subdomain you gave them)
  2. Make the file for Nginx
    cat  www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > your_domain_crt.pem 

    I just need your certificate and intermediate certificates. Root is already installed in every single computer or browser. The order of certificates is important.

  3. Save this file into the place you want Nginx use
    mv your_domain_crt.pem /etc/nginx/ssl/
  4. Save your private key in the same place
    mv your_domain_key.pem
  5. Make sure your Nginx config file looks like below
    server {
    listen 443 ssl;
    
    ssl_certificate /etc/nginx/ssl/your_domain_crt.pem;
    ssl_certificate_key /etc/nginx/ssl/your_domain_key.pem;
    
    # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    # ...
    
    }
  6. Reload Nginx and check if it works by enter https://www.your_domain.com/

Chrome keeps crashing on startup

This morning, when I turn on my PC, I saw the alert message window of Google Chrome.

google-chrome-45--crash

Problem signature:
Problem Event Name:    BEX
Application Name:    chrome.exe
Application Version:    45.0.2454.85
Application Timestamp:    55df881b
Fault Module Name:    guard32.dll
Fault Module Version:    8.2.0.4674
Fault Module Timestamp:    55c148a3
Exception Offset:    000269c9
Exception Code:    c0000409
Exception Data:    00000000
OS Version:    6.1.7601.2.1.0.256.28
Locale ID:    1033
Additional Information 1:    245b
Additional Information 2:    245b87f1e9247b2ba9f9bea5f513a892
Additional Information 3:    b91a
Additional Information 4:    b91adc989991e0190675cb62c0dcb1c3

 

I click “Close the program”, and try a lot of time and still not working.

After Google the error, I knew the problem is because of Comodo Firewall program. It has a HIPS facility.

Let me disply the steps to solve this problem.

Continue reading “Chrome keeps crashing on startup”

Free Professional Firewall from Comodo

I was wondering if I need a firewall on my desktop, which is Windows 7.  Even Symantec Endpoint Protection anti-virus program is installed.

Late I found Comodo Firewall. It has CNET Editor’s 5 stars Rating.  And it is FREE.

Go to the official site to download the Free Firewall.

  • No complex configuration issues—perfect for amateur users
  • Quickly learns user behavior to deliver personalized protection
  • User-friendly, attractive graphical interface
  • Lots of configuration options let techies configure things just as they like
  • DDP-based security keeps you informed and PCs safe

 

 

Here is a screenshot on my desktop.

comodo-firewal

Looks simple? When I click the Tasks link on the right-upper, there are so many advanced features.

Continue reading “Free Professional Firewall from Comodo”

Some issues when I use SSL on web server Apache

I purchased SSL certificate from Gogetssl.com. The Comodo Essential SSL is a good deal on the list. I paid it $37.45 for FIVE years.

OK back to the title.

1) The CSR generator online is default sha1. Use my own openssl command to generate sha256 CSR, KEY files.

There are so many articles related sha1 vs sha256 ssl

If you can, use SHA-256 instead of SHA-1.

SHA1 is going to retired.

The command I use to generate private key and CSR file.

openssl req -new -newkey rsa:2048 -nodes <b>-sha256</b> -out www.mydomain.com.sha256.csr -keyout www.mydomain.key -subj "/C=FR/ST=Calvados/L=CAEN/O=TBS INTERNET/CN=www.moydomain.com"

Please make your own command with this tool.  Then add -sha256 in it . The above is for reference only.

2) Chain CA order

The certificate I received from gogetssl is a zip file. Unzip it and I got four certificate files.

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • yourdomain.crt

To make a ca-bundle file, combine the three crt files into one.

When combine them, be carefully the order of files.

Put the content of COMODORSADomainValidationSecureServerCA.crt in the beginning of the ca-bundle file. Then paste the content of COMODORSAAddTrustCA.crt below, and paste the content of AddTrustExternalCARoot.crt.

3) Chain issues – Contains anchor

This is a issue when I check the ssl on ssllabs.com

AddTrustExternalCARoot.crt is the root CA. Self issued. Some people said the issue is because of this self issued root CA.

There are some post about it. They said it is safe when not include it in the ca-bundle

Comodo support article Qualys forum thread

ssl-labs

Continue reading “Some issues when I use SSL on web server Apache”

  • Archives