Revoking Lets Encrypt Certificate properly Rumi, August 14, 2020 When you want to learn how to revoke Let’s Encrypt SSL/TLS certificates, follow the steps below: Step 1: Validate Certificate file Before you revoke a certificate, you’ll want to validate that the correct certificates and key file you’re revoking.. since there is no reversal.. Once a certificate is revoked, it… Continue Reading
Installing a Comodo SSL on Zimbra using CLI Rumi, April 14, 2019April 14, 2019 1. Get the bundle from Comodo in crt format, or sometimes like a zip file. 2. Place the bundle on your Zimbra mailbox server. You should receive, or download, the next files: AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt my_domain_com.crt or since comodo is acquired by Sectigo, the updated zip might appear as below: Continue Reading
Zimbra Letsencrypt SSL Renew – Zimbra 8.6 Rumi, September 1, 2018 Let’s Begin: This works if you already have an expired letsencrypt ssl certificate and assuming you have already deployed SSL in you zimbra system. However, if you come up here already, and would like to know how to setup letsencrypt on your system you may read my other article here:… Continue Reading
Set Up Nginx Load Balancing with SSL Termination Rumi, March 23, 2018 Nginx can be configured as a load balancer to distribute incoming traffic around several backend servers. SSL termination is the process that occurs on the load balancer which handles the SSL encryption/decryption so that traffic between the load balancer and backend servers is in HTTP. The backends must be secured… Continue Reading
The SSL/TLS Handshake: an Overview Rumi, March 6, 2018 Obligatory SSL/TLS Handshake Graphic All SSL/TLS-related sites have their own version of a handshake diagram – here’s ours! (Click to enbiggen.) Let’s Clear Up Some Confusion, If We Can Some confusion about how SSL/TLS handshakes work is due to the handshake being only the prelude to the actual, secured session itself. Let’s try to… Continue Reading
Let’s Encrypt service with Pound server Rumi, February 5, 2018 In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system) $sudo apt-get install git (if not previously installed) $cd /opt $sudo git clone https://github.com/certbot/certbot Running the above commands will download the Certbot latest release from their git repo in… Continue Reading
Stunnel on Debian/Ubuntu with Squid Rumi, October 27, 2015 What’s Stunnel The Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the program’s code. What… Continue Reading
Convert .p12 bundle to server certificate and key files Rumi, August 28, 2015February 16, 2024 Seperate Private Key and Certificate file #Generate certificates bundle file openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem #Generate server key file. openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes… Continue Reading
Convert .p12 and install in apache server Rumi, October 18, 2013 If you have a pkcs12 file (from IIS for example) and if you need to install the certificate on an Openssl-compatible product such as Apache, you will have to extract the content of the pkcs12 to get several files. First of all, create a global file (package): openssl pkcs12 -in… Continue Reading
BD now member of Asia PKI Consortium Rumi, June 22, 2013 Bangladesh has been accepted as a member of the Asia PKI Consortium in its General Assembly (GA) Meeting held in Bangkok recently. The GA Meeting was chaired by Philip Leung, Chairman of Asia PKI Consortium and attended by member countries. The GA unanimously approved the membership of Bangladesh in the… Continue Reading