ssl and https with letsencrypt!

nomorecubes.net now (finally) leverages https!

It has a certificate from letsencrypt, automatically verified by the service, maintained and deployed by docker-letsencrypt-nginx-proxy-companion.

The deployment has been considerably easy through docker-compose, adding the container to the existing nginx-proxy like this:

version: '2'

services:nginx-proxy:
 image: jwilder/nginx-proxy
 container_name: nginx-proxy
 ports:
 - "80:80"
 - "443:443"
 volumes:
 - "./certs:/etc/nginx/certs:ro"
 - "/etc/nginx/vhost.d"
 - "/etc/nginx/conf.d"
 - "/usr/share/nginx/html"
 - "/var/run/docker.sock:/tmp/docker.sock:ro"
 letsencrypt:
 image: jrcs/letsencrypt-nginx-proxy-companion
 volumes:
 - "/var/run/docker.sock:/var/run/docker.sock:ro"
 - "./certs:/etc/nginx/certs:rw"
 volumes_from:
 - nginx-proxy

l+f: SSL-Zertifikat durch Zeitreise frisch halten

Die kreative Idee des Tages kommt von manjaro Linux. Die Entwickler schlagen vor, die Warnung bezüglich des abgelaufenen Serverzertifikates zu beheben, indem man die lokale Systemzeit anpasst.

Als ob das System Zertifikate und CAs nicht auch so schon problembehaftet genug wäre, soll man jetzt auch noch per root die Systemzeit ändern. m(

via heise open.

Rouge CAs and certificate pinning.

A intermediate CA, held by MSC Holdings, issued by CNNIC, the Chinese NIC, apparently issued certificates for unauthorized domains. The problem was detected by Google for their domains through pinned certificates in their browser.

Google Online Security Blog: Maintaining digital certificate security.

Lenovo compromises SSL.

As if governance surveillance wasn’t in the news enough these days, hardware vendors are more or less trusted. Hardware with Windows OEM versions are long known for coming with adware pre-installed. Lenovo comes into the limelight for having installed Adware, that comes with a certificate to allow “Man in the middle” attacks, intercept secure connections and insert adware into trusted brand sites. Having software from a company named Superfish installed is a nightmare for any consumer. That adware removes any trust in online content and Lenovo as a vendor.

via Marc’s Security Ramblings.

Update:

Erratasec.