SSL/TLS

Guides, best practices, and technical explanations related to SSL/TLS certificates, HTTPS, encryption, and secure communications.

Kubernetes TLS: Securing Ingress with Certificates

Managing TLS in Kubernetes is different enough from regular server TLS that it’s worth covering separately. The concepts are the same — certificates, private keys, certificate authorities — but the mechanics of how you provision, store, and rotate certificates involve Kubernetes-specific objects. I’ve worked through this on a few clusters. Here’s the practical picture. The

Kubernetes TLS: Securing Ingress with Certificates Read Post »

Certificate Transparency Logs: What They Are and Why You Should Care

Certificate Transparency (CT) is one of those things you use every day without thinking about it. Every time your browser connects to an HTTPS site, Certificate Transparency is working in the background to help ensure the certificate you’re seeing is legitimate. Understanding it has practical implications if you manage SSL certificates. The Problem CT Solves

Certificate Transparency Logs: What They Are and Why You Should Care Read Post »

Building Your Own Certificate Authority with OpenSSL

There’s a point in most sysadmin careers where you stop relying entirely on public CAs and start thinking about internal infrastructure. Internal APIs, staging environments, service-to-service TLS, developer machines — all of these benefit from having a proper internal CA rather than a pile of self-signed certificates scattered everywhere. I set up my first internal

Building Your Own Certificate Authority with OpenSSL Read Post »

Apache SSL Configuration: Modern Settings for a Secure Setup

Apache’s SSL configuration has improved a lot over the years. Getting it right involves enabling the right modules, configuring ciphers, setting up HSTS, and making sure the certificate chain is complete. Here’s the configuration I use. Required Modules Make sure these modules are enabled: Verify: Virtual Host Configuration A complete HTTPS virtual host: SSLProtocol -all

Apache SSL Configuration: Modern Settings for a Secure Setup Read Post »

Scroll to Top