Apache SSL Configuration: Modern Settings for a Secure Setup

Apache’s SSL configuration has improved a lot over the years. Getting it right involves enabling the right modules, configuring ciphers, setting up HSTS, and making sure the certificate chain is complete. Here’s the configuration I use. Required Modules Make sure these modules are enabled: Verify: Virtual Host Configuration A complete HTTPS virtual host: SSLProtocol -all […]

Apache SSL Configuration: Modern Settings for a Secure Setup Read Post »

TLS in Docker: Securing Containers Without Losing Your Mind

When I first started running services in Docker, TLS felt like an afterthought. Everything was on localhost or an internal network, so I figured it didn’t matter much. Then I started exposing services, connecting containers to external databases, and dealing with client certificate authentication — and suddenly TLS was everywhere. Here’s what I’ve actually learned

TLS in Docker: Securing Containers Without Losing Your Mind Read Post »

PKCS#12 / PFX Files: Complete Guide to Creating, Extracting, and Troubleshooting

I’ve dealt with PKCS#12 files (also called PFX or P12 — the terms are interchangeable) more times than I’d like. Mostly when migrating certificates to Windows, working with Java keystores, or handing certificates off to developers who aren’t familiar with PEM files. The format is useful but the tooling around it is inconsistent and the

PKCS#12 / PFX Files: Complete Guide to Creating, Extracting, and Troubleshooting Read Post »

OCSP Stapling in Nginx: What It Is, Why It Matters, and How to Configure It

I spent a while ignoring OCSP stapling because it felt like an advanced optimization that wasn’t worth the effort. Then I actually measured the TLS handshake times on a server without it and realized visitors were waiting for an extra round-trip to a CA’s OCSP server on every new connection. That changes the calculus. What

OCSP Stapling in Nginx: What It Is, Why It Matters, and How to Configure It Read Post »

Scroll to Top