Tag Archives: web

SSL Client Authentication Step By Step

SSL’s primary function on the Internet is to facilitate encryption and trust that allows a web browser to validate the authenticity of a web site. However, SSL works the other way around too – client SSL certificates can be used to authenticate a client to the web server. Think SSH public/private key pairs, if that is familiar to you. In this blog post I will outline the steps to create a certificate authority certificate, sign a server certificate and install it in Apache, and create a client cert in a format used by web browsers.

Continue reading SSL Client Authentication Step By Step

SSLv2, why are you still around?

What

The SSLv2 protocol is an obsolete version of SSL that has been deprecated since 1996 2011 due to having several security flaws. Current standards (2016) are SSL 3.0 and TLS 1.0TLS1.0-1.2 with SSL being fully deprecated, however, a common finding in Nessus scans of web servers SSLv2 is still enabled. IIS through v7 and Apache with OpenSSL prior to v1.0 have it enabled by default.

Continue reading SSLv2, why are you still around?