You can use VPN to implement network security policy. For example, if yourun your own email server, you can require users to log in only from the IP address of the VPN server bycreating an IP address whitelist in the firewall. Thus, your email server is hardened to prevent hacking activ...
Running Exim in a container is not straightforward, especially as it is not an application built natively to run in a container. Of course, it would be great if Exim was a twelve-factor app, but it isn’t and sometimes you just have to deal with older-style apps. This post was ...
1. Create a OCSP request to work with, this also will produce a POST to the OCSP responder openssl ocsp -noverify -no_nonce -respout ocspglobalsignca.resp -reqout ocspglobalsignca.req -issuer globalsigng2.cer -cert globalsign.com.cer -url "http://ocsp2.globalsign.com/gsextendvalg2" -h...
Use mirror module to copy requests to another backend Performance (13) Adjust worker processes Use HTTP/2 Maintaining SSL sessions Enable OCSP Stapling Use exact names in a server_name directive if possible Avoid checks server_name with if directive Use $request_uri to avoid using regular expres...
If you use Apache, you also need to install the Certbot Apache plugin. sudo apt install python3-certbot-apache And run this command to obtain and install TLS certificate. sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --emailyou@example.com-dtube.yourdomain.com ...
Keep NGINX up-to-date Use only the latest supported OpenSSL version Prevent Replay Attacks on Zero Round-Trip Time Enable OCSP Stapling Prevent caching of sensitive data Set properly files and directories permissions (also with acls) on a paths Implement HTTPOnly and secure attributes on cookies Re...
Since Jellyfin is not included in Debian’s default repositories, you need to add the official Jellyfin repository and import its GPG key to ensure secure installations. Step 1: Import the GPG Key The GPG key verifies the authenticity of the Jellyfin packages. Run the following command to impor...
For checking if the smartcard works, without doing any verification check (and so for debugging purposes the option)--verify=no_ocspcan also be used, while--verify=partial_chaincan be used to do incomplete CA verification. Enable PAM service ...
> tomcat-native-1.2.21-openssl-1.1.1a-ocsp-win32-bin.zip) > > I can't get certificate revocation checking, specifically OCSP to happen > from the APR/OpenSSL code; > it seems to be happening instead from the Java (JSSE) code instead. ...
With certbot successfully installed, it’s time to generate your SSL/TLS certificate and link it with your Apache web server. Here’s the command you’ll need to use: sudocertbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com ...