Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.
Server Name Indication - Wikiwand used to host multiple sites on the same IP
The authentication relied on Certificate Authorities (CA) and a public key infrastructure using X.509 certificates.
The server register with a CA and sign its public key with the key of CA for a fee. The client, after receiving the public key from server, verifies it with the CA.
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today | Heroku
Exploring HTTPS With Python – Real Python
What are SSL/TLS Certificates? Why do we Need them? and How do they Work? - YouTube
Transport Layer Security (TLS) - Computerphile - YouTube
TLS Handshake Explained - Computerphile - YouTube
Transport Layer Security, TLS 1.2 and 1.3 (Explained by Example) - YouTube
The SSL/TLS Handshake: an Overview – SSL Information and FAQ
File:Ssl handshake with two way authentication with certificates.png - Wikimedia Commons
TLS 1.3 » ADMIN Magazine
Wireshark - YouTube TLS/QUIC decryption with Wireshark and SSL key logs
Decrypt SSL with Wireshark - HTTPS Decryption: Step-by-Step Guide
HTTPS Decryption with Wireshark // Website TLS Decryption - YouTube
Decrypting TLS, HTTP/2 and QUIC with Wireshark - YouTube
pan-unit42/wireshark-tutorial-decrypting-HTTPS-traffic
HTTPS: an awesome, secure tale (pt 1) | by Omer Goldberg | Bits and Pieces
ESNI: A Privacy-Protecting Upgrade to HTTPS | Electronic Frontier Foundation
Server Name Indication - Wikiwand multi-tenant on the same IP
OpenSSL is a toolkit for the TLS and SSL.
HTTPS Is Easy!
Is TLS Fast Yet?
ImperialViolet - Overclocking SSL HTTPS is fast since 2010
ImperialViolet - Public key pinning
Survival Guide - TLS/SSL and SSL (X.509) Certificates (CA-signed and Self-Signed)
Rolling out Public Key Pinning with HPKP Reporting — Google Web Updates
SSL: it’s hard to do right | The Recompiler
Nick Craver - HTTPS on Stack Overflow: The End of a Long Road
How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer | Ars Technica
Critics slam SSL authority for minting certificate for impersonating sites | Ars Technica
obsolete?
How to obtain and install an SSL/TLS certificate, for free | Ars Technica
Web served, part 2: Securing things with SSL/TLS | Ars Technica
BetterCrypto⋅org
Cipherli.st - Strong Ciphers for Apache, nginx and Lighttpd
Generate Mozilla Security Recommended Web Server Configuration Files
Deploying HTTPS: The Green Lock and Beyond (Chrome Dev Summit 2015) - YouTube
Mythbusting HTTPS: Squashing security’s urban legends - Google I/O 2016 - YouTube
Roland Bracewell Shoemaker: Let's Encrypt -- What launching a free CA looks like - YouTube
Let's Encrypt with J.C. Jones - YouTube
HSTS
HTTP Strict Transport Security - Wikiwand: always use HTTPS
HSTS Preload List Submission
Mutual TLS/mTLS
A Kubernetes engineer's guide to mTLS
Mutual TLS | The Backend Engineering Show - YouTube
The Cloudflare mTLS vulnerability - A Deep Dive Analysis - YouTube
SSL checkers
Best SSL Testing Tools for your Website - Grace Themes
Online Tool to Test SSL, TLS and Latest Vulnerability - Geekflare
Qualys SSL Labs
Free SSL Checker Tool - Check SSL Certificate
SSL Certificate Checker - Diagnostic Tool | DigiCert.com
SSL Security Test | Scan Web and Email Server SSL TLS STARTTLS Encryption
SSL Checker
trimstray/htrace.sh: My simple Swiss Army knife for http/https troubleshooting and profiling.
sslyze | Kali Linux Tools
nabla-c0d3/sslyze: Fast and powerful SSL/TLS scanning library.
Man-in-the-Middle (MITM)
Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception
How to Man in the Middle HTTPS Using mitmproxy - Earthly Blog
HTTPS/TLS Proxy | NetworkAcademy.io
What is a TLS Proxy? Definition & FAQs | Avi Networks
Rebex TLS Proxy (free) - Rebex.NET
Perfect Forward Secrecy (PFS)
SSL Enabling Forward Secrecy | DigiCert.com
Issues
How to Change Certificate Without Downtime - DZone DevOps
CA
As it turns out, CA may not be trust-worthy after all. There are many instances of CA issuing fraudulent certificates (willingly or being hacked).
https 技术鉴赏 - YouTube
How CT Works : Certificate Transparency the issuance of cert is accompanied by a SCT record on blockchain
RFC 9162: Certificate Transparency Version 2.0
certificate-transparency/docs/SCTValidation.md at master · google/certificate-transparency · GitHub
How CT Works : Certificate Transparency
Engineering deep dive: Encoding of SCTs in certificates - Let's Encrypt
What is Certificate Transparency? - SSL Certificates - Namecheap.com
How the Comodo certificate fraud calls CA trust into question | Ars Technica
Google warns of unauthorized TLS certificates trusted by almost all OSes [Updated] | Ars Technica
Google Chrome will banish Chinese certificate authority for breach of trust | Ars Technica
Trust issues: Know the limits of SSL certificates | InfoWorld
Free public certificate authorities: Nice idea, big flaw | InfoWorld
http://arstechnica.com/search/?ie=UTF-8&q=+Certificate+Authorities
Heartbleed (2014)
see
web-security.md#heartbleed
Renegotiation Gap (2009)
Truth in SOA: Really Understanding the SSL/TLS Vulnerability (Part 1)
Localhost certs
FiloSottile/mkcert: A simple zero-config tool to make locally-trusted development certificates with any names you'd like.
Why and How to Use HTTPS in Your Local Development Environment
Free SSL Certs
SSL For Free - Free SSL Certificates in Minutes
Let's Encrypt
How To Get A Trusted SSL Certificate for FREE (Works 2020) - YouTube
How to Install Free SSL From Let’s Encrypt on Shared Hosting
Let's Encrypt
Let's Encrypt
How It Works
Technology
letsencrypt
Let's Debug
Let's Encrypt Status
The CA's Role in Fighting Phishing and Malware - Let's Encrypt - Free SSL/TLS Certificates
Automatic HTTPS — Caddy Documentation
Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
Staging Environment - Let's Encrypt - Free SSL/TLS Certificates
https://acme-staging-v02.api.letsencrypt.org/directory
The Changelog #243: Let's Encrypt the Web with Jacob Hoffman-Andrews | Changelog
Let's Encrypt Demo - YouTube
Let’s Encrypt Your Docker Dan’s Trial & Errno
Docker, Nginx & Letsencrypt: Easy & Secure Reverse Proxy
How to setup your website for that sweet, sweet HTTPS with Docker, Nginx, and letsencrypt
SSL with Docker Swarm, Let's Encrypt and Nginx
Nginx and Let’s Encrypt with Docker in Less Than 5 Minutes
How To Secure a Containerized Node Application with Let's Encrypt | DigitalOcean
Enabling HTTPS with Let's Encrypt on Docker - BROS - Medium
Generate free SSL certificates with Docker and LetsEncrypt | Tit Petrič
How to Set Up Free SSL Certificates from Let's Encrypt using Docker and Nginx
certbot-docker/certbot-docker: Source files for Certbot's Docker images
JrCs/docker-letsencrypt-nginx-proxy-companion: LetsEncrypt companion container for nginx-proxy
linuxserver/docker-letsencrypt
staticfloat/docker-nginx-certbot: Create and renew website certificates using the Letsencrypt free certificate authority.
Two domains on one droplet with one SSL certificate | DigitalOcean
How To Secure Nginx with Let's Encrypt on Ubuntu 16.04 | DigitalOcean
Let's Encrypt with HAProxy
Let's Encrypt on Raspberry Pi
adventures in haproxy: tcp, tls, https, ssh, openvpn
Setting up HTTPS on Nginx using Let’s Encrypt – Frederik Banke – Medium with Docker and certbot
How to configure Nginx with free Let’s Encrypt SSL certificate on Debian or Ubuntu Linux
Clients
integrating Let's Encrypt client into a private DNS server is cool
ACME Client Implementations - Let's Encrypt
Certbot docs previously letsencrypt/letsencrypt-auto
User Guide — Certbot.documentation
如何免费的让网站启用 HTTPS | | 酷 壳 - CoolShell
Complete guide to configure SSL on Nginx with Let's Encrypt (Ubuntu/Centos/RHEL) - LinuxTechLab
diafygi/acme-tiny: A tiny script to issue and renew TLS certs from Let's Encrypt
xenolf/lego: Let's Encrypt client and ACME library written in Go Used in Caddy
Daplie/node-letsencrypt: letsencrypt for node.js
DylanPiercey/auto-sni: Free, automated HTTPS for NodeJS made easy.
acme-client
kelunik/acme-client: Let's Encrypt / ACME client written in PHP for the CLI.
Enabling free SSL on Hostinger shared hosting | Kenrick's Notes
iamshreeram/php-ssl-installer: Installing SSL certificate in hostinger
php bin/acme issue --domains [colon-separated domain names] --path [colon-separated full path to domain root]acme.sh
acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
LetsEncrypt SSL cert on GoDaddy Shared Hosting with No Root and No nc --deploy, then add cron jobs
acme.sh --issue -d $DOMAIN -w /home/wwwroot/$DOMAIN
# acme.sh --deploy -d example.com --deploy-hook cpanel_uapi
~/.acme.sh/$DOMAIN/$DOMAIN.cer # cert
~/.acme.sh/$DOMAIN/$DOMAIN.key # private key~/.acme.sh/acme.sh --cron --home ~/.acme.sh --force 2>&1 >> ~/.acme.sh/cronlog.txtCloudflare
How to Get a FREE SSL Certificate with Hostinger - YouTube
- create Cloudflare account
- point to a domain with records
- enable Let's Encrypt
CloudFlare Protection on Hostinger
For 1 CloudFlare Protection plan, you can only use it for 1 website/domain and all its subdomains as long as the domain/website is pointed to us.
We use Cloudflare’s free plan here at Hostinger. It does provide you with these features:
- DDoS attack mitigation
- Global Content Delivery Network (CDN)
The main differences between using Cloudflare with Hostinger directly with and Cloudflare.com are:
- DNS zone can be fully managed from Hostinger side – so you don’t need to worry about updating DNS Records in different places: all of your domain’s DNS management will be in one place
- All main setting of Cloudflare can be found in hPanel – so changing security level will only take a few clicks
- One time activation fee – and Cloudflare will secure your domain and all of your subdomains as long as your domain is hosted with us 💜
SSL for Free
SSL For Free - Free SSL Certificates in Minutes
Heroku
Announcing Heroku Free SSL Beta and Flexible Dyno Hours | Heroku
Let's Encrypt and Heroku [Solved] - Server - Let's Encrypt Community Support
Let's Encrypt with a Rails app on Heroku // Collective Idea | Crafting web and mobile software based in Holland, Michigan
Use Let’s Encrypt TLS certificate on Heroku — Sikachu’s Blog — Medium
SSL Endpoint | Heroku Dev Center
Set up CloudFlare's free SSL on Heroku
Standards
RFC 2986 - PKCS #10: Certification Request Syntax Specification Version 1.7
RFC 3447 - Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
RFC 5958 - Asymmetric Key Packages
RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0
RFC 7525 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
RFC 7292 - PKCS #12: Personal Information Exchange Syntax v1.1