BuyPass is a Norwegian Certificate Authority (CA) that provides various services including digital certificates and security authentication products. Recently, BuyPass launched an ACME-based automated certificate issuance service called BuyPass GO, similar to Let's Encrypt. The main difference from Let's Encrypt is that their certificates have a 180-day validity period per issuance—twice as long as Let's Encrypt's. Therefore, if you need to manually replace certificates for your service, BuyPass certificates are more convenient. Additionally, BuyPass currently doesn't support issuing wildcard certificates (commonly called wildcard certs?), requiring all domain names to be listed individually. (Though personally, if manual certificate replacement is needed,...

It has been 11 months since I last enabled TLS 1.3 for nginx. After nearly a year, many nginx-related programs and patches have undergone significant changes: OpenSSL has released beta versions of 1.1.1, with the latest being 1.1.1-pre8 (Beta 6) at the time of writing. nginx has been updated to version 1.15.1. Bugs in nginx's HPACK patch (HTTP header compression) have been fixed by subsequent patches. Using the original HPACK patch causes abnormal website access, manifesting as protocol errors when attempting to load subsequent pages after the first. A developer has released an OpenSSL patch enabling the latest OpenSSL to simultaneously support TLS 1.3 draft versions 23, 26, and 28. Lets Encrypt certificates now include Certificate Transparency information by default,...

Qualys SSL Labs is a website for testing server SSL functionality, often used as a reference when configuring servers. Typically, we only consider its rating (A+, A, B, C, D, E, F, T), where achieving A+ is considered excellent server configuration. However, SSL Labs also displays sub-scores next to the rating, and my main site hasn't maxed out all of them. What would it take to achieve perfect scores across all SSL Labs subcategories, and what practical significance does it hold? I installed nginx on a VPS not hosting any website and configured it to successfully achieve a perfect score, as shown in the image or here : For comparison, here's this site's rating (also viewable here ):...

Latest news from the CloudFlare blog ( http://blog.cloudflare.com/google-now-factoring-https-support-into-ranking-cloudflare-on-track-to-make-it-free-and-easy ) indicates that Google may factor in SSL support as a positive ranking signal. Therefore, I've enabled SSL for my blog. Applying for a Certificate SSL requires a certificate on the server side. It's best not to generate this certificate yourself, as most browsers will flag it as untrusted. StartSSL is currently the only trusted certificate authority that issues free SSL certificates recognized by most browsers. You can follow the steps in this article: http://www.freehao123.com/startssl-ssl/ . In practice, since StartSSL connections can be slow, following the wizard might cause the process to hang. If it hangs,...