Cloud Cultivator

How to disable TLS 1.0 on Apache or nginx

If your webserver is running Transport Layer Security (TLS) Version 1.0 on port 443, Cloud Cultivator will detect it. TLS 1.0 has several flaws. An attacker can cause connection failures which they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST (Browser Exploit Against SSL/TLS). As such, attackers can perform man-in-the-middle attacks and observe the encrypted traffic between the website and its visitors. This allows an attacker who has set up a ‘man-in-the-middle’ server to theoretically recover data that would normally be encrypted. The most likely attack…Continue readingHow to disable TLS 1.0 on Apache or nginx

Cloud Cultivator

Certificate changelog analysis

Cloud Cultivator has a unique feature which tracks changes of your SSL certificate over time. Think git for certs. Whether a new certificate has been issued, a new common name assigned to the certificate, or any number of other changes have happened to your certificate, Cloud Cultivator monitors the attributes of your certificate for changes and reports them to you. This is a robust way to track changes over time to your site’s certificate. This is a robust way for you to have an unbroken chain of event logs on…Continue readingCertificate changelog analysis

Cloud Cultivator

Certificate Expiry Notification Feature

Cloud Cultivator has a great feature which identifies and alerts you to SSL certificate expiry. By default, Cloud Cultivator will alert you if your site will expire in the next 30 days. If you want to change that default, you can choose any expiry between 8 to 180 days in the future. Cloud Cultivator will alert you about your expiring certificates every Tuesday. As you can see from this example, if I happen to set the certificate expiry to 79 days, I have a domain (this one) which is expiring…Continue readingCertificate Expiry Notification Feature

Cloud Cultivator

Adding a site to Cloud Cultivator

A quick show and tell about adding a new site to Cloud Cultivator monitoring. Adding a site in Cloud Cultivator is straight forward. Once you have logged, click “Add Sites” from the menu. From there, you can add any publicly available domain name (example.com) or IP address (34.217.174.226). You can also add a custom port (defaults to 443) if needed. Here are some examples which work. Once you create a site, Cloud Cultivator will immediately scan it and report back its configuration as well as seed the initial changelog with…Continue readingAdding a site to Cloud Cultivator

Cloud Cultivator

WordPress up and running

Just got this WordPress blog up and running with the following tools: WP CLI: http://wp-cli.org/ Let’s Encrypt: https://letsencrypt.org/ Certbot: https://certbot.eff.org/ To keep things up to date, here are my crons: #update letsencrypt certs 45 3 * * * certbot-auto renew #update wp 0 9 * * * cd /var/www/blog-cloudcultivator/ && wp db optimize && wp db repair && wp core update && wp core update-db && wp plugin update –all