Secure and harden Apache Tomcat’s SSL/TLS

13 May, 201510 Apr, 2016 Ben2 Comments

Introduction In this guide I will walk through the process of hardening HTTPS connectors used by Apache Tomcat. As unfortunately the default configuration of Ubuntu 14.04 LTS using Tomcat 7 and OpenJDK 7 are vulnerable to a number of attacks and weak encryptions. You can test your own site’s HTTPS implementation against these weaknesses at… Continue reading Secure and harden Apache Tomcat’s SSL/TLS

Create self-signed certificates for HTTPS with Apache Tomcat

9 May, 201513 May, 2015 Ben4 Comments

This entry will guide through the process of creating a self-signed certificate to use on an Apache Tomcat 7 or 8 HTTPS connector. Self-signed certificates allow secure, encrypted HTTPS connections but are not certified by any trusted certificate authority. So first time client connections will receive all kinds of warnings from their web browser. Because of… Continue reading Create self-signed certificates for HTTPS with Apache Tomcat

Security · Windows

KeePass 2, Password Management

17 Nov, 201317 Nov, 2013 BenLeave a comment

With the recent admission from Adobe that it lost over 150 million user accounts from its online database in October. I thought it would be wise to go over my tool of choice for password management, KeePass. In the case of the Adobe breach hackers managed to get the email addresses, passwords, credit/debit card details… Continue reading KeePass 2, Password Management