Posts with tag “tls”

RSS feed for tag “tls”

Replacing the TLS certificate on a Synology NAS via the command line

Yesterday was the day that the TLS certificate of my Synology NAS expired. And since I have no monitoring to alert me, I only found out today. The bad news: HSTS was also enabled so my browser did not want to connect, even though I told it to ignore the invalid certificate. The good news: the SSH service was enabled. This allowed me to fix this situation via the command line interface (CLI).

OCSP Stapling in Nginx

The Heartbleed bug triggered a review of the configuration of my own web server. As a result I discovered that I had my Online Certificate Status Protocol (OCSP) stapling configured wrong. In this article I will briefly explain OCSP and OCSP stapling, what I had done wrong and what is a—as far as I know now—right way to implement OCSP stapling in Nginx.