blog/_posts/2011-09-08-running-on-ssl.md

---
permalink: "/{{ year }}/{{ month }}/{{ day }}/running-on-ssl"
title: running on ssl
published_date: "2011-09-08 00:31:00 +0200"
layout: post.liquid
data:
  route: blog
---
Even though the [SSL][] and [CA][] system is totally broken right now, I finally got my blog as well as my [etherpad][] served over SSL:

* [https://fnordig.de][https]
* [https://pad.fnordig.de][pad]

My SSL certificate is signed by [cacert][] (they approved me at last year's FrOSCon).

If you're using nginx, all you need to do is adding the following lines to your config:

    listen  443 ssl;
    ssl_certificate      /path/to/your/cert.pem;
    ssl_certificate_key  /path/to/your/key.pem;
{:lang="text"}


If you followed some of the latest news around the scene, you probably heard of the [diginotar debacle][diginotar]. This should make clear how broken the system is and how unsecure these SSL certificates can be with all those CAs around.

For more information on the CA system and how it could be replaced by a more robust and secure infrastructure watch [SSL And The Future Of Authenticity][blackhat] by [Moxie Marlinspike][moxie] from this year's Blackhat Conference.

[cacert]: http://www.cacert.org/
[ssl]: http://en.wikipedia.org/wiki/Secure_Sockets_Layer
[blackhat]: http://www.youtube.com/watch?v=Z7Wl2FW2TcA
[diginotar]: https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
[ca]: http://en.wikipedia.org/wiki/Certificate_authority
[etherpad]: https://github.com/Pita/etherpad-lite
[pad]: https://pad.fnordig.de/
[https]: https://fnordig.de/
[moxie]: http://www.thoughtcrime.org/
Surround frontmatter, above and below, with --- 2018-12-22 16:52:16 +00:00			`---`
fix: Upgrade to cobalt#346 2018-01-01 19:04:05 +00:00			`permalink: "/{{ year }}/{{ month }}/{{ day }}/running-on-ssl"`
new post: running on ssl 2011-09-07 22:50:54 +00:00			`title: running on ssl`
fix: Upgrade to cobalt#346 2018-01-01 19:04:05 +00:00			`published_date: "2011-09-08 00:31:00 +0200"`
			`layout: post.liquid`
			`data:`
			`route: blog`
new post: running on ssl 2011-09-07 22:50:54 +00:00			`---`
			`Even though the [SSL][] and [CA][] system is totally broken right now, I finally got my blog as well as my [etherpad][] served over SSL:`

			`* [https://fnordig.de][https]`
			`* [https://pad.fnordig.de][pad]`

			`My SSL certificate is signed by [cacert][] (they approved me at last year's FrOSCon).`

add nginx config example for ssl 2011-09-07 22:53:14 +00:00			`If you're using nginx, all you need to do is adding the following lines to your config:`

			`listen 443 ssl;`
			`ssl_certificate /path/to/your/cert.pem;`
			`ssl_certificate_key /path/to/your/key.pem;`
			`{:lang="text"}`


new post: running on ssl 2011-09-07 22:50:54 +00:00			`If you followed some of the latest news around the scene, you probably heard of the [diginotar debacle][diginotar]. This should make clear how broken the system is and how unsecure these SSL certificates can be with all those CAs around.`

			`For more information on the CA system and how it could be replaced by a more robust and secure infrastructure watch [SSL And The Future Of Authenticity][blackhat] by [Moxie Marlinspike][moxie] from this year's Blackhat Conference.`

			`[cacert]: http://www.cacert.org/`
			`[ssl]: http://en.wikipedia.org/wiki/Secure_Sockets_Layer`
			`[blackhat]: http://www.youtube.com/watch?v=Z7Wl2FW2TcA`
			`[diginotar]: https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it`
			`[ca]: http://en.wikipedia.org/wiki/Certificate_authority`
			`[etherpad]: https://github.com/Pita/etherpad-lite`
			`[pad]: https://pad.fnordig.de/`
			`[https]: https://fnordig.de/`
			`[moxie]: http://www.thoughtcrime.org/`