List contents of jks keystore file

keytool list certificates

To list the content of jks keystore file used by tomcat web server, run command

It will ask Keystore password. Once you enter the password, it will list the contents of the file. In the above keystore, there are 5 certificates with names inter, root1, root2, ssl_tomcat2, and tomcat. To get detailed information on […]

Read More…

Lego – LetsEncrypt client

Lego is a Let’s Encrypt client and ACME library written in Go. https://github.com/go-acme/lego Install Lego To install go to the release page, download the latest version.

Create SSL certificate To create an SSL certificate, run

Renew SSL certificate To renew the SSL certificate, stop the webserver

Now run

Start webserver after […]

Read More…

Apache Auto Renew SSL on Password Protected site

I have a web site that is password protected using Apache basic autenticiation. I used following code in Apache config to password protect.

The problem is when SSL need auto renew, it need url like http://domain/.well-known/ to be accessable with out any password for domain ownership verification. To allow .well-known folder to be accessable […]

Read More…

View SSL certficate Details

To view certificate details

For web server

Or

IMAP via SSL

POP3 via SSL

SMTP via SSL

SMTP via TLS/StartTLS

See SSL […]

Read More…

SSL Life Time Reduced to 397 days

Due to changes in Apple, Mozilla and Google Root Store Policies, as of September 1, 2020, newly issued SSL/TLS certificates with a validity period greater than 13 months (397 days) are prohibited by policy and will not be trusted. https://www.globalsign.com/en/blog/maximum-ssltls-certificate-validity-now-one-year https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/ […]

Read More…