You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
The title is quite loaded, but they're all very good security technologies that I believe should be enabled on Neverball.org. The former two should be easy to set up. Let me break them down:
OCSP stapling is the modern and privacy-friendly way to do certificate revocation checks.
DNSSEC makes it so DNS responses can't be spoofed just like how it always should have been.
DANE allows users to trust your TLS certificate by an alternate means than the controversial certificate authority system.
I would be more than happy to help you set these up. OCSP stapling should be an HTTP server setting, DNSSEC is probably just a simple switch from "off" to "on" if your DNS provider is the same as your domain registrar (it looks like that is the case), and DANE requires two steps: publishing a TLSA record (which can be done from your registrar's web portal), and configuring your ACME client (certificate autorenewal program) to always reuse the same key when renewing certificates. You probably use Certbot, in which case it's a one-line configuration file change.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
The title is quite loaded, but they're all very good security technologies that I believe should be enabled on Neverball.org. The former two should be easy to set up. Let me break them down:
I would be more than happy to help you set these up. OCSP stapling should be an HTTP server setting, DNSSEC is probably just a simple switch from "off" to "on" if your DNS provider is the same as your domain registrar (it looks like that is the case), and DANE requires two steps: publishing a TLSA record (which can be done from your registrar's web portal), and configuring your ACME client (certificate autorenewal program) to always reuse the same key when renewing certificates. You probably use Certbot, in which case it's a one-line configuration file change.
Please let me know how I can help, and thank you!
Beta Was this translation helpful? Give feedback.
All reactions