In WordPress (v3.3), FORCE_SSL_LOGIN will transmit login credentials over SSL, however, the login page itself may be accessed over HTTP (as opposed to HTTPS). If the login page is accessed via HTTP, the user has no (easy) way of verifying that the page is legitimate and that the credentials will in fact be sent over… Continue reading WordPress – SSL login page without SSL admin
Tag: ssl
Verify that SSL caching is working
To verify that SSL caching is on, check the Session-ID across multiple sessions (i.e. resume/reconnect) – they should be the same: openssl s_client -host HOSTNAME -port 443 -reconnect | grep ‘Session-ID:’ The equivalent, using gnutls-cli should be: gnutls-cli -V -r HOSTNAME |grep ‘Session ID’
Using Wireshark to Debug FTPES through vsFTP
Using Wireshark to Debug FTPES through vsFTP While vsFTP is lightweight and has a relatively good track record, the verbosity of its logs is lacking. Without having an error logged, it can be considerably more difficult to find and resolve the problem. This issue is compounded when using an encrypted connection. After recently enabling FTP… Continue reading Using Wireshark to Debug FTPES through vsFTP
Configuring vsFTPd to use TLS
A typical FTP session, will send login information unencrypted. It is a fairly simple matter to configure vsftpd to use SSL/TLS and encrypt connections. You can either create a self-signed certificate for this purpose, or use an existing third-party issued certificate. Generate a self-signed certificate Firstly, we generate the private key (in this case, 2048… Continue reading Configuring vsFTPd to use TLS
Setting up SSL Login on WordPress
I decided that I wanted the login for this site to be over SSL/TLS, instead of unencrypted – at this time, I decided against having the admin area also running under SSL. This article describes how to accomplish the following: Preparation of private key and certificate signing request (CSR) Obtaining a free SSL certificate (from… Continue reading Setting up SSL Login on WordPress