CertSimple Blog

Web Development, DevOps and Infosec Tips

'You can't use Brotli for dynamic content'

Onion TLS/SSL certificate updates

Break the web.

The ultimate guide to deploying your node app on Linux

CERT COMMON NAME INVALID doesn't mean what you think it does

HAProxy in 2018

How to diagnose and troubleshoot JavaScript async/await issues

Chrome's 'Secure' indicator was designed to make users proceed on any HTTPS site

Better HTTPS verification for smaller companies

How to flatten JavaScript

ES2017's async/await is the best thing to ever happen to JavaScript

ECDSA HTTPS certificates are faster and more secure. Here's where you (still) can't use them.

Adding EV HTTPS prechecks for 7 new countries, and a new US state

An nginx config for 2017

CertSimple 5: 'Doing Business As' support, instant rekeying, flat pricing

Ignore your CA: 'Single domain' and 'multi domain' HTTPS certificates are the same thing

It's happened: current Chrome is warning users about insecure pages

CertSimple now defaults to ECC

Safe ECC curves for HTTPS are coming sooner than you think

Automating the non-automatable

Find love overseas

Why you're always at least two steps down your HTTPS certificate chain

Encryption Everywhere: Symantec announce free DV certs via partners.

5700 upvotes later: be careful about crypto advice from Reddit.

Unix things web developers often struggle with - and how to fix them

Why 'site seals' are even worse than you thought

HTTPS provides more than just privacy

Why people who know better still say 'SSL'. And 'hoverboard'.

Domain validated HTTPS certs issued for google.com.mg and google.com.im

You won't remember the options for OpenSSL, so here's bash shortcuts for everything.

What web developers should know about HTTPS but probably don't.

Who your browser trusts, and how to control it.

Domain validated HTTPS will soon be free from the large CAs

Wireshark 2 is the simplest way to inspect HTTPS on your Mac

CertSimple 3: realtime EV HTTPS validation, webcrypto, and Delaware!

node.js v4 gets an A+ for SSL Labs with no configuration

Never see localhost HTTPS warnings again

Practical prevention of web shenanigans with Content Security Policy

How we fixed EV validation outside the US

Why we don't sell domain validated HTTPS certificates

HTTPS tools we wish we'd known about earlier

Edge uses a hollow gray lock for domain validated HTTPS

A no-bull technical guide to EV HTTPS

Strange things are afoot with Symantec's search results injection

Checking your order before you pay

Symantec stopped upselling IE5 support in 2015

Why your 'A' grade HTTPS is 'outdated cryptography' on Chrome

Six weeks in

We're recreating the Unix Rosetta Stone for 2015

So you're making an RSA key for an HTTPS certificate. What key size do you use?

Why there's junk in your whois results, and how you can get rid of it

EV HTTPS in the Fortune 500

Your OpenSSL CSR command is out of date

Implementing Mozilla's recommended HTTPS settings on node & npm

How to get A+ on the SSL Labs test in node.js

Why can't I get a wildcard EV certificate?

Do EV certificates provide better encryption than non-EV certificates?