Setting up mTLS and Kestrel (cont.)

In the last post we started talking about mTLS. In the post I pointed out that the client cert’s signing CA was not verified, let’s fix that!

Setting up mTLS and Kestrel

Pretty sure everyone at this point knows what TLS is, but what about mTLS? How is it different from TLS, what’s it used for?

CORS headers with dot net core 3

Setting up a blanket CORS for .net core 3 is pretty simple, figuring out how to test it took longer than I care to realize…

Updating a .net core Website’s Security Headers

GaProgMan tweeted recently about his A+ rating on securityHeaders.com. Checking my site, I could see there was room for improvement!

Going from an "A" to an "A+" on ssllabs.com

Previously I got docker working with nginx and let’s encrypt; this resulted in an “A” from ssllabs.com. Let’s see about getting that to an “A+”.

docker, nginx, and letsencrypt - website setup for that sweet, sweet HTTPS!

I’ve used letsencrypt in the past for free certs, but I have not successfully utilized it since moving over to docker/kestrel/nginx. That all changed today, and I had a hell of a time figuring out what I’m doing to get it working.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×