enigmabridge | 5 years ago | on: Show HN: Real-time uptime monitor of Let's Encrypt
enigmabridge's comments
enigmabridge | 5 years ago | on: Show HN: Real-time uptime monitor of Let's Encrypt
Just to clarify - it doesn't monitor your certs. It actually measures the performance of the Let's Encrypt CA.
We purchased 400 domain names to get round rate limits so we can request 80,000 certs / week and measure the uptime and latency.
enigmabridge | 6 years ago | on: Czech Passive Radar Detecting B-2 at 150 miles (2015)
You don't necessarily need the aircraft to emit any signals, you may be able to detect changes in the background RF emissions reflected or distorted by the aircraft. It would have to be enormously CPU expensive but if you can correlate changes in tens or hundreds of frequencies, I can imagine it could be done.
enigmabridge | 6 years ago | on: Safari will no longer trust certs valid for more than 13 months
Apple Drops SSL/HTTPS Bomb - Forget Long Certificates
https://keychest.net/stories/apple-drops-sslhttps-bomb-forge...
enigmabridge | 8 years ago | on: Show HN: Automatic Discovery for Let's Encrypt Certificate Monitoring
I kind of hoped that the background video would be better than text description. I try to think of the main reason for that but probably as we believe the main difference is the quick server enrolment and ongoing automation of that.
Still working on this - it's incredibly hard to reach out to people who need this kind of tool.
enigmabridge | 8 years ago | on: Show HN: Automatic Discovery for Let's Encrypt Certificate Monitoring
Sure, sorry, I'm not quite sure how it should work here. The signup page has a background video what the account looks like inside.
BTW: if you signup and want to remove your account later, just drop us a line at [email protected] .
Demo video: https://vimeo.com/228584972
It is a cert expiry monitoring tool (but it does more thorough checks in regular intervals as well). In terms of main features:
Spot Checks (no sign-up needed - you can test it at https://keychest.net - an instant feedback to get the configuration of a new server right as quickly as possible. It will tell you if your server uses the correct certificate, whether it sends a complete trust chain, the HSTS configuration, or whether IPv6 works as expected (9-10 basic tests to verify your config).
Server/domain enrolment - a) a server at a time (URL & port), b) bulk enrol (50 servers at a time, one per line) c) "active domain" - you set your domain name, KeyChest will automatically discover and keep discovering all servers/certs in all sub-domains.
Scanning & monitoring - DNS resolve, discovery of new certificates, direct tests of servers (TLS handshakes) - intervals are described in the User Manual inside your account.
Enterprise features (user management, internal networks, custom root certs, independent scanners) are not available here.
enigmabridge | 8 years ago | on: Let’s Encrypt in the spotlight
Looks really nice! But starting at $395/yr sounds steep.
enigmabridge | 8 years ago | on: Let’s Encrypt in the spotlight
I agree, but you could say that any of major issuers was reputable 2, 5, ... years into issuing certificates. Being new doesn't mean you're better long term.
But I personally like the fact there's much less commercial pressure on LE - for the time being at least.
enigmabridge | 8 years ago | on: Let’s Encrypt in the spotlight
Followed by a link to a page with all the limits we could find.
enigmabridge | 8 years ago | on: Let’s Encrypt in the spotlight
Funny enough, the page with a full analysis didn't get any upvotes. It seems that a short summary is more interesting.
page 1
No - there wasn't bug in our code on Thu morning and the wall didn't deserve the words. It was an actual downtime that we detected 11 minutes before Let's Encrypt.