There is only one way I know of to get free functional legitimate SSL encryption for your web server, and that’s through StartCom’s StartSSL service. You can get a free “class 1” certificate that will work out of the box in Firefox and Safari. Microsoft hasn’t added StartCom to IE, so people browsing to your site will have to specifically add StartCom’s authority certificate (instructions) (or ignore security warnings).

UPDATE: I am told as of Sept ’09, IE will include StartCom, yay! See comments for more…

Every year I have to renew my websites’ certificates, and the process is a bit clunky. Here’s a summary for next time around…

• Sign up at the site; they will issue an [S/MIME client certificate] and “install it into your browser”; make sure you keep the stupid thing backed up, it’s the ONLY WAY BACK IN to your account! Here are backup instructions from their FAQ:

  Firefox: Select "Preferences" -> "Advanced" -> "Encryption" -> "View Certificates -> Your Certificates" and locate your certificate from the list. The certificate will be listed under StartCom Ltd. with "StartCom Free Certificate Member" as its name if this is your first one. Select the certificate and click on "Backup", choose a name for this backup file, provide a password and save it at a known location. Now you should either burn this file to a CD ROM or save it on a USB stick or smart card. Thereafter delete this file from your computer.

• Every year, request to renew your S/MIME client certificate, as it expires; back it up to a safe place
• Request to renew your domain certificate; provide a password; an ssl.key is generated
• Use openssl to create a no-password key:
  openssl rsa -in ssl.key.passphrase -out ssl.key.nopassphrase
• Grab the official StartCom certificates from https://www.startssl.com/certs/
  sub.class1.server.ca.pem
  ca.pem
• WAIT for confirmation of your certificate (you’ll get an email)
• Return to the website, log in, go to Tool Box -> Retrieve Certificate, save as ssl.crt
• Set up apache to use ’em!

  
      SSLEngine on
      SSLCertificateFile /path_to_certs/2009-2010/ssl.crt
      SSLCertificateKeyFile /path_to_certs/2009-2010/ssl.key
      SSLCertificateChainFile /path_to_certs/2009-2010/sub.class1.server.ca.pem
      SSLCACertificateFile /path_to_certs/2009-2010/ca.pem
  

That’s the basics but it should be enough to help me through annual renewal. *sigh*…

My Forms for Portals project is a simple collection of forms to help you quickly access google, dictionary, wikipedia, imdb, maps, yellow pages, etc. from your own web pages. I’ve mentioned my portal before, hopefully the new article makes it all easily digestible (and yummy!). It’s a reaaally oldskool approach, yet still pretty useful IMHO.

And just so I’m eating my own dog food…

I recently discovered [mod_deflate], which compresses webserver content before sending it out – if you’re not using it you should really check it out. I turned it on and it worked flawlessly for me, with two exceptions.

1. Server-side includes
   These just did not play well together out of the box…
2. PHP and Perl “streaming” output
   I have some scripts, most notably imagescraper, that need to stream the html in the results page as it is computed, not all at once AFTER it is built, as mod_deflate requires.

Turning off [mod_deflate] is trivial. I used the no-gzip environment variable as follows:

# MDM This is to disable [mod_deflate] for imagescraper, so we don't try to compress the streaming results...

    SetEnv no-gzip 1


# MDM Drop this into a virtual host block to TURN OFF [mod_deflate], so it doesn't break SSI.
SetEnv no-gzip 1

0.5.11 was reviewed and approved, which makes it public. This is great for two reasons:

• Users can install the addon without logging in to mozilla.org
• Users will get live updates to the latest approved version

This is VERY good stuff. To put it in perspective, I had a couple hundred downloads this morning, and I’ve been watching that number jump by 100 every hour or two – it’s currently over 600. Exciting times for my little addon!

I released 0.5.12 by request to address more international google URLS (eg, google.fr). The nice guy that requested it even donated $10 afterwards. A good day all around. :>

Avelsieve is a really nicely done web interface for email rules. It is a plugin for Squirrelmail, a tried-and-true webmail client, that works with a cyrus IMAP server, another old dog that is a nightmare to install but gets the job done no matter what it is.

The system has been handling my email for years, but for the past few months, I haven’t been able to get Avelsieve to edit my email rules. It’s very picky about compatibility. Today I finally dug in and fixed that. Apparently cyrus updates broke avelsieve, but there’s a workaround. Turned out to be one line in the avelsieve config file, updated as follows:

# MDM Will this fix the problem of not decoding scripts?
# MDM YES!  IT DOES!  Thank goodness.
# see http://thread.gmane.org/gmane.mail.squirrelmail.plugins/14106
#$avelsieve_disabletls = false;
$avelsieve_disabletls = true;

Yay! My pretty and powerful email rules are back!