-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Here's the nginx config I use for my server. This setup tries
to be the most secure with HTTPS and HSTS with cert pinning.
Also, the cipher list is 100% forward secrecy and uses a strong
4096 dhparam.
Unfortunately, the only downside is that if you vi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 31.07.2015 at 01:05, Mike Forbes wrote:
> So now begins the task of trying to make HKPS and SSL and SKS all work
> together.
>
> Currently we're serving up our main pgp pages with our own SSL cert
> (https://pgp.net.nz)
>
> If we were to serv
On Fri, 31 Jul 2015 11:05:15 +1200
Mike Forbes wrote:
> If we were to serve this using the HKPS cert I imagine it would throw
> a certificate warning for most people who haven't imported the
> hkps.pool.sks-keyservers.net CA.
If you want to use hkps.pool.sks-keyservers.net with GnuPG you have to
Here is my nginx configuration that I use for my server. Obviously some
of it would need to be customized and it is setup to support my 3 SKS
nodes.
upstream sks_servers {
least_conn;
server 127.0.0.1:11371;
server xx.xx.xx.228:11371;
server xx.xx.xx.229:11371;
}
s
Hi, Mike,
> My question is, how have other people managed to get HKPS working
> together with their own SSL certs?
I'm doing this with the Apache web server for
https://keyserver.zap.org.au/, which is part of the SSL pool. Here
are the appropriate config file sections; hope this helps:
# For n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
We've managed to get an HKPS cert from Kristian (thanks!)
So now begins the task of trying to make HKPS and SSL and SKS all work
together.
Currently we're serving up our main pgp pages with our own SSL cert
(https://pgp.net.nz)
If we were to