Web servers and encryption

SSL has been a standard feature of commercial websites for a long time.  And yet configuring SSL perfectly is not a straightforward task.  In this article, we will show a recipe approach to creating the perfect SSL configuration for your webserver.

First a few reasons why we should do this.  Security is an obvious goal, and poorly configured SSL can give an illusion of security, or it could even create worse security problems.

A tricky mistake with Spring static resources

Websites rely on static resources such as CSS files, JavaScript files, and images.  It's ideal if the application server serves those files efficiently, allows them to be cached by the browser, and doesn't apply security rules to them.

In a Spring application, the dispatcher servlet is normally mapped to /*.  Therefore, it needs to find a Controller for every path.  Setting up a controller for every CSS file is not the way to go.  In our WebSecurityConfigurerAdapter, we use:


This is the scenario: you are writing a mobile app which must make web service calls (such as SOAP or other types) to a server which you are also developing.  This is a common scenario today.

The problem is, how do you test that?  The server code is running on a development machine with a non-public IP address, and the mobile code is running on real devices which can only access public IP addresses.

Our goal

As always, it is best to start with a clear picture of the result.

We would like to use a web application to monitor some external condition.  By "external", this could be the status of a file on a file system, some activity by FTP, an incoming email, or other conditions.  In fact it could be anything which is supported by Spring Integration, and Spring Integration supports dozens of different external systems.  They appear to Spring Integration in roughly the same way.  The only difference is in how the external interface is configured.

About two years ago around 5AM, I was awake planing the day ahead in my head while contemplating getting up. Suddenly the entire bed shook violently a pause and then again. Ever since then I maintained and avid interest in emergency preparedness.When I heard about the CERT training program offered by the Fire Department in a Nationwide effort to promote preparedness training, an undertaking funded by FEMA; I decided to enroll for the program. The only cost to me three Saturdays of my time.

  • Consumer electronics have a short life.  Laptops in particular seem to last only a short time, due to the constant movement.  Sooner or later, you are likely to have a dead laptop with live data on it.  Fortunately, it is not difficult to recover data.
  • My laptop was running Ubuntu, so this is a recovery from ext4 format.
  • Complicating the recovery, the home directory is encrypted.
  • My aging HP EliteBook Folio 9470m finally died.  Actually it failed once, and I had it repaired, and then it failed again.

After quite a lot of thought, planning and effort, our new Drupal7 site is here, replacing our old company site.  All the old blog entries are gone for now.  The technical information in those old articles was out of date and we will be making new posts which are more current and relevant.