{"id":27287,"date":"2017-02-01T20:16:46","date_gmt":"2017-02-01T18:16:46","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=27287"},"modified":"2017-02-01T20:16:46","modified_gmt":"2017-02-01T18:16:46","slug":"dissecting-an-ssl-certificate","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/","title":{"rendered":"Dissecting an SSL certificate"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"https:\/\/jvns.ca\/\">Julia Evans<\/a> does it again. \u00a0If you ever wanted to understand SSL certificates, her post &#8220;<a href=\"https:\/\/jvns.ca\/blog\/2017\/01\/31\/whats-tls\/\">Dissecting an SSL certificate<\/a>&#8221; is for you. \u00a0 This part made me smile:<\/p>\n<blockquote><p>Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion settings. <a href=\"https:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=mail.google.com&amp;s=216.58.194.165&amp;hideResults=on\">Here is an example of an SSL Labs result for mail.google.com<\/a>. There is all this stuff like <code>OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256<\/code> on that page (for real, that is a real thing.). I\u2019m happy there are tools like SSL Labs that help mortals make sense of all of it.<\/p><\/blockquote>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>Julia Evans does it again. \u00a0If you ever wanted to understand SSL certificates, her post &#8220;Dissecting an SSL certificate&#8221; is for you. \u00a0 This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Dissecting an SSL certificate<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Dissecting an SSL certificate #SSL #security #WebDev #SysAdmin","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_links_to":"","_links_to_target":""},"categories":[1,133,62,1334],"tags":[3487,3427,200,3413,1330],"keyring_services":[],"class_list":["post-27287","post","type-post","status-publish","format-standard","hentry","category-general","category-sysadmin","category-technology","category-web-work","tag-julia-evans","tag-lets-encrypt","tag-security","tag-ssl","tag-web-development"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"Julia Evans does it again. If you ever wanted to understand SSL certificates, her post &quot;Dissecting an SSL certificate&quot; is for you. This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Leonid Mamchenkov\"\/>\n\t<meta name=\"google-site-verification\" content=\"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Leonid Mamchenkov - Life, universe, and everything else\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Dissecting an SSL certificate - Leonid Mamchenkov\" \/>\n\t\t<meta property=\"og:description\" content=\"Julia Evans does it again. If you ever wanted to understand SSL certificates, her post &quot;Dissecting an SSL certificate&quot; is for you. This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2017-02-01T18:16:46+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2017-02-01T18:16:46+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MamchenkovBlog\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Dissecting an SSL certificate - Leonid Mamchenkov\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Julia Evans does it again. If you ever wanted to understand SSL certificates, her post &quot;Dissecting an SSL certificate&quot; is for you. This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@mamchenkov\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#blogposting\",\"name\":\"Dissecting an SSL certificate - Leonid Mamchenkov\",\"headline\":\"Dissecting an SSL certificate\",\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#articleImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"},\"datePublished\":\"2017-02-01T20:16:46+02:00\",\"dateModified\":\"2017-02-01T20:16:46+02:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#webpage\"},\"articleSection\":\"All, Sysadmin, Technology, Web work, Julia Evans, Let's Encrypt, security, SSL, web development\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/sysadmin\\\/#listItem\",\"name\":\"Sysadmin\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/sysadmin\\\/#listItem\",\"position\":3,\"name\":\"Sysadmin\",\"item\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/sysadmin\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#listItem\",\"name\":\"Dissecting an SSL certificate\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/#listItem\",\"name\":\"Technology\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#listItem\",\"position\":4,\"name\":\"Dissecting an SSL certificate\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/category\\\/technology\\\/sysadmin\\\/#listItem\",\"name\":\"Sysadmin\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#personImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/\",\"name\":\"Leonid Mamchenkov\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g\",\"width\":96,\"height\":96,\"caption\":\"Leonid Mamchenkov\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#webpage\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/\",\"name\":\"Dissecting an SSL certificate - Leonid Mamchenkov\",\"description\":\"Julia Evans does it again. If you ever wanted to understand SSL certificates, her post \\\"Dissecting an SSL certificate\\\" is for you. This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/2017\\\/02\\\/01\\\/dissecting-an-ssl-certificate\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/author\\\/leonid\\\/#author\"},\"datePublished\":\"2017-02-01T20:16:46+02:00\",\"dateModified\":\"2017-02-01T20:16:46+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/\",\"name\":\"Blog of Leonid Mamchenkov\",\"description\":\"Life, universe, and everything else\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/mamchenkov.net\\\/wordpress\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Dissecting an SSL certificate - Leonid Mamchenkov","description":"Julia Evans does it again. If you ever wanted to understand SSL certificates, her post \"Dissecting an SSL certificate\" is for you. This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion","canonical_url":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"google-site-verification":"VHvdD0_usx1_4DzKy_QCVcICVgX2EgA2ybELT-wl7kQ","miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#blogposting","name":"Dissecting an SSL certificate - Leonid Mamchenkov","headline":"Dissecting an SSL certificate","author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"},"image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#articleImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"},"datePublished":"2017-02-01T20:16:46+02:00","dateModified":"2017-02-01T20:16:46+02:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#webpage"},"isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#webpage"},"articleSection":"All, Sysadmin, Technology, Web work, Julia Evans, Let's Encrypt, security, SSL, web development"},{"@type":"BreadcrumbList","@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","position":1,"name":"Home","item":"https:\/\/mamchenkov.net\/wordpress","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","position":2,"name":"Technology","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/sysadmin\/#listItem","name":"Sysadmin"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/sysadmin\/#listItem","position":3,"name":"Sysadmin","item":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/sysadmin\/","nextItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#listItem","name":"Dissecting an SSL certificate"},"previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/#listItem","name":"Technology"}},{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#listItem","position":4,"name":"Dissecting an SSL certificate","previousItem":{"@type":"ListItem","@id":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/sysadmin\/#listItem","name":"Sysadmin"}}]},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/#person","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#personImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"Person","@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author","url":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/","name":"Leonid Mamchenkov","image":{"@type":"ImageObject","@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/3cf6df002a284d78fb6e9d8222ca4d102e0832035ed6bc8447008bd234e131a4?s=96&d=identicon&r=g","width":96,"height":96,"caption":"Leonid Mamchenkov"}},{"@type":"WebPage","@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#webpage","url":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/","name":"Dissecting an SSL certificate - Leonid Mamchenkov","description":"Julia Evans does it again. If you ever wanted to understand SSL certificates, her post \"Dissecting an SSL certificate\" is for you. This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#website"},"breadcrumb":{"@id":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/#breadcrumblist"},"author":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"creator":{"@id":"https:\/\/mamchenkov.net\/wordpress\/author\/leonid\/#author"},"datePublished":"2017-02-01T20:16:46+02:00","dateModified":"2017-02-01T20:16:46+02:00"},{"@type":"WebSite","@id":"https:\/\/mamchenkov.net\/wordpress\/#website","url":"https:\/\/mamchenkov.net\/wordpress\/","name":"Blog of Leonid Mamchenkov","description":"Life, universe, and everything else","inLanguage":"en-US","publisher":{"@id":"https:\/\/mamchenkov.net\/wordpress\/#person"}}]},"og:locale":"en_US","og:site_name":"Leonid Mamchenkov - Life, universe, and everything else","og:type":"article","og:title":"Dissecting an SSL certificate - Leonid Mamchenkov","og:description":"Julia Evans does it again. If you ever wanted to understand SSL certificates, her post &quot;Dissecting an SSL certificate&quot; is for you. This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion","og:url":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/","og:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:secure_url":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg","og:image:width":1024,"og:image:height":1024,"article:published_time":"2017-02-01T18:16:46+00:00","article:modified_time":"2017-02-01T18:16:46+00:00","article:publisher":"https:\/\/www.facebook.com\/MamchenkovBlog","twitter:card":"summary_large_image","twitter:site":"@mamchenkov","twitter:title":"Dissecting an SSL certificate - Leonid Mamchenkov","twitter:description":"Julia Evans does it again. If you ever wanted to understand SSL certificates, her post &quot;Dissecting an SSL certificate&quot; is for you. This part made me smile: Picking the right settings for your SSL certificates and SSL configuration on your webserver is confusing. As far as I understand it there are about 3 billion","twitter:creator":"@mamchenkov","twitter:image":"https:\/\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2026\/03\/leonid-sailing-beer.jpg"},"aioseo_meta_data":{"post_id":"27287","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2023-07-20 04:22:50","updated":"2026-01-15 12:40:45","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/\" title=\"Technology\">Technology<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/sysadmin\/\" title=\"Sysadmin\">Sysadmin<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tDissecting an SSL certificate\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/mamchenkov.net\/wordpress"},{"label":"Technology","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/"},{"label":"Sysadmin","link":"https:\/\/mamchenkov.net\/wordpress\/category\/technology\/sysadmin\/"},{"label":"Dissecting an SSL certificate","link":"https:\/\/mamchenkov.net\/wordpress\/2017\/02\/01\/dissecting-an-ssl-certificate\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":21494,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/04\/10\/qualys-ssl-labs-ssl-server-test\/","url_meta":{"origin":27287,"position":0},"title":"Qualys SSL Labs : SSL Server Test","author":"Leonid Mamchenkov","date":"April 10, 2014","format":"link","excerpt":"Qualys SSL Labs : SSL Server Test This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26208,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/06\/27\/lets-encrypt-on-centos-7-and-amazon-ami\/","url_meta":{"origin":27287,"position":1},"title":"Let&#8217;s Encrypt on CentOS 7 and Amazon AMI","author":"Leonid Mamchenkov","date":"June 27, 2016","format":false,"excerpt":"The last few weeks were super busy at work, so I accidentally let a few SSL certificates expire. \u00a0Renewing them is always annoying and time consuming, so I was pushing it until the last minute, and then some. Instead of going the usual way for the renewal, I decided to\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":21567,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/04\/14\/ssl-labs-deploying-forward-secrecy\/","url_meta":{"origin":27287,"position":2},"title":"SSL Labs: Deploying Forward Secrecy","author":"Leonid Mamchenkov","date":"April 14, 2014","format":"link","excerpt":"SSL Labs: Deploying Forward Secrecy With revelations about mass surveillance in the news everywhere, an obscure feature of SSL\/TLS called\u00a0Forward Secrecy\u00a0has suddenly become very interesting. So what is it, and why is it so interesting now?","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26033,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/04\/18\/lets-encrypt-is-not-in-beta-anymore\/","url_meta":{"origin":27287,"position":3},"title":"Let&#8217;s Encrypt is not in Beta anymore","author":"Leonid Mamchenkov","date":"April 18, 2016","format":false,"excerpt":"Let's Encrypt - anew Certificate Authority, which is free, open, and automated - announced that it's leaving beta. \u00a0Just look at how many SSL certificates they've issued, and at what rate! I've first written about Let's Encrypt back in November 2014. \u00a0It hasn't been that long ago, but boy, what\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"Issuance-April-10-2016","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/04\/Issuance-April-10-2016-500x302.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":27586,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/14\/haproxy-sni\/","url_meta":{"origin":27287,"position":4},"title":"HAProxy SNI","author":"Leonid Mamchenkov","date":"May 14, 2017","format":false,"excerpt":"\"HAProxy SNI\" is pure gold! If you want to have a load balancer for HTTPS traffic, without managing SSL certificates on the said load balancer, there is a way to do so. The approach is utilizing the Server Name Indication (SNI) extension to the TLS protocol. \u00a0I knew about it\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":18258,"url":"https:\/\/mamchenkov.net\/wordpress\/2013\/05\/29\/gmail-ssl-error-and-local-time\/","url_meta":{"origin":27287,"position":5},"title":"Gmail SSL error and local time","author":"Leonid Mamchenkov","date":"May 29, 2013","format":false,"excerpt":"For a few minutes now I had this silly error showing up in my browser: \u00a0 That was really weird. \u00a0Especially considering that the time wasn't set to \"Monday, January 1, 2007 2:03:11 AM\". \u00a0A few minutes later however, the problem seems to be gone.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"Gmail SSL certificate error","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2013\/05\/gmail-security-500x246.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/27287","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=27287"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/27287\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=27287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=27287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=27287"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=27287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}