Skip to content

Tag: Security

Log Insight: SSL Certificate Management

I just concluded a three part series on how to backup and restore Log Insight. I just realized that I missed how to backup and restore the SSL certificate on the Log Insight virtual appliance. I will address this oversight in this post and then update the previous posts.
As you know, Log Insight is primarily used through its HTML5 interface. By default, Log Insight ships with a unique SSL certificate per appliance. The Administration section of the Log Insight UI allows a user to upload a PEM certificate to use in place of the self-signed certificate. In this post, I would like to discuss operations you may desire to perform in regards to SSL in Log Insight as well as share a script on how to properly manage all the available options.
li-logo

Log Insight 2.5: Role-Based Access Control

Log Insight has always been able to handle all the events within your environment, but now that it has Role-Based Access Control (RBAC) you can use a single instance to handle all roles within your organization. In this post, I will cover the new RBAC functionality and all the best practices.
UPDATE: This feature was introduced in LI 2.5 and the functionality remains the same in LI 3.0 and 3.3.
li-logo

Log Insight 2.5: No POODLE

There have been two major security vulnerabilities exposed this year that impacted most VMware products: ShellShock and POODLE. Log Insight addressed ShellShock by releasing a patch for Log Insight 1.5 GA, 2.0 GA and 2.5 TP3 and newer. In Log Insight 2.5 GA the POODLE attack has also been mitigated. In short, SSLv3 has been disabled. To my knowledge, this is the first VMware product with a server-side fix against POODLE that does not require manual user intervention. Note previous versions of Log Insight have not been patched. If you wish to disable SSLv3 on previous versions of Log Insight, read on.
no_poodle

Apache + SSL Certificates – Part 3

So, you are ready to purchase SSL certificates, did you know that not all SSL certificates are created equally? Let me start by taking a step back and asking an easier question, do you want your site to be available with and without a leading ‘www.’? Many people may not even consider the latter question relevant, but I assure you it is. Some people have a preference in that they always want the URL to either include the leading ‘www.’ or remove it while others do not care and want them both to work. In either case, a SSL problem may exist depending on the issuer of the SSL certificate.

Apache + SSL Certificates – Part 2

The problem with supporting multiple host names over SSL on the same server is that they each require a unique, static IP address. As many of you probably know, static IP addresses are not cheap and are not easy to come by. In order to get more than a single static IP address a justification form usually needs to be filled out. One thing you may not know about IPv4 addresses is that they are quickly running out. As such, anything that can be done to use these addresses more efficiently would be beneficial to all until IPv6 becomes more commonly used.

Apache + SSL Certificates – Part 1

For those interested in using SSL certificates, I would like to bring up two very important things to keep in mind:

  • Under most circumstances, each site that utilizes a SSL certificate must have a unique, static IP address
  • All SSL certificates are not the same so be sure you understand what type of certificate you are purchasing

Before purchasing or beginning to architect your domain supporting SSL, I encourage you to read and fully understand how SSL works. In order to support valid SSL authentication on all operating systems and web browsers, each domain that utilizes a SSL certificate must have a unique, static IP address assigned to it. In addition, the web server application used must be configured at a minimum to use IP-based virtual hosts.