Do you know how many Amazon issued certificates (ACM) or user uploaded certificates (IAM) in your AWS accounts?  How many certificates have been deployed to production in your Akamai contracts? Not sure about you, but I don't know the answer. So I wrote a tool called CertStuff to get all those information (common name, SAN, … Continue reading CertStuff


Enable HSTS in Akamai

What is HSTS? It stands for HTTP Strict Transport Security. Simply speaking, HSTS is a method that allows the browser to do http to https redirect. Why use HSTS? Security! As explained above, the http traffics only stay inside the machine, so it reduces the risk of exposing sensitive information in plain text to the Internet. … Continue reading Enable HSTS in Akamai

Akamai add basic auth to incoming request

In some cases, Akamai may need to add auth basic to incoming request before sending it to the origin. Here is how to: 1) encode the username and password in the format of username:password. It can be done either via bash script or the online tool. # echo -n username:password | base64 dXNlcm5hbWU6cGFzc3dvcmQ= https://www.base64encode.org/ 2) Add a behavior … Continue reading Akamai add basic auth to incoming request

AWS API Gateway behind Nginx

If you happen to have a Nginx upstream using AWS API Gateway, and gets this error 'SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream' Here is the fix - you need to add 'proxy_ssl_server_name on;' in your nginx.conf. The directive is only available since version 1.7.0. Reference: proxy_ssl_server_name Syntax: proxy_ssl_server_name … Continue reading AWS API Gateway behind Nginx