Tightening TLS security
From Wildsong
Go to https://www.ssllabs.com/ssltest/analyze.html and test the security on your server.
Then follow the suggestions to improve it.
The test guided me to https://weakdh.org/sysadmin.html where I looked up my nginx server.
I had to create a dhparams.pem file by running "openssl dhparam -out dhparams.pem 2048"
And I added some lines to my nginx set up. That brought my grade up from B to A+.
These are the lines that I added to nginx configuration for my SSL site.
Still working on this one. I had to install non-export JAR files from Oracle. But I still don't have the basic set up working!
Key conversion
It's a pain, if you don't create the key pair in keytool in the first place you have to trick it