Firefox: ocsp stapling

OCSP stands for Online Certificate Status Protocol. It’s basically a protocol that’s used to make sure that an SSL certificate is still valid and hasn’t been revoked.

Firefox appears to be the only browser that does an additional security check for OCSP and also does a hard fail. This is a security feature of Firefox.

If your SSL report is fail the OCSP stapling, then the site will unable to access by Mozilla Firefox. This is the message from Mozilla FireFox


How to get the SSL report, you can always use the SSL report tools

You could try disabling stapling support from Mozilla FireFox

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch the value from true to false


Dynamic DNS – The automated rapid record updates

DNS which is know as Domain Name System which the record is key in manually and fix. When the DNS record is edited, it will always take 1-2 hours to fully resolved. By using the DNS, the server need to have a fixed IP. If you use the dynamic IP, the domain DNS record need to edit if the server dynamic IP is change to other dynamic IP. To address the issue of rapid change of dynamic IP (if the server is using the dynamic IP), Dynamic DNS might be the solution.
Dynamic Domain Name System or DDNS, is the solution if the server is using the dynamic IP. The basic idea is replace the IP by hostname, and the hostname A record will rapid change when the IP of that server is change. For the domain that use the DNS , the A record insert manually which normally use the fixed IP. The reason is because the A record will not change if there is no edit done. For the DDNS, the domain A record will change if the server IP is change. Here is the diagram.  Continue reading “Dynamic DNS – The automated rapid record updates”

How to disable “press home to open” in iOS 10


The thing that most iPhone user no like is you need to hold a finger over the home button and press down on it to unlock. Yes, I repeat , you need to PRESS DOWN on it to unlock…. WHO COME OUT OF THIS IDEA!!!!!!!!

For previous version, you just simply held your finger over the home button to unlock it(those with a Touch ID).

Well, there is trick to disable the “PRESS DOWN” action.  Continue reading “How to disable “press home to open” in iOS 10″

How to clear OS X DNS cache


You may occasionally get into a situation where the DNS on your Mac needs to be flushed from the system in order for a new server or some other DNS address change.

A DNS cache contains entries that translate Internet domain names *such as “”) to IP addresses. The Internet’s Domain Name System (DNS) involves caching on both Internet DNS servers and on the client computers that contact DNS servers. These caches provide an efficient way for DNS to efficiently keep the Internet synchronized as the IP addresses of some servers change and as new servers come online.

OS X Yosemite have “new systems” to manage DNS which is

  1. MDNS Cache (Multicast DNS)
  2. UDNS Cache (Unicast DNS)

This post show how we clear the cache. Open the terminal and run this command

Clear MDNS Cache

sudo discoveryutil mdnsflushcache

Hit return and enter the admin password when requested.

Clear UDNS Cache

sudo discoveryutil udnsflushcaches

Again, hit return and enter the admin password when requested.

Flush and Reset All DNS Caches

sudo discoveryutil mdnsflushcache;sudo discoveryutil udnsflushcaches;say flushed


If your Mac is on 10.10.4, you need to use this command

sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder;say cache flushed

How to map .html to asp.dll (IIS7 & IIS 7.5)

There is some bug on IIS 7.5 where the setting on IIS handler mapping not able to function well when it need to edit the existing hander to  use other executable module.  It not a known bug but it do happen based on my testing.


But we can try do the setting on backend.

CAUTION: Make Sure you have backup all the copy of the file that you edit.

1) go into the C:\Windows\System32\inetsrv\config directory and edit the fileapplicationHost.config (you will need to do this in administrator mode, or do it from a different computer networking over to that server, otherwise Windows will protect that file and won’t allow you to change it.)

2) Scroll all the way to the bottom and look for the section that corresponds to your web site <location path=”Your Web Site”>

3) Change/edit the code block to add in the HANDLERS and HTM map below

<location path="Your Web Site"> 
<asp appAllowClientDebug="true" scriptErrorSentToBrowser="true" /> 
<add name="htm" path="*.htm" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="File" /> 

4) Save it and restart IIS. Bingo.