Louwrentius

Ubuntu is based on Debian Linux. As part of a regular Debian installation, you can choose to create an encrypted disk volume based on LUKS. This is different from the option within the Ubuntu installation to encrypt home directories. To be able to install Ubuntu and use full disk encryption, you need to download the alternate install CD / DVD. Only this version of Ubuntu supports LUKS as an installation option.

You will have either two options:

1. use the default choice, creating a swap partition, boot partition and the encrypted root file system on top of LVM;

2. create separate crypted partitions yourself manualy.

Personaly I don't care for separate partitions and use the provided automatic option. If you do care, please read this blog for more info.

disk-encryption/

Often, software comes supplied with some default SSL certificate, for testing purposes, such as those 'snake oil' certificates (they are called snake oil certificates for a reason). In practice, I often encounter usage of such certificates. People may seem to think that as long SSL is used, authentication and thus credentials are safe, but nothing could be further from the truth.

If you encounter a service that uses a default vendor-supplied SSL certificate, decryption of communication is trivial. Just obtain a copy of this vendor software and grab the private key. This private key can be loaded into Wireshark to decrypt any captured SSL traffic that has been encrypted with this certificate. Please read this link about decrypting SSL with Wireshark.

So it is important to always replace default SSL certificates with a freshly generated, no matter if it is self-signed or not.