If you're about to handle X509 certificates and don't want to remember/google a handful of openssl commands you can use the graphical tool XCA Show archive.org snapshot .
Setup
- Install XCA
sudo apt install xca
- Create a new database with a strong master password
Features
- Create CSR
- Verify SSL private key matches SSL certificate
- enable
Key name
column - import certificate and private key
- enable
- Import, export and convert PKCS#12, PKCS#7, PEM chain, DER and more
- Check issuer chain
- import certificate, intermediate and root ca
- they get automatically chained
- View certificates and export openssl config
- Check revocation lists
- Setup a private PKI
- A lot more...
Related cards:
HowTo: verify SSL private key matches SSL certificate
When receiving a new SSL-Certificate for an existing SSL-key it should be checked that they match cryptographically.
Maybe the customer accidentally created a new key and certificate and sent us just the certificate.
It's also possible that the c...
Change / Update SSL certificate for Amazon Elastic Load Balancer with AWS Command Line Interface
-
Install and configure the AWS Command Line Interface
-
Show existing certificates to test if the AWS Cli is working:
$ aws iam list-server-certificates { "ServerCertificateMetadataList": [...
Correct sequence of ssl cert and intermediate certificates
In case you're wondering, when concat-ing server certificate and intermediate certificates, the server certificate comes first.
RFC 4346:
certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's
cert...
Fix "A client error (MalformedCertificate) occurred: Invalid Private Key." at AWS SSL Certificate upload
I'm creating certificate requests with this command:
openssl req -new -out www.example.com.csr -keyout www.example.com.key -newkey rsa:2048 -nodes
When I try to upload the certificate to AWS IAM I get this error:
$ aws iam upload-se...
ACM certificate not showing up in CloudFront
Preface
Before you continue, ensure that you've created your certificate in the region us-east-1
(N. Virginia). Otherwise the certificate is not available for CloudFront.
The issue
At some point in time you may be confronted with the f...
HowTo: Curl applications that are usually behind reverse proxies with TLS termination without the application redirecting to https schema
A lot of web applications require being called over https
, which is a good thing. It's possible to configure this requirement at the web- or proxy server level, where nginx
or apache
will just redirect every request on http
to https
. Som...
swaks - Swiss Army Knife SMTP, the all-purpose smtp transaction tester
swaks is a very nice tool to test SMTP. For the most linux distributions you can easily install it with your package management system.
This example send an email from from@example.com
to `to@example.c...
send a testmail via exim
Sending a testmail from a server with a configured exim is easy as pie.
From your usershell:
-
tell exim that we want to send a mail to an recipient and tell us about the details of the sending procedure
$ exim -v receipient@fo...
manual haproxy backend failover
If you want to perform a failover on another haproxy backend server this is the way you should do it:
Gather information
Via hatop
Note: Please mind that the names of frontends / backends / servers are only examples. Mind this when yo...
Disable AWS Free Tier Usage Alerts
Ever felt annoyed by AWS Free Tier limit alert emails?
Just disable them:
Billing preferences -> Cost Management Preferences -> Receive Fr...