Correct sequence of ssl cert and intermediate certificates
In case you're wondering, when concat-ing server certificate and intermediate certificates, the server certificate comes first.
RFC 4346:
certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's
certificate must come first in the list. Each following
certificate must directly certify the one preceding it.
Related cards:
XCA: Easy SSL certificate management
If you're about to handle X509 certificates and don't want to remember/google a handful of openssl commands you can use the graphical tool XCA.
Setup
- Install XCA
sudo apt install xca
- Create a new database...
Change / Update SSL certificate for Amazon Elastic Load Balancer with AWS Command Line Interface
-
Install and configure the AWS Command Line Interface
-
Show existing certificates to test if the AWS Cli is working:
$ aws iam list-server-certificates { "ServerCertificateMetadataList": [...
HowTo: verify SSL private key matches SSL certificate
When receiving a new SSL-Certificate for an existing SSL-key it should be checked that they match cryptographically.
Maybe the customer accidentally created a new key and certificate and sent us just the certificate.
It's also possible that the c...
Fix "A client error (MalformedCertificate) occurred: Invalid Private Key." at AWS SSL Certificate upload
I'm creating certificate requests with this command:
openssl req -new -out www.example.com.csr -keyout www.example.com.key -newkey rsa:2048 -nodes
When I try to upload the certificate to AWS IAM I get this error:
$ aws iam upload-se...
HowTo: Easier selecting and copying of text in tmux
When using tmux
, selecting and copying multiple lines of text can be a hassle, especially when using splits (highlighting lines will cross pane borders, copying contents from the other pane too) and when the user wishes to copy (thus, select) li...
HowTo: Curl applications that are usually behind reverse proxies with TLS termination without the application redirecting to https schema
A lot of web applications require being called over https
, which is a good thing. It's possible to configure this requirement at the web- or proxy server level, where nginx
or apache
will just redirect every request on http
to https
. Som...
ACM certificate not showing up in CloudFront
Preface
Before you continue, ensure that you've created your certificate in the region us-east-1
(N. Virginia). Otherwise the certificate is not available for CloudFront.
The issue
At some point in time you may be confronted with the f...
Intel Microcode Versions and Updates
Intel CPUs receive updates, including security relevant upgrades, through 2 channels:
- Firmware/UEFI BIOS updates can also update the microcode in CPUs. This is the preferred and persistent way
- the
intel-microcode
package can patch the micro...
dumping and restoring PostgreSQL databases
This card is just about creating simple PostgreSQL dumps. This is no instruction for a backup strategy nor a guide for SQL dump performance optimization.
Read before starting
- I will assume that all commands will be executed as local `postgr...
HowTo: Clone a MariaDB database with mariabackup, mbstream and netcat
If you have a very large datadir in MariaDB and you want to transfer the data to another host (e.g. for replication) you may want to avoid storing it locally and copying it between the hosts.
You can stream the backup directly via netcat
.
##...