certificate

Kubernetes: LetsEncrypt certificates using HTTP and DNS solvers on DigitalOcean

Managing certificates is one of the most mundane, yet critical chores in the maintenance of environments.   However, this manual maintenance can be off-loaded to cert-manager on Kubernetes. In this article, we will use cert-manager to generate TLS certs for a public NGINX ingress using Let’s Encrypt.   The primary ingress will have two different hosts using Kubernetes: LetsEncrypt certificates using HTTP and DNS solvers on DigitalOcean

Ubuntu: using ldapsearch to query against a secure Windows Domain Controller

Using ldapsearch to query against the insecure port of a Windows Domain Controller is straightforward.  However, it can be challenging to get all the pieces in place for a production environment where the secure port must be used and the root CA certificate is typically not from a public CA. Assuming the standard insecure port Ubuntu: using ldapsearch to query against a secure Windows Domain Controller

Ubuntu: Adding a root certificate authority

If your backend components or application servers use a custom CA (Certificate Authority), then you may need to add it to the system trusted root certificate store so that the standard tools and other utilities trust the TLS communication.

Git: client error, server certificate verification failed

Especially with private git repositories that may be self-signed or have private CA, you may get the following error from the git client after a certificate has been updated: fatal: unable to access ‘https://git.mycompany.com/myuser/myrepo.git/’: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none This means that the git client cannot verify the integrity of the certificate Git: client error, server certificate verification failed

Java: Loading self-signed, CA, and SAN certificates into a Java Keystore

The JRE comes preloaded with a set of trusted root authorities, but if you are working with self-signed certificates, or SAN server certificates that were signed using your own Certificate Authority then you are going to need to add these certificates to your trusted keystore. If your Java application attempts to communicate via TLS to Java: Loading self-signed, CA, and SAN certificates into a Java Keystore

Ubuntu: Creating a self-signed SAN certificate using OpenSSL

There are numerous articles I’ve written  where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through generating a self-signed certificate with SAN (Subject Alternative Name) and SAN wildcard entries, replacing the deprecated usage of CN=<FQDN>. In addition to the operational benefits of managing SAN, it is also Ubuntu: Creating a self-signed SAN certificate using OpenSSL

Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

There are numerous articles I’ve written  where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through creating a trusted CA (Certificate Authority), and then using that to sign a server certificate that supports SAN (Subject Alternative Name).  Operationally, having your own trusted CA is advantageous over a Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

Ubuntu: Creating a self-signed certificate using OpenSSL on Ubuntu

There are numerous articles I’ve written  where a certificate is a prerequisite for deploying a piece of infrastructure. Here are the quick steps for installing a simple self-signed certificate on an Ubuntu server.  If you instead need to create a certificate with SAN (Subject Alternative Name) support, read my article here. Some of you will Ubuntu: Creating a self-signed certificate using OpenSSL on Ubuntu