Fabian Lee : Software Engineer

Kubernetes: ingress-nginx-controller-admission error, x509 certificate signed by unknown authority

January 29, 2022
Categories: Containers

If you delete the entire nginx namespace and reinstall again via helm chart, your nginx admission controller may throw a “x509 certificate signed by unknown authority” message when you attempt to create an nginx ingress. This will happen regardless if the ingress is using http only or secure https. And also whether or not the … Kubernetes: ingress-nginx-controller-admission error, x509 certificate signed by unknown authority

Ansible: creating SAN certificates with a custom root CA

April 5, 2021
Categories: Automation

Ansible has support for generating self-signed certificates as well as certificates using a custom root CA (certificate authority). This is possible using the community.crypto collection. I’ve put this into a role named ansible-role-cert-with-ca available on github, and it can be used from a playbook like below: vars: # custom CA, leaving undefined will create self-signed … Ansible: creating SAN certificates with a custom root CA

PowerShell: Creating a self-signed certificate using Powershell without makecert or IIS

September 8, 2019
Categories: Scripting

If you are using version 4+ of PowerShell, then instead of using the older makecert utility or the IIS Manager you can simply use New-SelfSignedCertificate cmdlet. In this article I’ll provide a small Powershell script that can assist in creating a self-signed certificate in the local machine personal store.

Ubuntu: Creating a self-signed SAN certificate using OpenSSL

February 17, 2018
Categories: Linux

There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through generating a self-signed certificate with SAN (Subject Alternative Name) and SAN wildcard entries, replacing the deprecated usage of CN=<FQDN>. In addition to the operational benefits of managing SAN, it is also … Ubuntu: Creating a self-signed SAN certificate using OpenSSL

Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

February 17, 2018
Categories: DNE, Linux

There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through creating a trusted CA (Certificate Authority), and then using that to sign a server certificate that supports SAN (Subject Alternative Name). Operationally, having your own trusted CA is advantageous over a … Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

Ubuntu: Creating a self-signed certificate using OpenSSL on Ubuntu

February 21, 2017
Categories: Linux

There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. Here are the quick steps for installing a simple self-signed certificate on an Ubuntu server. If you instead need to create a certificate with SAN (Subject Alternative Name) support, read my article here. Some of you will … Ubuntu: Creating a self-signed certificate using OpenSSL on Ubuntu