OpenSSL has a parameter in x509 that can be used to to check for future expiry of a certificate. It’s not a recent feature, because I tested on Centos7, and that ships with an old release: $ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 The check is done in seconds: -checkend arg checks if the […]
I don’t only blog about TLS. Honest. Guest WIFI at Center Parcs Longleat requires interaction with a web site, effectively to register devices (MAC addresses, I guess). Fairly typical of guest WIFI. One device we brought with us is a Samsung tablet based on Android 6. It was generating a certificate error when the browser […]
I’m moving away from using a Puppet server, and having pushed the first few commits for this change, I realised I needed to deploy the changes on a client that was managed off the server. Turns out I built my Puppet server just over five years ago: Info: Not using expired certificate for ca from […]
The procedure is to switch the packages around over the top of the data. You can’t restore a Community Edition backup into an EE install, or vice versa. # sudo gitlab-backup restore BACKUP=1638647416_2021_12_04_14.5.1 Unpacking backup … done GitLab version mismatch: Your current GitLab version (14.5.1-ee) differs from the GitLab version in the backup! Please switch […]
I’ve been trying to get my new GitLab instance working at home, and am having issues getting the frontend and backend nodes to work together. # sudo gitlab-rake gitlab:gitaly:check Checking Gitaly … Gitaly: … default … FAIL: 7:permission denied. debug_error_string:{“created”:”@1638634177.607305857″, “description”:”Error received from peer ipv4:192.168.0.7:8075″,”file”:”src/core/lib/surface/call.cc”, “file_line”:1055,”grpc_message”:”permission denied”,”grpc_status”:7} After double and triple checking everything, I stumbled […]
Before figuring out how to fix my Olympus camera (there’s a separate post about that) I ran with a Sony camera as a webcam, using the same HDMI adapter. It took some work in the settings to get a clean HDMI feed, and even then, there’s some problems with it. But it works OK, and […]
I wanted to use a “proper” camera as a webcam, and ran into some difficulties with compatibility between the camera and the adapter. TL;DR – if you get ‘No Connection’ outputting HDMI from an Olympus camera, select a lower resolution and data rate. Carefully test higher resolution, frames per second, and data rate options, and […]
Not to be confused with TLS (was: SSL) certificates. why? Problem 1: Does anyone check SSH server keys before accepting them? The authenticity of host ‘server (192.168.1.13)’ can’t be established. ECDSA key fingerprint is SHA256:P45XQklRehB7js1bfqpbRX+dq0vTEQoJbcwACNrSGow. ECDSA key fingerprint is MD5:d2:4a:3d:a1:59:ec:30:fe:36:11:1a:61:7c:f1:3f:eb. Are you sure you want to continue connecting (yes/no) A mechanism to distribute the known […]
I live in a Victorian house, so it loses heat like crazy. There are some rooms which stay nice and cool in the summer, but they’re also cold in the winter. And I have the data which tells me that we average 32kWh of gas a day, over the whole year. Over the summer it’s […]
Java, I’m looking at you (though Chrome will get glared at as well). The most tedious TLS rabbit holes are the ones that relate to inconsistencies between TLS clients. A certificate will work in most cases, and then one client will fail, and then down the rabbit hole you go, waving to a Cheshire cat […]
thewatertower.org 
You must be logged in to post a comment.