Testing for certificate expiry with openssl

OpenSSL has a parameter in x509 that can be used to to check for future expiry of a certificate. It’s not a recent feature, because I tested on Centos7, and that ships with an old release: $ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 The check is done in seconds: -checkend arg   checks if the […]

TLS stops guest WIFI working

I don’t only blog about TLS. Honest. Guest WIFI at Center Parcs Longleat requires interaction with a web site, effectively to register devices (MAC addresses, I guess). Fairly typical of guest WIFI. One device we brought with us is a Samsung tablet based on Android 6. It was generating a certificate error when the browser […]

Puppet Enterprise CA expired!

I’m moving away from using a Puppet server, and having pushed the first few commits for this change, I realised I needed to deploy the changes on a client that was managed off the server. Turns out I built my Puppet server just over five years ago: Info: Not using expired certificate for ca from […]

switching between gitlab-ee and gitlab-ce

The procedure is to switch the packages around over the top of the data. You can’t restore a Community Edition backup into an EE install, or vice versa. # sudo gitlab-backup restore BACKUP=1638647416_2021_12_04_14.5.1 Unpacking backup … done GitLab version mismatch: Your current GitLab version (14.5.1-ee) differs from the GitLab version in the backup! Please switch […]

centos7 NTP time synchronization – systemd and chronyd

I’ve been trying to get my new GitLab instance working at home, and am having issues getting the frontend and backend nodes to work together. # sudo gitlab-rake gitlab:gitaly:check Checking Gitaly … Gitaly: … default … FAIL: 7:permission denied. debug_error_string:{“created”:”@1638634177.607305857″, “description”:”Error received from peer ipv4:″,”file”:”src/core/lib/surface/call.cc”, “file_line”:1055,”grpc_message”:”permission denied”,”grpc_status”:7} After double and triple checking everything, I stumbled […]

Using the Sony Alpha 6000 as a webcam (and other tips)

Before figuring out how to fix my Olympus camera (there’s a separate post about that) I ran with a Sony camera as a webcam, using the same HDMI adapter. It took some work in the settings to get a clean HDMI feed, and even then, there’s some problems with it.  But it works OK, and […]

On SSH Certificates

Not to be confused with TLS (was: SSL) certificates. why? Problem 1: Does anyone check SSH server keys before accepting them? The authenticity of host ‘server (’ can’t be established. ECDSA key fingerprint is SHA256:P45XQklRehB7js1bfqpbRX+dq0vTEQoJbcwACNrSGow. ECDSA key fingerprint is MD5:d2:4a:3d:a1:59:ec:30:fe:36:11:1a:61:7c:f1:3f:eb. Are you sure you want to continue connecting (yes/no) A mechanism to distribute the known […]

Open source smarter heating?

I live in a Victorian house, so it loses heat like crazy. There are some rooms which stay nice and cool in the summer, but they’re also cold in the winter. And I have the data which tells me that we average 32kWh of gas a day, over the whole year. Over the summer it’s […]