Thursday, 26 March 2009
Thursday, 19 March 2009
Here is a little gem I found in Absolute FreeBSD - Chapter 9 that lets you test the certificate used by a web server to start a https connection. Basically what happens is that openssl opens a SSL connection to the web site, prints all the details of the connection and then you can enter a HTTP request as if you were connected via telnet to port 80. Reading the output gives you a good idea of what is wrong or right with your cert. Seeing I had to use it twice today to check our certificates I would say it is really useful.
Here is an example of use:
Here is an example of use:
openssl s_client -connect www.google.com:443Which yelds:
CONNECTED(00000003) depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDITCCAoqgAwIBAgIQPI06ZO4Y3RtzC6GS7viYGzANBgkqhkiG9w0BAQUFADBM MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wODA1MDIxNzAyNTVaFw0w OTA1MDIxNzAyNTVaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcw FQYDVQQDEw53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAmxntXaVWr0lm23n9whx4Tk8RpYqs4pTu4+JLwAMlp5nMZeHslK6u8KeZvBDX 7YcwR81Q+a/T0/QLjUeKLuLOU5uRmX8eXPkb1umTZ+NK+M/EjAxo0ZdURw4KJDCn gpSu3q4/v7oUxviykI42reHQvhaas15yOEnadKE//9KHge0CAwEAAaOB5zCB5DAo BgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlU0dDQ0EuY3Js MHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AudGhhd3Rl LmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRv cnkvVGhhd3RlX1NHQ19DQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUF AAOBgQAxCmyinulUGRZomZHWQ8trtMxszLD78e6BvwArb1ASxq8CKjbBKN7FTFYg bfU9QrkYgSCy3Vdd674yhFBFUW7N5C4qOIifUu0o//yNV7WtZK5NDg7ZPay4/mZM FY9EUvp8PATtfzdhBP7V6bmwnv6lEWnJY9ZGgW8A2HIvgjdEwQ== -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA --- No client certificate CA names sent --- SSL handshake has read 1765 bytes and written 322 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: xxx Session-ID-ctx: Master-Key: xxx Key-Arg : None Start Time: 1237496532 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---
Wednesday, 11 March 2009
In a vain attempt to learn more about FreeBSD I bought Absolute FreeBSD 2nd edition. I am already up to the 5th Chapter and finding it a good read. It reads well as the author has a very conversational tone, while giving you more than enough information on the topic at hand. He drops in jokes and honest truths, as if you were talking to him in a bar. I imagine that it would be a bit lacking if you were a hard core Unix admin, but then I guess you wouldn't be reading the book. Chapters read so far: Chapter 1 - Getting More Help A very solid discussion into how to find information on the FreeBSD system in front of you. My favorite part is the section that describes how to write an email to the BSD user groups when you need support. I wish I could get anyone that sends me a support request to read this section before they do. If only so they can understand why they get so many polite emails back asking for more detail than "its broken". Chapter 2 - Installing BSD I skimmed this chapter as I already have FreeBSD installed, but will most likely go back and read it when I need to reinstall (due to human error) Chapter 3 - Start Me Up! The Boot Process This chapter was enlightening, I now have more insight into what the messages at boot time mean, and more importantly I found out that I could change the loader logo to a colour beastie. By adding the following to /boot/loader.conf:
loader_logo="beastieIts this sort of useless fact that I love, and while maybe not as important as some other configuration options, I now know that there is a loader.conf and what it does. Chapter 4 - Read this before you break something else! (Backup and Recovery) I was ready to skip this chapter, when my eyes fell upon the section on Revision Control for config files. This is something I have been wondering how to do this properly for a while now, so I stopped skimming and read on. Once again this section was straight forward and explains both the whys and the hows. No more thinking "I should really have this under version control" for me :)
Sunday, 1 March 2009
Finally I have got my act together and got star tracker released to the Civet server. So you can see version 0.1 at http://caffeinesoftware.no-ip.org/startracker/index.