Passing a private key as an environment variable (1 mins read).
How to convert a PEM-encoded private key in a form to be stored in an environment variable.
Tag certificates
Getting the fingerprint of a certificate in Go (1 mins read).
How to retrieve an X.509 thumbprint from a remote server, in Go.
Getting the OpenID Connect thumbprint for AWS on the command-line with Go (2 mins read).
How to automagically retrieve an OpenID Connect thumbprint for use with AWS' OpenID Connect federated identity.
by 
Jamie Tanna
.
#blogumentation
#go
#certificates
#aws
#oidc.
Converting an x5c from a JSON Web Key to a PEM with Node.JS (1 mins read).
How to convert a JWK's x5c to a PEM-formatted certificate with Node.JS.
by Jamie Tanna
.
#blogumentation
#nodejs
#jwks
#jwk
#certificates
#pem
#x509.
Extracting x5cs from a JSON Web Key Set (JWKS) to PEM files with Node.js (1 mins read).
How to extract the full chain of certificates from a JWKS' x5c parameter to files.
by Jamie Tanna
.
#blogumentation
#nodejs
#jwks
#jwk
#certificates
#pem
#x509.
A very interesting read about physical and virtual security required to protect the keys to the castle
Recommended read: How we protect our most sensitive secrets from the most determined attackers https://monzo.com/blog/2021/11/18/protecting-our-most-sensitive-secrets/
JWKS-iCal Release v1.2.0: Determine the jwks_uri from Configuration (1 mins read).
Updating jwks-ical to add support for discovering jwks_uri endpoints automagically.
Globally Disable TLS Checks with Java for HttpsURLConnection (1 mins read).
How to disable TLS checks when using HttpsURLConnections in Java.
JWKS-iCal Release v1.1.0: Adding Calendar Reminder (1 mins read).
Updating jwks-ical to add support for calendar reminders before the certificate's expiry.
Recommended read: The Impending Doom of Expiring Root CAs and Legacy Clients https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Keeping Track of Certificate Expiry with a JWKS to iCalendar Converter (4 mins read).
Creating an iCalendar feed for certificate expiry details, given a URI for a JSON Web Key Set.
by Jamie Tanna
.
#java
#jwks
#certificates
#jwks-ical
#calendar
#google-cloud
#serverless.
Extract a Public Cert from a Java Keystore/Truststore (1 mins read).
How to export the public certificate from a Java keystore.
by Jamie Tanna
.
#blogumentation
#java
#keystore
#certificates.
Recommended read: ocsp through proxy - Google Groups https://groups.google.com/forum/#!topic/mailing.openssl.users/dajh2puIxz8
by Jamie Tanna
.
#openssl
#certificates.
Recommended read: OCSP Validation with OpenSSL https://akshayranganath.github.io/OCSP-Validation-With-Openssl/
by Jamie Tanna
.
#certificates
#openssl.
Extracting x5cs from a JSON Web Key Set (JWKS) to PEM files with Ruby (1 mins read).
How to extract the full chain of certificates from a JWKS' x5c parameter to files.
Extract a Private Key from a Java Keystore (1 mins read).
How to export an asymmetric PrivateKeyEntry entry from a Java keystore.
by Jamie Tanna
.
#blogumentation
#java
#keystore
#certificates.
Splitting an X509 PEM-Encoded Certificate Bundle into Multiple Files (1 mins read).
Splitting a certificate bundle into separate files using split or awk.
by Jamie Tanna
.
#blogumentation
#command-line
#certificates.
Converting an x5c from a JSON Web Key to a PEM with Ruby (1 mins read).
How to convert a JWK's x5c to a PEM-formatted certificate with Ruby.
by Jamie Tanna
.
#blogumentation
#ruby
#jwks
#jwk
#certificates
#pem
#x509
#openssl.
Performing Mutual TLS Authentication with Rest Assured (via Apache HTTP Client) (3 mins read).
How to configure Rest Assured to perform Mutual TLS authentication against an API.
by Jamie Tanna
.
#blogumentation
#certificates
#mutual-tls
#java
#rest-assured.
Bookmarked
https://mtls.dev/
.
This is a great resource for generating certs for performing Mutual TLS authentication, as well some good sample code for how to set up example client/server apps in several programming languages.
Recommended read: mtls.dev - Generating TLS certs doesn't have to be hard. https://mtls.dev/
Bookmarked
https://smallstep.com/blog/everything-pki/
.
Recommended read: Everything you should know about certificates and PKI but are too afraid to ask https://smallstep.com/blog/everything-pki/
by Jamie Tanna
.
#certificates
#encryption
#cryptography
#pki.
Setting up a directory for OpenSSL's SSL_CERT_DIR (2 mins read).
How to configure a directory of trusted certificates for OpenSSL to trust.
Using the OpenSSL Command-Line to Verify an SSL/TLS Connection (2 mins read).
How to use the openssl command-line to verify whether certs are valid.
by Jamie Tanna
.
#blogumentation
#openssl
#certificates
#command-line
#nablopomo.
Bookmarked
https://badssl.com/
.
Recommended read: BadSSL - test with expired, misconfigured or weak SSL/TLS configuration https://badssl.com/
by Jamie Tanna
.
#certificates.
Trusting Self-Signed Certificates from Ruby (1 mins read).
How to configure Ruby to trust self-signed certificates.
by Jamie Tanna
.
#blogumentation
#ruby
#certificates
#nablopomo.
Viewing the Contents of a Certificate Signing Request (CSR) with OpenSSL (1 mins read).
How to look at the contents of a Certificate Signing Request (CSR) with the openssl command-line tool.
by Jamie Tanna
.
#blogumentation
#openssl
#certificates
#nablopomo.
Listing the Contents of a Java Truststore (3 mins read).
How to extract a list of trusted certificates from a Java Trust store.
Extract a Secret Key from a Java Keystore (2 mins read).
How to export a symmetric SecretKey entry from a Java keystore.
by Jamie Tanna
.
#blogumentation
#java
#keystore
#certificates.
Viewing X.509 DER Certificate Fingerprints with OpenSSL (1 mins read).
How to view an X.509 DER certificate's fingerprint using openssl commands.
by Jamie Tanna
.
#blogumentation
#certificates
#command-line
#der
#openssl.
Viewing X.509 PEM Certificate Fingerprints with OpenSSL (1 mins read).
How to view an X.509 PEM certificate's fingerprint using openssl commands.
by Jamie Tanna
.
#blogumentation
#certificates
#command-line
#pem
#openssl.
Viewing X.509 DER Certificate Details with OpenSSL (2 mins read).
How to convert an X.509 DER file to a human-readable format using openssl commands.
by Jamie Tanna
.
#blogumentation
#certificates
#command-line
#der
#openssl.
Viewing X.509 PEM Certificate Details with OpenSSL (2 mins read).
How to convert an X.509 PEM file to a human-readable format using openssl commands.
by Jamie Tanna
.
#blogumentation
#certificates
#command-line
#pem
#openssl.
Trusting Self-Signed Certificates from the Chef Development Kit (2 mins read).
How to get the ChefDK (and associated tools) to trust internal / self-signed certificates, in an easy oneliner.
by Jamie Tanna
.
#blogumentation
#chef
#chefdk
#certificates
#berkshelf.
Extracting SSL/TLS Certificate Chains Using OpenSSL (1 mins read).
A quick one-liner to get you the full certificate chain in .pem format.
by Jamie Tanna
.
#blogumentation
#bash
#shell
#oneliner
#openssl
#certificates.
You're currently viewing page 1 of 1, of 42 posts.