Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
In our previous article, we Dockerized our Node.js server, pushed that container image to AWS ECR, and then launched an EC2 instance with that container running inside. With our network and security group configured, we could send HTTP requests to our EC2 instance (at port 80) and receive responses from our server.
For our next trick, let's set up a custom domain name and make our server accessible via HTTPS. Here are the steps we're going to take:
As engineers, we sometimes need to grab a certificate for different purposes. It may occur that we need it to update the truststore of our application with a new trusted certificate, or just want to analyze the content of it, or use it for testing or just for some other purpose. There are multiple ways to accomplish this such as drag-and-drop the certificate from your browser to your desktop or by using OpenSSL. The browser is only capable of exporting binary certificates and the commands of OpenSSL might be sometimes complex or tricky to build depending on which kind of output you want. I was seeking a simple way of just printing server certificates to either a pem format or human-readable format and I also wanted to export all of it into a truststore file and in that way Certificate, Ripper came into life.
Certificate Ripper is a CLI application available for Windows, Mac OS X, and Linux and can be found here: GitHub - Certificate Ripper
When customers using Couchbase require us to comply with privacy regulations such as HIPAA (financial or healthcare customers as an example), then we typically need to allow for Authentication(LDAP), Authorization (RBAC-role based access control), and Encryption. It is also important to support auditing and redaction of important information, especially in logs (Couchbase has support for log redaction using specific tags), all of which Couchbase supports. When it comes to encryption, Couchbase supports node to node encryption at multiple levels using the cluster configuration level setting. This is controlled by the user and can take 3 values:
Control: At this level, only the cluster and server connections to internal services are encrypted. This basically includes the cluster management information and the related internal processes. However, data across nodes in the cluster is not. So, for example, a server to query service connection is encrypted. This is the default behaviour.
As MuleSoft developers, we often use signed certificates when exposing a service. I thought it would be helpful if I share the commands to create a pk12 certificate and also how to convert it to jks.
Verify OpenSSL installed or not
How many organizations may have overlooked or delayed the migrations of SHA-1 certificates in internal environments? They are hard to find, hard to track, harder to monitor, and may not have expiration dates that would drive migration.
Everyone who didn’t feel they had to worry too much about replacing those hard-to-find internal SHA-1 certificates will now have to start worrying. Microsoft is in the process of phasing out the use of the Secure Hash Algorithm 1 (SHA-1) code-signing encryption to deliver Windows OS updates. On February 15th, 2018, Microsoft announced that customers running legacy OS versions will be required to have SHA-2 code-signing support installed on their devices by July 2019.
When we develop web-application or experiment with some technologies, it's quite common to need a certificate. A certificate for real world scenarios can be expensive, and it's over-engineering for testing purposes. So with this simple PowerShell script (on Windows), we can create a self-signed certificate for development enviroments.
$cert = New-SelfSignedCertificate -DnsName mydemowebapp.net -CertStoreLocation cert:\LocalMachine\My
$pwd = ConvertTo-SecureString -String "MyPassword" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath C:\temp\cert.pfx -Password $pwd