Ssl on

Death by PEBKAC evaded by amazing ZFS snapshot CTRL+Zery

Fri, 09 Mar 2018 19:23:27 +0000

Tonight I was doing a little development work towards a telemetry system I’m building for a thing. Along the way I managed (like a 10/10 n00b) to delete a bunch of vital configs on my reverse proxy server that handles all my traffic. Thanks to the amazing ZFS snapshot function made easily available by FreeNAS, I was able to recover from this otherwise devastating fckup, super fast and without service disruption.

Using pfsense to sign private wildcard SSL certificates

Wed, 17 Jan 2018 15:17:57 +0000

pfsense is a wonderful router appliance BSD distro that I’ve enjoyed for some years now.

I use the pfsense certificate manager to issue certs for my VPN client devices. For my Internet-facing life, I have legit SSL certs for everything, I’ve a neurosis about it. But it’s bothered me that for my LAN servers, I’ve continued to use Self-Signed certs for interfaces. Today I fix that.

Here are my notes on how to create and sign a wild-card SSL cert using pfsense for internal use. Note that this approach means you will make your own certificate authority which then must have its root cert installed on any machine you want to use your own certs.

VMware ESXi 6.5 - Replacing the default SSL/TLS certificates

Tue, 05 Dec 2017 17:43:47 +0000

One of my weird hobbies is installing legitimate SSL certificates EVERYWHERE. Here’s steps for replacing the default self-signed garbage SSL certificates you get out of the box with VMware ESXi:

Steps Get your SSL cert, obviously. You’ll need a .key file and a .crt. (If you need help at this stage, take a look at my SSL cert management scripts on github.) Enable SSH access to your ESXi box. Login as root over ssh. (If you don’t know about this, perhaps this whole process is not for you at this time) From your root ssh session to your ESXi box, follow these steps: