Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!
openssl genrsa -des3 -out rootCA.key 4096
idoxtreme anezjonathan
anezjonathan
/ mailer.conf
Created
August 3, 2021 11:00
— forked from igalic/mailer.conf
disable sendmail on FreeBSD, completely.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if with the below rc.conf and periodic.conf settings you somehow still see logs like | |
| # Nov 28 03:01:00 webproxy sendmail[41991]: My unqualified host name (webproxy) unknown; sleeping for retry | |
| # Nov 28 03:02:00 webproxy sendmail[41991]: unable to qualify my own domain name (webproxy) -- using short name | |
| # Nov 28 03:56:50 webproxy sendmail[74256]: My unqualified host name (webproxy) unknown; sleeping for retry | |
| # Nov 28 03:56:51 webproxy sendmail[87297]: My unqualified host name (webproxy) unknown; sleeping for retry | |
| # Nov 28 03:57:51 webproxy sendmail[74256]: unable to qualify my own domain name (webproxy) -- using short name | |
| # Nov 28 03:57:51 webproxy sendmail[87297]: unable to qualify my own domain name (webproxy) -- using short name | |
| # we can kill it off like this: |
anezjonathan
/ Makefile
Created
August 3, 2021 10:54
— forked from igalic/Makefile
Makefile to create a root-ca, an intermediate signing CA.
It can also be used to quickly create keys and Certificates and sign them with that intermediate CA. You should put the root-ca into your Trust Store (preferably as the only CA;) and make sure your programs validate it correctly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root_DN = /CN=Esotericsystems Root Authority/C=AT/ | |
| issuing_DN = /CN=Esotericsystems Issuing Authority/C=AT/ | |
| passphrase: | |
| echo -n changeme > $@ | |
| # | |
| # Create param files, keys and Self-Signed Certificate for the Root CA | |
| # | |
| root-ca-dsa.param: passphrase |
anezjonathan
/ self-signed-certificate-with-custom-ca.md
Created
November 27, 2018 04:10
— forked from fntlnz/self-signed-certificate-with-custom-ca.md
Self Signed Certificate with Custom Root CA
anezjonathan
/ how-to-set-up-stress-free-ssl-on-os-x.md
Created
October 24, 2017 09:19
— forked from jed/how-to-set-up-stress-free-ssl-on-os-x.md
How to set up stress-free SSL on an OS X development machine
One of the best ways to reduce complexity (read: stress) in web development is to minimize the differences between your development and production environments. After being frustrated by attempts to unify the approach to SSL on my local machine and in production, I searched for a workflow that would make the protocol invisible to me between all environments.
Most workflows make the following compromises:
-
Use HTTPS in production but HTTP locally. This is annoying because it makes the environments inconsistent, and the protocol choices leak up into the stack. For example, your web application needs to understand the underlying protocol when using the
secureflag for cookies. If you don't get this right, your HTTP development server won't be able to read the cookies it writes, or worse, your HTTPS production server could pass sensitive cookies over an insecure connection. -
Use production SSL certificates locally. This is annoying