Posts Tagged ‘PKI’

PKI Revisited

A little more than two years ago, I set up a PKI and did a post on it. The main goal was to get a certificate on my EdgeOS router to get proper HTTPS support without the annoying red X. When I did it, however, I didn’t do it quite right, and so I decided to redo it all. Some of the major problems:

  • The cert for my router expired after two years. Hence, I as of today I need a new cert anyway.
  • The intermediate cert also expired after two years. Lame!
  • To trust the chain, I had to import the intermediate cert into Windows, not the root cert. I should just need the root cert.

So I decided to do it right, and do it all over again for posterity, again largely following this post from Didier Stevens and again having the same old issues. Details below.

Read the rest of this entry »

Replacing Chef’s self-signed certificates

Having gotten my home network and logging to a point where I wanted it, my next project was going to be Chef. Life intervened before I got too much involved with Chef, but now that things are approaching a sense of normalcy, I’m trying to pick up where I left off. My ultimate goal is to set up my CentOS server as a Chef server, and control my virtual machines via Chef automation. One minor speed bump along the way was the web interface for Chef, which uses self-signed certificates and so gave me the annoying warning when accessing it. I fixed that problem by replacing the certs with my own, below the fold.

Read the rest of this entry »

Setting up a PKI

Since setting up my home network, I’ve been playing around with pieces of it. Today, when I was logging into the web interface of my EdgeLite Router, I noticed that dreaded red X through the https in Chrome, because Chrome didn’t trust the default self-signed certificate that came with the router. Why not replace that default cert with one I’ve signed myself, and import my signing cert as a trust certificate, thought I? So that’s what I did today.

Read the rest of this entry »