Using HTTPS on Mikrotik routers via certificates generated by STEP CA
Using certbot as an ACME client for the step-CA I have at home to create and renew TLS certificates.
My Yubikey 3 Neo can do PIV which makes it similar to my マイナンバーカード when it comes to identify me and sign files.
Got a Smart Card reader, so the fun can begin! PDF Signing This is most common, so it’s best documented. For Windows you need: https://www.jpki.go.jp/download/howto_win/index.htmlYou definitely want to read the English instructions as you’ll possibly get unhelpful screens like this: Optional: Import the root certificate as it’s documented in the English description. PDF Signing softwareContinue reading “マイナンバーカード fun!”
For anyone outside Japan this is probably not of any interest. Please pass. Nothing to see here. For me it was interesting: this is a smart card which can also use NFC, which makes it very interesting: How does it work? What data is inside? Can I look at it? Can other people look atContinue reading “Got my マイナンバーカード!”
Comparing some tools to make it less dangerous to run code you did not write. Sandboxing seems to be the best way to go like Deno and wasmtime do. But what about Python, Node.js, etc.?
firejail seems to be have hit the sweet spot between “secure” and “convenient”.
My NAS is a Synology DS212 and it can do https. But to make it use my own CA’s certificate, a bit extra work is needed: Add my own root CA’s Certificate Use our own TLS Certificate Create certificate DSM → Control Panel → Security → Certificate → Add. Then Configure and use the newContinue reading “HTTPS on Synology’s DSM”
Part 1 was technically correct, but turns out that it’s too manual to be used by me: you have to do it only once a while (once a year, because certs might have a 1 year validity time) you don’t do it if it’s a lot of extra manual work So here is Part 2Continue reading “Creating TLS Certificates for Home Use – Part 2”
As someone who sets up secure settings for web server and similar up once in a while, this is nice: https://cipherl.ist Found at https://www.reddit.com/r/devops/comments/gu9r8e/been_a_bit_bummed_out_that_cipherlist_was_shut/
I used to create self-signed certificates, but they have the problem that I have to accept them the first time when using a browser, and when openssl library connects, I have to disable the certificate verification in curl, Node.js etc. The proper fix is to create your own CA which your computers trust. Then signingContinue reading “Creating TLS Certificates for Home Use”