Configuring Apache for SSL Client Certificate Authentication
Once you have a CA configured, you need to setup the Apache Web server to use it. The process of requesting the certificate from the browser and verifying that it’s properly signed is handled by Apache, which can then pass information about the verification to your application.
Client Certificate CA Setup and Signing
Previously, I wrote about the promise of using Client SSL Certificates for authentication. With this post, we start down the road of actually putting this in practice.
The first step is to set up a Certificate Authority (CA).
In Place File Editing With P̸e̸r̸l̸ Ruby
Ever had to change the URL in 50 files? What do you do?
1
|
|
(You should know by now I’d use Emacs.)
Or whip up a Bash script with sed
?
Since dinosaurs roamed the Earth, I’ve been using Perl’s In Place
Editing feature -i
.
1
|
|
Let’s break it down, shall we?
SSL Client Certificates Work!
Holy crap! You can use SSL client certificates to easily authenticate user logins!
What they hell am I talking about?
So, there’s this thing, SSL client certificates. They are pretty much exactly the same as SSL server certificates. They work like this:
- The web server has a key pair.
- The client generates a key pair.
- The client send the public key to the server.
- The server signs the public key with it’s private key and send a certificate back to the client.
- The client saves the certificate.
What’s that good for? Authentication! How’s it work?
Validating Rails Forms “Without” a Model
Sometime I want all of Rails’ form bells and whistles for something that isn’t a database backed model. For example, I use this as a handy way to get form validations when starting a session with an API.
This is possible because Rails allows you to use ActiveModel without a database.
diceware.rb Revisited
A while back I wrote about Diceware, a system for generating password using dice and a word list. I also include a Ruby script that use virtual dice.
The diceware passwords of reasonable length are strong, they have high entropy. However, most password security requirements aren’t based on entropy, but instead are made up, with people throwing in requirements for capital letters, numbers, and symbols because they sound good.
Well, we don’t get to set policy, so I’ve modified my script to generate passwords with numbers and symbols as separators.
UNIX User Management
This is one of the blog posts to set something in my mind that I’m
always looking up. Linux has lovely tools for adding and managing
users, but I can never remember them. I’m old skool and BSD-centric,
so I tend to just use vipw
, but it’s better to use the tools. So,
with no further ado:
Unix Timestamps Explained
Every wondered what the timestamps on files on UNIX sytems mean?
Unix keeps three or four timestamps per file (or directory (or other random thing in the file system).
Xargs
How to you take a list of files and do something with them in the UNIX shell? xargs is the key.
If you’ve run in to xargs, it’s probably in it’s most simple form:
1
|
|
Arguments for Your Shell Aliases
I’ve touched on shell aliases and functions a few times, today I wanted to get in to a little more detail on passing arguments to them.
BASH aliases don’t actually take arguments, but they will automatically append any argument to the underlying command line.
1 2 3 |
|