Skip to content

Instantly share code, notes, and snippets.

@moklett
moklett / openconnect.md
Created July 24, 2012 15:21
OpenConnect VPN on Mac OS X

Unfortunately, the Cisco AnyConnect client for Mac conflicts with Pow. And by "conflicts", I mean it causes a grey-screen-of-death kernel panic anytime you connect to the VPN and Pow is installed.

As an alternative, there is OpenConnect, a command-line client for Cisco's AnyConnect SSL VPN.

Here's how to get it set up on Mac OS X:

  1. OpenConnect can be installed via homebrew:

     brew update
    

brew install openconnect

@rcknr
rcknr / README.md
Last active July 19, 2018 12:36
Using Let's Encrypt certificates with Amazon API Gateway

##Using Let's Encrypt certificates with AWS API Gateway

Before starting off with API Gateway set up it's worth mentioning that certificate configuration for this particular service is so far isn't well integrated, therefore different from other AWS services. Despite it using CloudFrount to serve on custom domains it won't let you customize distributions it creates, however all the limitations of CloudFront naturally apply to API Gateway. The most important in this case is the size of the key, which is limited by 2048 bit. Many tutorials provide ready to use terminal commands that have the key size preset at 4096 bit for the sake of better security. This won't work with API Gateway and you'll get an error message about certificate's validity or incorrect chain which won't suggest you the real cause of the issue. Another consideration is that to add a custom domain to API Gateway you have to have a certif

@mapmeld
mapmeld / OverEncrypt.md
Last active July 25, 2023 18:55
OverEncrypt - paranoid HTTPS

OverEncrypt

This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.

WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.

I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.

The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone

@marians
marians / Chromium Linux.md
Last active May 19, 2024 09:03
How to install CA certificates and PKCS12 key bundles on different platforms

We install certutil and pk12util if necessary:

sudo apt install libnss3-tools

On Linux, Chromium uses the NSS Shared DB. Check if you have the ~/.pki/nssdb directory:

ls $HOME/.pki/nssdb
@dborin
dborin / jira_letsencrypt.md
Last active February 3, 2024 10:09
HOWTO Configure Atlassian Jira to use Letsencrypt certificate

HOWTO Configure Atlassian Jira to use Letsencrypt certificate with default Tomcat

This is a primer for installing a Letsencrypt certificate on a Jira server that is running the Jira provided, default Tomcat for serving webpages.

I found lots of information about how to do it using a free-standing Tomcat or nginx, but nothing about this particular combination. I hope it helps you!

Obviously, in all the examples, you need to replace jira.example.com with your own domain! And (duh) you need to use your own password, not 1234

You need to have installed Java (outside the scope of this document). Then in your user's shell RC file and probably root's RC file, add