Category Archives: SSH/SSL/TLS

Transport Layer Security, and its now-deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network.
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.

AWS: disable TLS 1.0 and TLS 1.1 for Application LoadBalancer

27 September 2021
 

 If check any of a freshly created AWS Application LoadBalancer with a certificate from the AWS Certificate Manager, and with an HTTPS Listener’s default settings you’ll see the B grade: The main point of the SSL Labs is the support of the deprecated encryption versions – TLS 1.0 and 1.1. AWS LoadBalancer SecurityPolicy and TLS… Read More »

Let’s Encrypt: SSL and the “SERVFAIL looking up CAA for domain.com” error

29 July 2021
 

 One of mine website stopped working with the “Connection reset.” error. NGINX configs seem to be correct, and other sites on the same server are working. NGINX also gave nothing, no errors, PHP-FPM also are good. Let’s check the website with the curl: The cause Because the error above are reported from the SSL_connect call,… Read More »

Git: git clone – fatal: unable to fork and RSA key fingerprint

23 October 2020
 

 We have a Docker image with Git client installed. The task is to automatically clone a repository when running a container from this image. git clone – fatal: unable to fork When running the git clone command in a container from this Docker image it fails with the “unable to fork” error: The cause is… Read More »

Linux: gnome-keyring setup as Freedesktop SecretService

26 February 2020
 

 Currently, I’m using KeePass as passwords, RSA-keys, and as the Freedesktop SecretService, see the KeePass: an MFA TOTP codes, a browser’s passwords, SSH keys passwords storage configuration and Secret Service integration post. The first issue I faced with during such a setup is the fact that KeePass’ database is synced between my computers (it’s database… Read More »

KeePass: SSH keys passwords storage and decryption on Linux

13 December 2019
 

 As a follow-up to the SSH: RSA keys, and ssh-agent for SSH keys and their passwords management post. The idea now is to make simpler to work with password-protected SSH keys, to avoid the necessity to enter a password each time when you want to load a key to the ssh-agent. One of the possible… Read More »

KeePass: an MFA TOTP codes, a browser’s passwords, SSH keys passwords storage configuration and Secret Service integration

12 December 2019
 

 So, this seems to be the last one post in the whole series about passwords and SSH management in Linux. The previous parts were about: Linux: the Nextcloud client, qtkeychain and the “The name org.freedesktop.secrets was not provided by any .service files” error – I found that a keyring service is able to store SSH… Read More »

What is: Linux keyring, gnome-keyring, Secret Service, and D-Bus

7 December 2019
 

 It’s a really long-read post and I wast sure if it’s better to split it into three parts or put them together. On the one side, there are keyrings, from another – D-Bus, and finally, there is a Secret Service. Eventually, I decided to keep them here together as I googled all it in the… Read More »

SSH: RSA keys, and ssh-agent for SSH keys and their passwords management

1 December 2019
 

 During keyring configuration for the Nextcloud client (see the Linux: the Nextcloud client, qtkeychain and the “The name org.freedesktop.secrets was not provided by any .service files” error post) – I decided to clean up the mess in my SSH keys, as I have a lot of them and sometimes authentication became just pain. In general… Read More »

AWS: RDS Certificate Authority SSL certificate upgrade

22 November 2019
 

 We started receiving emails from AWS with notifications to update RDS Certificate Authority certificates. It’s time to do it, so let’s start from our Dev, then will repeat on Staging and Production environments. W eare using common AWS RDS MariaDB instances, and the upgrade documentation is available here>>>. The process itself is really simple and… Read More »

Okta: the Custom domain and TLS configuration

4 October 2019
 

 You can use your own domain configured for Okta. The one thing worth to mention here is the fact that Okta’s official plugin doesn’t work with a Custom domain feature so you’ll have to use Okta’s URL for the plugin authentification, see the  documentation for details. Custom domain configuration Go to the Settings > Customization:… Read More »