Archives for 2019

Debuggex saved my sanity

When fiddling around with the regexps in my DNS Debug module I almost went mad before finding this tool: https://www.debuggex.com/.

I just want to give them the credit they are worth. They make understanding and following a RegEx understandable.

 

screenshot of debuggex in action

You enter your regexp’s and some sample data and they visualize what is happening.

Partially trusting somebody else’s Certificate Root (Cross sign)

So when I come to a customer it isn’t that unusual that they have a Certificate Authority that they use for internal systems. But I don’t want to install their CA as a trusted CA on my laptop. Who knows what they have been up to.

There are some kinks. Not all SSL implementations have support or care about nameConstraints that I am using. But luckily for me Windows does. So I have my own CA that I use to sign all my customers CA’s and limit them to domains I see fit.

So first of lets get openssl installed on your machine. Lets go to Shining Light Productions, now you might ask why not take it from the source OpenSSL. The reason is that OpenSSL does not distribute compiled versions, so you can get the source and compile or get it from Shining Light and be happy.

Now lets start with creating our own private CA and key. We will install this one on our machine as a Root CA. The key we need to keep if we want to sign other CA’s down the road. Also if anyone gets your key they can create fake certificates to trick you, so putting it on your homepage is a bad idea.

[Read more…]