Well isn't learning how to run your own CA a lot of fun?
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
@neil *sends some sympathy your way*
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
@neil What is a CA?
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
How come you're bothering to do it? -
@neil What is a CA?
@GreenSkyOverMe @neil certificate authority
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
@neil good luck!
-
How come you're bothering to do it?
@matthewcroughan @neil
My question exactly. Why? -
@neil What is a CA?
@GreenSkyOverMe @neil Something you usually don't selfhost and if you do ... Avoid to mess with
XD
(Certificate authority, if I'm not mistaken)
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
-
@neil What is a CA?
@GreenSkyOverMe Certificate Authority
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
@neil I look forward to the blog post for this one! Sounds like a more challenging project than usual.
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
Sending my deepest sympathies to you at these trying times. But letting you know that things will get better.
-
How come you're bothering to do it?
There are some services that I run where I would like TLS, would prefer not to expose them to the Internet, am not keen on moving around Let's Encrypt cert, and would prefer them to be trusted certificates rather than self-signed certificates, to work better on mobile devices.
Also, a fun learning exercise.
-
@GreenSkyOverMe Certificate Authority
@neil thx
-
@GreenSkyOverMe @neil Something you usually don't selfhost and if you do ... Avoid to mess with
XD
(Certificate authority, if I'm not mistaken)
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
-
@ColinTheMathmo Certificate Authority
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
@neil The best part about debugging anything to do with certificates or encryption or security is that any useful debugging information is a security leak... so you don't get any. Either it works, or it doesn't work and it refuses to tell you why.
Sometimes it's mathematically impossible for it to tell you why. Once I lost more than a day working out why, when I hashed a string, I got a different hash value than was expected, when my hash function returned the same expected value on test data.
-
@neil The best part about debugging anything to do with certificates or encryption or security is that any useful debugging information is a security leak... so you don't get any. Either it works, or it doesn't work and it refuses to tell you why.
Sometimes it's mathematically impossible for it to tell you why. Once I lost more than a day working out why, when I hashed a string, I got a different hash value than was expected, when my hash function returned the same expected value on test data.
@neil The answer, it turns out, is that the string was being built from a GUID, and their platform serialised the GUID with lowercase hex and mine with uppercase hex, and your eye doesn't notice the case of the letters when looking at hex values, so I couldn't see that they were different.
-
@neil The answer, it turns out, is that the string was being built from a GUID, and their platform serialised the GUID with lowercase hex and mine with uppercase hex, and your eye doesn't notice the case of the letters when looking at hex values, so I couldn't see that they were different.
@neil So. Sympathy.
-
Well isn't learning how to run your own CA a lot of fun?
And by "fun", I mean "debugging".
And by "a lot", I mean "a looooooooooot".
I am making progress, today around SAN and Firefox, but this is a bit like plodding around in treacle.
(I'm not looking for advice, although sympathy is welcome :))
You can expect a riveting blogpost in due course.
And by "riveting", I mean "utterly tedious and unnecessary unless you, too, have the misfortune to want to run your own certificate authority".
