Do you know how many Amazon issued certificates (ACM) or user uploaded certificates (IAM) in your AWS accounts? How many certificates have been deployed to production in your Akamai contracts? Not sure about you, but I don't know the answer. So I wrote a tool called CertStuff to get all those information (common name, SAN, … Continue reading CertStuff
I guess you have heard the name of Meltdown and Spectre already. If not, check out this site https://meltdownattack.com/. Definitely, it is not a good start of a New Year. All Cloud providers are busy with patching the kernel of their underlying systems. AWS Elastic cache (Redis) is one of them. Due to its single threaded nature, … Continue reading Redis CPU Usage Ramps Up after Kernel Patching
Domain Validation (DV): This is a lower level of validation. The CA validates that you have control of the domain. A DV certificate expires in 90 days. Organization Validation (OV): A higher level of validation. The CA validates whether or not the company is valid, if it is registered, and if the business contact legitimately … Continue reading Three types of CA Validation Certificate
A nice diagram that I found on Okta illustrates the workflow of both SP-initiated and IDP-initialed SSO. Reference: https://developer.okta.com/standards/SAML/index http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
If you see similar errors as below when using openssl to test a https site, it is most likely caused by the SNI that is configured in the reverse proxy or server, like Nginx. openssl s_client -connect bla.bla.com:443 CONNECTED(00000003) 51089:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:618: To make it work, you need to specify the hostname in the command, … Continue reading Openssl error: SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Jackie Chen's IT Workshop 