SSL/TLS: Certificate chain challenges

Update #1: I've updated the part "Get them into our webserver" by adding a link back to the first SSL/TLS Post where i describe how to correctly create the bundle files! In my last post i've described what you need to do with the new site and intermediate certificates…

SSL/TLS: FREAK vulnerability and a Nagios check for that!

TL;DR Today a new SSL/TLS vulnerability has been made public which uses the old EXPORT ciphers to drive MITM (Man-in-the-middle) Attacks. Detailed information? You can find much more detailed information about that vulnerability at Matthew D. Green's Blog and at Akamai. The check for all of you! I've…

SSL/TLS: How do i get HTTPS for my site with a valid certificate?

For me using SSL/TLS for websites or connections between servers and clients in general - think of PostgreSQL connections or OpenLDAP - is no rocket science and my daily business. But in the last months i read a lot of tweets and articles about that topic and talked to…

ActiveRecord database anonymization using views

When encountering problems in a production environment it is sometimes hard to recreate the issue locally or in a test system. Some issues are actually depending on very specific runtime conditions while others arise from the combination of entries in the database. Generating the right test data is not always…

VHost specific requests for load balanced services in Go

A couple of weeks ago I wrote about how to do VHost specific requests for load balanced services using Ethon. Our code base is written in Ruby so it was only natural to look for a solution that fits right in. To summarize the intention behind something like that: I…

VHost specific requests for load balanced services using Ethon

With the POODLE SSLv3 vulnerability which was found a couple of weeks ago basically everyone turned off SSLv3. So did we. Unfortunately this caused a few other problems for us. We are running multiple Ruby on Rails applications on multiple servers which all listen on the same port but different…

User Story: Migrating Debian Squeeze from a Dell PowerEdge R310 to R320

...or how to get new hardware working on the old system by only using a linux live-cd, chroot and a new kernel. Introduction Some weeks ago, i had to change a complete Debian Squeeze System which ran on a Dell PowerEdge R310 to a newer R320 System with a new…

Hetzner Root-Server with Debian/KVM IPv4 and IPv6 Networking

Introduction Since the IPv4 address space is almost completely used up, the future protocol is IPv6 which has been around for lots of years already and it is highly recommended to at least enable it for your machines and use it in dual-stack mode - so your service or website…

Introduction on how to use shunit2 with Travis-CI

Introduction TDD or Test-Driven Development is the latest and greatest in recent software development history. And that's good for a reason. But what has been missing for a long time are unit tests for our good old bash scripts. It's time for us to jump onto the bandwagon of tested…

Guide for upgrading VMware ESXi (5.1 to 5.5U2)

Introduction While i continiously have to deal with ESXi hypervisors in my Sysadmin job, i also have to take care of that they're up to date. And because it's a recurring task, updating an ESXi is quite easy as long as you pay attention to certain things. This guide is…