1. Make your own Client-side Certificates with a Pseudo CA

    I've used this authentication method on a couple of different client projects so far, so I thought it might be useful to write up a quick explanation of how it works.

    Client-side Certificates

    The webserver can be configured to ask for a client-side certificate, for example in apache:

    SSLCACertificateFile ...
    read more
  2. More Trickiness With SSH

    I saw an article on reddit about SSH trickery. SSH is a very subversive protocol, able to work around many kinds of unwise security policies. Here’s a couple more useful things to know.

    1. Better Lurking Through .ssh/config-ery.

    Where you’ve got machines lurking behind other machines, inaccesible ...

    read more
  3. wget –certificate=$X –private-key=$X

    wget 1.10.2 seems to silently fail to use an SSL client certificate unless you specify both –certificate and –private-key:

    wget --certificate=$PEMFILE --private-key=$PEMFILE

    Even though both things are in the same .PEM file. It does read and check the PEM file if you specify only the former ...

    read more