self-signed cert with san

Submitted by isntall on Mon, 02/20/2017 - 18:56
openssl genrsa -out server.key 4096
openssl rsa -in server.key -out server.key.insecure
openssl req -new -key server.key -out server.csr -sha256
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

csr with san

openssl req -new -sha256 \
    -key server.key \
    -subj "/C=US/ST=Oregon/L=Portland/O=EXA/OU=MPL/CN=exa.mpl" \
    -reqexts SAN \
    -config <(cat /etc/ssl/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:exa.mpl,DNS:www.exa.mpl")) \
    -out server.csr



fish cli gnome-keyring-daemon

Submitted by isntall on Sun, 10/23/2016 - 11:39

Recently something has seemed to change in the way fish cli a gnome-keyring-daemon worked together, or didn't work. Here is a quick function, not pretty, that seems to get these to work again.

function gnome-keyring-daemon
  if test -n "$DESKTOP_SESSION"
    set -x SSH_AUTH_SOCK (gnome-keyring-daemon --start | awk -F= '{print  $2}')



swap what is it good for...

Submitted by isntall on Thu, 07/07/2016 - 14:01


dd if=/dev/zero of=/mnt/swap16G bs=1G count=16


fallocate -l 16G mnt/swap16G


mkswap /mnt/swap16G
chmod 600 /mnt/swap16G
swapon /mnt/swap16G

add to the /etc/fstab if you want to keep the settings

/mnt/swapfile16g   none    swap    sw    0   0

If using things like AWS instance-store-volume adding the file to the /etc/fstab is not appropriate.
You could create the swapfile on the fly or you could create one swapfile, compress it, and decompress on each boot.
In Ubuntu and other probably others using the /etc/rc.local file can be a decent choice (there are others).

gunzip -c /swapfile16g.gz > /mnt/swapfile16g
chmod 600 /mnt/swapfile16g
swapon /mnt/swapfile16G