In spite of the popularity of Let’s Encrypt for generating free SSL/TLS certificates, I think their getting started page stinks. In case you feel the same way, I’ll try to give you a real quick start that will get you to your first certificate. Certificate Authority Let me point out that anyone with Linux (or Docker for that matter) can create a strong SSL/TLS certificate and encrypt their data. No third party is necessary. Where third parties like Comodo, GeoTrust, Verisign and now Let’s Encrypt come in is as Certificate Authorities. Publishers of......
Continue Reading
Often in development or when working on proofs of concept (PoC), I need working SSL to protect an endpoint. If I controlled the domain, I would use Lets Encrypt to generate a certificate. When I don’t control the domain, I often use self signed certificates. Below is how I create them and then use them to create a Secret in kubernetes. Choosing a domain (common name) When I don’t control the domain, that usually means I can’t setup a subdomain with appropriate name resolution for my project. In this case I use a......
Continue Reading
10gen offers a subscriber build of MongoDB which includes support for SSL communication between nodes in a replicaset and between client and mongod. If the cost of a service subscription is prohibitive, it is possible to build it with SSL enabled. After download, I followed the process below to get it running. For a permanent solution, more attention should be given to where these are installed and how upgrades are handled. $ tar xzvf mongodb-linux-x86_64-subscription-rhel62-2.2.3.tgz $ cp mongodb-linux-x86_64-subscription-rhel62-2.2.3/bin/* /usr/local/bin/$ tar xzvf mongodb-linux-x86_64-subscription-rhel62-2.2.3.tgz $ cp mongodb-linux-x86_64-subscription-rhel62-2.2.3/bin/* /usr/local/bin/ Next, it’s necessary to provide an SSL......
Continue Reading