Jump to content

We measure success with smiles

Making Your Event a Success!

IMG_1289.jpeg

rev.dennis
rev.dennis
Circle of Life

IMG_1290.jpeg

rev.dennis
rev.dennis
Circle of Life

IMG_1288.jpeg

rev.dennis
rev.dennis
Circle of Life

IMG_1286.jpeg

rev.dennis
rev.dennis
Circle of Life

IMG_1287.jpeg

rev.dennis
rev.dennis
Circle of Life

Non-Denominational: a religious group that does not belong to any deonmination.

  • Create Container on Nutanix using Karbon

    Here is how to create a Kubernetes cluster on Nutanix using Karbon            

    Cowboy Denny
    Cowboy Denny
    Blog

    DevOps Beginners (What to Learn?)

    I am on this path myself but I asked if I could have a map of the path I should follow to get caught up with where the DevOps world is today and I was told... Learn a programming language. Python is a great one to learn and one of the easiest and most powerful Get comfortable with linux.  Most everything DevOps is built on an instance of linux because seriously, windows is old news.  Trying to use linux as your default workspace will help you a lot to get involved with the unix ec

    Cowboy Denny
    Cowboy Denny
    Blog

    Container Orchestration

    For high availability you need to utilize a "Container Orchestration" like Docker Swarm (easy to setup and get started, limited: lacks autoscaling feature for complex applications) kubernetes (difficult to setup and get started, many advanced features, supported by multiple vendors, more so than the other two. Also supported on all cloud providers, also the kubernetes project is the top ranked project on Microsofts GitHub) MESOS (difficult to setup and get started, many adv

    Cowboy Denny
    Cowboy Denny
    Blog

    Kubernetes Ingress Controllers

    A Kubernetes Ingress is a set of rules that exposes cluster services externally. For an Ingress to handle traffic and function, Kubernetes uses an Ingress controller resource that implements Ingress rules within the cluster. Unlike other controllers, Kubernetes does not start an Ingress controller automatically. Rather, it lets administrators choose one or multiple Ingress controllers within a cluster. While Kubernetes maintains the NGINX (Kubernetes managed), AWS Load Balancer Controller,

    Cowboy Denny
    Cowboy Denny
    Blog

    Install Docker CE on Debian/Ubuntu

    Docker is the most popular and widely used container runtime. It enables you to package and run your applications in isolated containers in a single server or cluster of Linux servers orchestrated by Kubernetes and similar tools. Docker Components / Terminologies Below are commonly used terminologies in Docker ecosystem. Docker daemon: This is also called Docker Engine, it is a background process which runs on the host system responsible for building and running of containers.

    Cowboy Denny
    Cowboy Denny
    Blog
  • VI convert everything to lowercase

    Every linux comes with an editor called vi Its not exactly the easiest to use but if you take some time and learn it you know its on every linux.  Most people will install nano since its easier to use but what if you can not install nano?  Maybe its a locked down environment, or lack of internet access. I had a file that had all the FQDNs in uppercase because they were copied from a source (probably windows) that loves to use UPPERCASE as a default.  Linux loves lowercase and so do I. 

    Master
    Master
    Linux

    Build a Debian Nutanix VM

    Here are the steps to building a Debian Virtual Machine on Nutanix     Now we PowerUp the VM and begin configuring the operating system                                     NEVER EVER EVER choose Guided - use entire disk (you will never ever be able to add mo

    Cowboy Denny
    Cowboy Denny
    Linux

    debian The system will suspend now!

    It appears the system goes into a sleep state.  So let's disable it since its very annoying to get interrupted by this message. vi /etc/systemd/sleep.conf.d [Sleep] AllowSuspend=no AllowHibernation=no AllowSuspendThenHibernate=no AllowHybridSleep=no  

    Cowboy Denny
    Cowboy Denny
    Linux

    Upgrade Debian 7 (Wheezy)

    I have some old laptops running Debian Wheezy successfully but this is many many many revisions ago.  So can you upgrade to the latest directly? no.. with debian, ubuntu, etc you need to upgrade to each release one at a time until you get to the latest. Let's update your sources file vi /etc/apt/sources.list Replace everything with this just so you can get your wheezy updated deb http://archive.debian.org/debian/ wheezy main deb-src http://archive.debian.org/debian/ wheezy main de

    Cowboy Denny
    Cowboy Denny
    Linux

    Kubernetes

    Production-identical environments for development: Developers use open source tools like Kubernetes to provision individual development environments. Coding against virtual, disposable replicas of production helps you get more work done.  

    guru
    guru
    4.Build 2

    How to Reduce PDF File Size on Mac

    Creating and editing PDFs is easy. However, the same isn’t true about storing or sharing them online. Thankfully, you can save yourself some trouble by reducing the file size of your PDFs. OPTION1: Reduce the PDF File Size on a Mac Using Preview Using the Preview is the easiest way to reduce the PDF size on a Mac. Preview comes pre-installed with macOS and has a built-in filter to help you resize file(s).  Let's walk through how to do this yourself. Open Finder and find the PDF

    Cowboy Denny
    Cowboy Denny
    Apple
  • Cowboy Denny
    Cowboy Denny

    SSL mutual authentication

       (0 reviews)

    ssl_mutual_auth.pngA browser connecting to the secure server will use the SSL protocol to connect and verify the server’s certificate. However, customers can also use Mutual Authentication to have both the client and server use signed certificates to authenticate each other. With Mutual Authentication, both client and server will provide signed certificates for verification.

    How Mutual Authentication Works

    Client sends ClientHello message proposing SSL options.

    1. Server responds with ServerHello message selecting the SSL options.
    2. Server sends Certificate message, which contains the server's certificate.
    3. Server requests client's certificate in CertificateRequest message, so that the connection can be mutually authenticated.
    4. Server concludes its part of the negotiation with ServerHelloDone message.
    5. Client responds with Certificate message, which contains the client's certificate.
    6. Client sends session key information (encrypted with server's public key) in ClientKeyExchangemessage.
    7. Client sends a CertificateVerify message to let the server know it owns the sent certificate.
    8. Client sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
    9. Client sends Finished message to let the server check the newly activated options.
    10. Server sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
    11. Server sends Finished message to let the client check the newly activated options.

    How the Client and Server Accomplish Each of the Checks for Client Authentication

    Digital Signature:  The client sends a "Certificate Verify" message that contains a digitally signed copy of the previous handshake message.  This message is signed using the client certificate's private key.  The server can validate the message digest of the digital signature by using the client's public key (which is found in the client certificate).  Once the digital signature is validated, the server knows that the public key belonging to the client matches the private key used to create the signature.

    Certificate Chain:  The server maintains a list of trusted Client Authorities (CAs), and this list determines which certificates the server will accept.  The server will use the public key from the CA certificate (which it has in its list of trusted CAs) to validate the CA's digital signature on the certificate being presented.  If the message digest has changed or if the public key does not correspond to the CA's private key used to sign the certificate, the verification fails and the handshake terminates.

    Expiration Date and Validity Period:  The server compares the current date to the validity period listed in the certificate.  If the expiration date has not passed and the current date is within the period, then this check succeeds.  If it is not, then the verification fails and the handshake terminates.

    Certificate Revocation Status:  The server compares the client certificate to the list of revoked certificates on the system.  If the client certificate is on the list, the verification fails and the handshake terminates.

    Additional Information

    Verify the Client Certificate with auth-root

    Run the following command to verify the client certificate:

    openssl verify -purpose sslclient -CAfile auth-root.crt testcert.crt

    Test Connection with Client Cert

    Run the following command to test the connection with the client:

    openssl s_client -servername example.com -connect example.com:443 -key client-cert.key -cert client-cert.crt

     

    Below is an example of two-way SSL authentication on the BIG-IP system and how to configure mutual or two-way (mutual) authentication using a Client SSL profile to protect application traffic.

    ssl-one-way-auth.pngOne-way authentication

    Using one-way authentication, clients perform SSL handshakes when initiating a new connection with SSL protected applications.

    During the SSL handshake, the protected application sends its public SSL certificate to the remote client for validation (referencing the photo on the right the remote client is shown as Server).

    The remote client (Server) validates the application's public SSL certificate by searching for the signing Certificate Authority (CA) certificate in its trusted CA store.

    If the remote client (Sever) is unable to validate or find the signing CA for the public SSL certificate, it should not complete the SSL handshake and abandon the new connection attempt.

     

    ssl-two-way-auth.pngTwo-way authentication

    Two-way authentication is a less popular method for protecting application traffic as it requires an additional layer of security. When using two-way authentication, clients perform a slightly modified SSL handshake when initiating a new connection with SSL-protected applications. During the modified SSL handshake, the protected application sends its public SSL certificate to the remote client for validation and requests that the remote client sends its Client SSL certificate for validation as well. Both the remote client and protected application validate the SSL certificates they receive by searching for the signing CA certificates in their respective trusted CA stores. If the remote client or the protected application is unable to validate the received SSL certificate, they should not complete the SSL handshake and abandon the new connection attempt.

     

    REFERENCE:

    User Feedback

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest

Announcements



×
×
  • Create New...

Important Information

Privacy Policy