Generate pkcs12 key- and truststores with Puppet

January 30, 2019

In my last post I have showed how to generate pkcs12 key- and truststores using openssl and keytool.

For this post we assume that we want to automate the store assembling with Puppet. Puppet is a configuration management tool that shares many ideas with Ansible. In the world of Puppet you define a manifest file that describes a state of how a file, service or any type of resource should look like. Puppet applies these manifests and makes sure that the targeted system reaches the defined state.


Create pkcs12 key- and truststore with keytool and openssl

January 22, 2019

In my last post I’ve showed you how to create a custom certificate authority and sign a server cert using openssl without user interaction.

For this post I assume that we want to set up a webservice that requires a pkcs12 keystore. Using openssl and the java keytool we are going to create a pkcs12 store and add our ca cert, server cert and server key. Further, we assume that the application also requires a truststore containing the ca cert only.


Create a certificate authority and sign server certificates without prompting using openssl

January 21, 2019

Most of the times people want to get a certificate for the hostname localhost, let’s encrypt wrote a nice post about this, but sometimes people want a certificate for any hostname. And further, signed by a custom CA and if possible should the key material be generated without user interaction. In this post I have covered the less likely case.


Open multiple projects in Intellij

January 11, 2019

Most IDEs provide workspaces that contain multiple projects and thus enable you to work on mutliple projects in one instance of the IDE. IntelliJ, which has becom the defacto standard for Java Devs, does not support workspaces. So, how is it possible to open mutliple projects in one IntelliJ instance?


The Future of Authentication

January 7, 2019

The world is changing and so does it in 2019. Time to make so predictions for the new year.

I firmly believe that we will see huge progress in the field of secure user authentication. As you might know the current state of authentication is fundamentally flawed. Users set weak passwords, 2-factor authentication is a usability mess and accounts are compromised on a daily basis. These problems are well known and big tech companies have tried to tackle them on their own.


O3M - Punk is Dead

January 4, 2019

Let’s start the new year with some punk and rock.


Puppet masterless project setup guide

December 8, 2018

This document is a proposal for a Puppet project setup. It covers the setup of masterless Puppet module and provides a layout for a proper project structure. It will give you an example for a nginx module that can be deployed locally and remote. Further the roles and profiles concept will be applied and coupled with the hiera configuration data.


Find certificate files that will expire soon and create a csr

November 29, 2018

The certificate expiration period should be kept as short as possible in a public key infrastructure. But the cost of resigning certificates must not be too high. This trade off causes a lot of problems. Every now and then a certificate expires without anybody noticing it or the same certificate is used for 10 years, which is obviously a security risk. In order to avoid this problem you either use Let’s Encrypt or another fully automated certificate management system. If this is not available you must know at least which certificates are going to expire soon.


State of JavaScript 2018

November 19, 2018

State of JavaScript 2018 has just been released. It is one of the biggest survey about JavaScript development. If you wanna know what is going on in the confusing world of JS, make sure to pay a visit. They did a great job at visualizing and showcasing the results.


Raspberry Pi thermometer that connects from anywhere via broadband

November 16, 2018

This tutorial is about how to build an online accessible thermometer using the Raspberry Pi 3 B-model.

We will start by buying the electronic components and finish with a chart showing the temperature data.

Walking through the tutorial requires basic knowledge in working with linux and advanced knowledge in building web applications. Whereas the web application part is optionally.

Using a mobile broadband connection and a thermo sensor our Raspberry Pi will measure the temparature and save it to a graphql server.

Using react and a graphql client library we will create a chart with the temperature data.