craig

Alert Policies for Log Metrics on Google Stackdriver Monitoring

Google Cloud Operations, formerly known as Stackdriver Logging and Monitoring, can be very confusing to set up. It’s easy to monitor something simple, but more complex cases quickly get confusing. One of the more flexible but confusing types of alert policies in Stackdriver Monitoring is a Logs-Based Metrics policy, which gives you the ability to …

Alert Policies for Log Metrics on Google Stackdriver Monitoring Read More »

How to use SSL/TLS certificates on a Netgear M4200/4300 switch

If you operate a Netgear switch in an environment that is subject to compliance requirements such as PCI or HIPAA, you are probably doing vulnerability scans, and the HTTP management interface of your switches will generate medium vulnerabilities (at least from Nessus): SSL Self-Signed Certificate SSL Certificate Cannot Be Trusted SSL Certificate Expiry It IS …

How to use SSL/TLS certificates on a Netgear M4200/4300 switch Read More »

curl or libcurl: SSL certificate problem: unable to get local issuer certificate

curl, or an application that uses libcurl, may have a problem with an SSL certificate that works fine when using a web browser to access the same URL. Typical error output from curl looks like this: $ curl -v https://my-subdomain.mysecuresite.com Trying xxx.xxx.xxx.xxx:443… TCP_NODELAY set Connected to my-subdomain.mysecuresite.com (xxx.xxx.xxx.xxx) port 443 (#0) ALPN, offering h2 ALPN, …

curl or libcurl: SSL certificate problem: unable to get local issuer certificate Read More »

openssl unable to read/load/import SSL private key from GoDaddy

openssl is the standard open-source, command-line tool for manipulating SSL/TLS certificates on Linux, MacOS, and other UNIX-like systems. I recently ran into an interesting problem using openssl to convert a private key obtained from GoDaddy. Someone else used GoDaddy’s “wizard” interface to generate a certificate signing request (CSR) and private key, and saved the files …

openssl unable to read/load/import SSL private key from GoDaddy Read More »

Nginx default user changed in RedHat/CentOS package nginx-1.16.1-1.el7

The latest Nginx rpm (nginx-1.16.1-1.el7) from EPEL for CentOS/Redhat is a fairly major update, from version 1.12 to 1.16, and includes some very important fixes to address multiple CVEs. There is another small but critical change in the latest RPM that isn’t mentioned in the bug report. RedHat had configured nginx to run as user “apache” …

Nginx default user changed in RedHat/CentOS package nginx-1.16.1-1.el7 Read More »