https://brainbit.uk/tags/ssl/Recent content in SSL on BrainBit Latest ArticlesHugo -- gohugo.ioen-usTue, 02 Nov 2021 00:00:00 +0000https://brainbit.uk/posts/pwru/Tue, 02 Nov 2021 00:00:00 +0000https://brainbit.uk/posts/pwru/PWRU (Packet Where Are you) Taken from the their github repo https://github.com/cilium/pwru : “pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities. It allows fine-grained introspection of kernel state to facilitate debugging network connectivity issues.” So it is a tool that attach a bunch of kprobes to specific kernel functions or interfaces I’m not so sure and it shows places in the kernel data path that a given packet traverseshttps://brainbit.uk/posts/cilium-tls-inspection/Sat, 11 Sep 2021 00:00:00 +0100https://brainbit.uk/posts/cilium-tls-inspection/TLS in simple terms When your browser verifies a TLS certificate , it checks for expiration , domains , sans etc… but the most important thing it does is it verifies that the certificate has been signed by a CA (Certificate Authority ) it (the browser) trusts. These CAs are a bunch of arbitrary organisations that are allowed to sign certificate requests etc. A self-signed certificate , in general terms , is as valid as a certificate singed by a CA , the main difference is that is not signed by a CA that is trusted by the browser.https://brainbit.uk/posts/vault-as-ca-with-pki-backend/Sun, 29 Oct 2017 14:47:58 +0000https://brainbit.uk/posts/vault-as-ca-with-pki-backend/I’m gonna show how to run your own CA within pki framework , and be able to generate private keys and sign certificates. We will do this with vault , just because it’s the fastest way to get it done. Download and run Vault: Make sure you get it from https://www.vaultproject.io/downloads.html or you build it by hand whatever you prefer. We will run this in development mode for this tutorial but make sure you do something better if you’re running this in production.