Linux

Verify x.509 TLS/SSL certificate against CA and CRL

I ran into this problem recently, certificates were verifying ok but were revoked somewhere along the line. I wanted to check against the CRL but it's a somewhat undocumented feature (fixed in openssl 1.0.2). The -crl_check option checks your cert against the CRL listed in the certificate, but only if that is listed and accessible remotely.

Wordpress category: 

Augeas with Puppet

Augeas is a great tool for changing only parts of a configuration file. It has a few problems though, it's slow and hard to learn and does lack some documentation. That said, unless you can use file_line or inifile, Augeas is the only game in town. The alternative is an exec with sed or awk or something terrible...

Wordpress category: 

Pages