Tuesday, August 7, 2012
Mounting S3 on an Ubuntu EC2 intance
Saturday, August 4, 2012
Everything a Web Developer needs for OSX
Setting Up New Computer.
Within the last month received a new MacBook Pro, and had to re-install another. So I decided to list the software I installed.- Browsers
- Chrome www.google.com/chrome/
- Firefox www.mozilla.org/firefox
- FireBug
- LastPass lastpass.com/
- Command line Tools
- Git git-scm.com/
- php 5.4 php-osx.liip.ch/
- nmap nmap.org/
- homebrew mxcl.github.com/homebrew/
- Xcode (3.22 for SnowLeopard | 4.4 for Lion)
- IDEs
- NetBeans netbeans.org/
- OSX Java
- PhpStorm www.jetbrains.com/phpstorm/
- Sublime Text www.sublimetext.com/
- GitX(L) gitx.laullon.com/
- SourceTree www.sourcetreeapp.com/
- DataBase
- Mysql www.mysql.com/
- Sequel Pro www.sequelpro.com/
- JumpCut jumpcut.sourceforge.net/
- Other Apps
- Minuteur www.phg-home.com/index_mac.html
- ScreenFlow www.telestream.net/screen-flow/
- Tweaks
- Terminal
- Change theme to home brew
- Add command key
- When the shell exists: Close if the shell exited cleanly
- Keyboard ShortCuts Prefs
- All controls for tab key
- Shell Tweaks
- edit ~/.profile
- function parse_git_branch_and_add_brackets {
Thursday, January 12, 2012
OpenSSL - Create your own Certificate of Authority and sign your SSL Certs
Creating your own CA for Signing Dev Certs
Here are some handy commands to create a CA and sign your own cert for development.
The commands are fully scriptable: all key passwords have been bypassed with the -nodes flag, and the interactive openssl prompts not necessary with in the the -subj flag.
tldr; Short version for the Impatient:
# Create Certificate of Authority
SUBJ="/C=US/ST=CA/L=San Diego/O=Lance Rushing/OU=Development/CN=Dev Certificate of Authority"
openssl req -subj "$SUBJ" -nodes -new -x509 -extensions v3_ca -keyout devCA.key -out devCA.crt -days 365
# Create Key and CSR
HOST="appname.local"
SUBJ="/C=US/ST=CA/L=San Diego/O=Lance Rushing/OU=Dev Web Sites/CN=$HOST"
openssl req -subj "$SUBJ" -newkey rsa:2048 -nodes -keyout $HOST.key -out $HOST.csr -days 365
# Create the Cert by signing the CSR with our CA
openssl x509 -req -CA devCA.crt -CAkey devCA.key -CAcreateserial -in $HOST.csr -out $HOST.crt
Add the appname.key and appname.crt to your apache/nginx/IIS config, and add the devCA.crt to your browser.
Long Version.
When developing webservices that will be using SSL in production, I like to use SSL in development.
The old way
The traditional way to do this is create a self-signed cert. Where you sign your Certificate Signing Request (CSR) with the same key that created it. (Thus "self-signed".)
HOST="appname.local"
SUBJ="/C=US/ST=CA/L=San Diego/O=Lance Rushing/OU=Dev/CN=$HOST"
openssl req -subj "$SUBJ" -x509 -newkey rsa:2048 -nodes -keyout $FILENAME.key -out $FILENAME.crt -days 3650 ## look mom! One line.
Then add it to the apache.conf
<VirtualHost 172.16.1.1:443>
ServerName appname.local:443
DocumentRoot "/Users/lance/Sites/AppName/src/webroot"
SSLEngine on
SSLCertificateFile "/Users/lance/Sites/AppName/certs/appname.local.crt"
SSLCertificateKeyFile "/Users/lance/Sites/AppName/certs/appname.local.key"
</VirtualHost>
This works great, but now with every new ssl cert I generate I have to add a trust exception in my browser.
A better way
To avoid multiple trust exceptions of you self-signed certs, is to first generate a "Certificate of Authority" (CA), add that CA to your browser, and then sign all of your certs with that CA.
# Create CA
SUBJ="/C=US/ST=CA/L=San Diego/O=Lance Rushing/OU=Development/CN=Dev Certificate of Authority"
openssl req -subj "$SUBJ" -new -x509 -nodes -extensions v3_ca -keyout devCA.key -out devCA.crt -days 3650
# Create Key and CSR (same as above)
HOST="appname.local"
SUBJ="/C=US/ST=CA/L=San Diego/O=Lance Rushing/OU=Dev Web Sites/CN=$HOST"
openssl req -subj "$SUBJ" -newkey rsa:2048 -nodes -keyout $HOST.key -out $HOST.csr -days 365
# Create the Cert by signing the CSR with our CA
openssl x509 -req -CA devCA.crt -CAkey devCA.key -CAcreateserial -in $HOST.csr -out $HOST.crt
# cleanup CSR
rm $HOST.csr
Thoughts
These commands are the shortest way I've found to create keys, CSRs, and signing. Other guides often use three steps (1 genrsa, 2 key export w/o pass, 3 req ) to generate the CSR, whereas it is possible to do it with 1 step.
Hint: By using the -subj flag we can bypass openssl's interactive prompts
Hint: I use Virtual IPs for each https web service I need:
OsX: $ ifconfig lo0 alias 172.16.1.1
Linux: $ ifconfig lo:0 172.16.1.1
windows: http://support.microsoft.com/kb/236869
http://gagravarr.org/writing/openssl-certs/ca.shtml
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/