I’m finding one of the commands I run while debugging certificate generation and tweaks is: openssl x509 -in -text This displays the complete content of a cert, allowing looking inside to verify alt_names, etc, and verify that the generated certificate then works. — doug
Continue ReadingopenSSL
Vault and Self-signed Certs
In a distributed AWS cloud environment, SSL certs live on the ELB instances and are signed by known CA’s. Backend encryption using self-signed certs is seamless. As soon as Jenkins, consul+vault and the nebula utilities API are brought together onto the same box (Nebula-in-a-Box), and are moved to using consul service discovery, SSL naming and…
Continue Reading