pyOpenSSL and invalid certificates

I was trying to import some X509v3 certificates that were created with pyOpenSSL to a MikroTik router (RouterOS 6.1) but they were always being imported with an invalid validity period (not before 1970 and not after 1970). Eventually I found out that this is because pyOpenSSL stores the validity field in an invalid format. Here’s …

Continue reading ‘pyOpenSSL and invalid certificates’ »

X509v3 Authority Key Identifier pains (authorityKeyIdentifier)

“X509v3 Authority Key Identifier” or “authorityKeyIdentifier” is an X509v3 extension that’s added to X509 certificates and identifies the CA that signed the Certificate. I suppose that this speeds up the certificate validation process by eliminating multiple checks. Short version Edit openssl.cnf and make sure that authorityKeyIdentifier does not include “issuer” Long version There’s an issue …

Continue reading ‘X509v3 Authority Key Identifier pains (authorityKeyIdentifier)’ »

IPsec, Racoon, setkey, Linux, Mikrotik, tunnel, transport and everything

It took me more than 6 months in order to sort all issues, so here are the experiences. Most of the trouble was because I didn’t knew or I didn’t had things clear in my mind. I wanted to have IPsec communication between a bunch of servers and a home network. I believe that this …

Continue reading ‘IPsec, Racoon, setkey, Linux, Mikrotik, tunnel, transport and everything’ »

pyzor problem after debian squeeze upgrade

After upgrading some servers to Debian squeeze, the following log was filling the logs: The problem was caused by wrong pyzor servers. Unfortunately, pyzor keeps a servers list in each home directory in file ~/.pyzor/servers. This is what this file used to have: This file is created automatically (with a proper value) so it is …

Continue reading ‘pyzor problem after debian squeeze upgrade’ »

And this month’s medal of stup^H^H^H^Hcleverness goes to…

Internet Explorer for this. Really, if MS was not MS but a company that was payed to write applications, making this information public should be enough reason not to hire them. Let me rephrase the explanation: “If you give me a letter and say that this letter is only handed once, I will drop it …

Continue reading ‘And this month’s medal of stup^H^H^H^Hcleverness goes to…’ »

VMWare Server 2 RC2 fails to boot VMs

For a couple of days now, VMWare Server 2 RC2 was refusing to start virtual machines. It kept waiting at 95%. It turns out that VMWare cannot boot virtual machines (or upgrade them) when kernel modules kvm_intel, kvm etc are loaded. Here is the error message from hostd.log: Question info: The virtualization capability of your …

Continue reading ‘VMWare Server 2 RC2 fails to boot VMs’ »

Trouble uploading files to wordpress

I had problems uploading files to wordpress hosted at the local machine. Conditions are: Firefox 3.0 Flash 9.0 Local squid proxy 2.7.STABLE3 Firefox setup for using local proxy except from accessing local machine. This makes no difference at all. Environment variable http_proxy set to http://127.0.0.1:8080/ The result of trying to upload images to wordpress was …

Continue reading ‘Trouble uploading files to wordpress’ »