Posts Tagged ‘Fosdem’

Hi All,

from Fosdem, I returned with a check list about things to see and study. Today was the day dedicated to CAcert.

About CA, I never spent much time because is easy to find a howto to create a self-signed certificate. My mind was to see CA like a way to made money without sell something, so I ignored it without too much problems.

The problem borns when I changed my default browser from iceweasel to chromium. The second one seems to enjoy to remember me that my cert is not so valid because the identity of my server is not validatable. This boring thing make me think to a way to solve it possibly, without spend money.

Fosdem give me the solution: CAcert.

As they explain, joinin with the community you can get for free a CA certificate. Obvously, you need to be the owner of domain and be the one who get the email stored in whois db, but this wouldn’t be a problem.

The procedure is very easy: first of all, you have to register youself at the community. I suggest to get the client certificate to avoid all login operations. To do that, use “Client Certification”, and follows these instructions:

wget -O cacert-root.crt ""
wget -O cacert-class3.crt ""
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "" -i cacert-root.crt
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n " Class 3" -i cacert-class3.crt
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "MyCert" -i mycert.crt

MyCert and mycert.crt are placeholder :). The file .crt is taked from CACert site.

Now we can start with server certication: first of all you have to create your certificate.

openssl req -newkey rsa:2048 -subj / -nodes -keyout mytest_key.pem -out mytest_csr.pem

After that, you’ve got two files: mytest_key.pem, mytest_csr.pem. The first is strictly private so store in a private folder for apache user (who runs apache daemon). Usually that folder is /etc/ssl/private.

With mytest_csr.pem, you have to sign that, so go to Server Certificates on CAcert site and fill the box with the content of the file (all bytes, do not forget header and footer).

Post the form and store tehe result on a file, called for example mytest_cert.pem. This is the signed certificate!!

Store it in the well known folder (on debian) /etc/ssl/certs.

Configuring apache is the last step. Before procede take a look on apache documentation for mod_ssl.

The follow is a dummy example:

<VirtualHost *:443>
SSLEngine on
SSLProtocol all
SSLCertificateFile /etc/ssl/certs/mytest_cert.pem
SSLCertificateKeyFile /etc/ssl/private/mytest_key.pem
SSLCertificateChainFile /etc/ssl/certs/cacert-class3.crt

The last file (cacert-class3.crt) is the file you get before, and is enough you copy it to in correct folder.

Check apache with

apache2ctl -t

and then restart.

Hi All,

I’m back from Brussels to participate to FOSDEM. I think the title of this post may be the shortest definition I can image and incredibly real at the same time.

Fully of people from all sites of the earth. Funny and very very well organized. Fosdem, two days of 250 talks about distributions (Debian, FreeBSD, BSD, KUbuntu, etc), shell scripting (gnu parallel, gnu autotools), languages (Java, Python, Mono, etc), browser and standards (Firefox 4, HTML 5), virtualization and more.

Unfortunally, I lost the key sign party :(, I’m very sad for it.

What truely impress me is about the organization: I see stands about main things in opensource (distributios, browsers, suites, FSFE, dbs) but I see no commercial sponsors. I love this. To find their list I had to read last pages of Fosdem guide, and they are not invasive.

To complete this short presentation, I want to tell about the people are in. I think we was around 3k. I was very impressed.

Take a look to the talks.

The best talk I heard was about “GNU Parallel”, a GNU command line utility to execute in parallel a command in classical shell style. It was very technical and focused. In second place, the presentation of REAR was very interesting: it analyze what means “recovery procedure” in relation with “backup/restore procedure”. I heard someone says that bash scripting is out of time and obsolete (because REAR is a bash scripting suite) but following the talk, I ever more convinced about the necessary of shell scripting. For my point of view, languages like python are very great and powerful, but low level operations needs shell scripting.

Another interesting talk was the one about GNU AutoTools, the well-know suite to compile programs platform indipendent.

And now, something completly difference: “Pasta alla Carbonara”. Take cooked pasta, take a carbonara, put it on the pasta… ready!

What I didn’t like was the track about virtualization: I hope to find something like “Best practice for this or for that”. Nothing but OpenStack unfortunatelly.

Oh, do I saw that I lost myself in Brussel?! No?!? Well happen this too :P.

And now the hardest question: will I back for next Fosdem? At the moment, my answer is positive but I hope to keep my wife with me next time, may be adding two or three days for a break.

See soon.