grahams + certificates   2

Managing SSH Access without Managing SSH Keys
"Everyone uses SSH to manage their production infrastructure, but it's really difficult to do a good job of managing SSH keys. Many organisations don't know how many SSH keys have access to production systems or how protected those keys are. A trusted SSH private key can be years old, unprotected by passphrase, and shared among multiple people who may not even work for you.

With some tooling and configuration SSH keys can be replaced with limited-use ephemeral certificates, issued centrally and with better access controls and automatic key expiration, solving many of the shortcomings of using SSH keys."
ssh  security  ops  sysadmin  certificates  pki 
november 2017 by grahams
Signing Jar Files (converting pvk to p12)
It takes a bit of work to generate a PKCS12 file that java's jarsigner can use, so I'm blogging this so I will remember what to do next year, and also to help out anyone else in this situation.
java  security  certificates  signing  conversion  tools  development 
november 2006 by grahams

Copy this bookmark: