There are different ways to get this wrong. The Problem We need to change a TLS certificate that is used by ADFS to a new one. The Solution First of all, import your new TLS certificate and private key. Open command prompt (CMD) as administrator and execute the following command (where lisenet.com.pfx is the file ..read more

The time has come to update our good old 2011UAS-2HnD-IN with L009UiGS-2HaxD. SSH Hardening MikroTik L009UiGS-2HaxD comes with RouterOS v7. As of RouterOS v7.7, you can enable support for Ed25519 key exchange as well as disable SHA1 usage with strong crypto. Enabling strong crypto (which is disabled by default) does the following: Prefers 256 and ..read more

Renewing an expired Puppet master certificate. The Problem It has been 5 years since the Puppet server v5 deployment, and the Puppet master certificate has therefore expired. # puppet cert list --all - "puppet.example.com" (SHA256) 11:36:8F:20:BB:3D:1C:5B:D9:1D:55:68:D9:CC:0D:D4:3A:E6:C4:0E:8B:02:32:E6:72:D4:F6:D1:07:10:47:E1 (certificate has expired) - "ip-10-10-10-18.eu-west-1.compute.internal" (SHA256) 11:39:B9:1E:7B:A3:EC:28:3A:E8:C0:77:58:96:3F:12:C6:39:04:54:DC:CF:56:54:25:63:B2:DA:19:50:D1:90 (certificate has expired) + "ip-10-10-11-70.eu-west-2.compute.internal" (SHA256) 11:F6:EC:D7:6A ..read more

Renewing an expired Puppet CA certificate using Certregen module. The Problem I’ve been involved in a project of migrating ageing infrastructure (e.g. CentOS 7) and legacy applications (e.g. MySQL 5.7) to modern software. One of the first problems was an old installation of Puppet Server v5 where its CA certificate has already expired. $ rpm ..read more

We are going to use a dd command to create a swap file on a Linux system and then add it to fstab. I’ve been using Ansible automation for so long that I forgot how to do trivial things by hand. Create a Swap File with dd Create a 1GB swap file, make the swap ..read more

It has been a decade of blogging! The time of self-reflection is inevitably upon us. And we shall. But first, happy New Year everyone ..read more

We are going to integrate Azure AD as a federated identity provider (IdP) in AWS Cognito user pool that provides a single sign-on (SSO) option for our Grafana users. The Problem We have multiple instances of Grafana deployed for different projects. We want to grant various business users permissions to access Grafana, but we don’t ..read more

Gaining SSH access to TP-Link RE200 device by exploiting the fact that TP-Link encryption keys are store on its firmware. This story started with me getting a TP-Link repeater for my loft so that I could provide wireless coverage to my smart boiler. I wish the boiler came with an RJ45 connector port, but it ..read more

We are going to harden our Kubernetes cluster to use TLS 1.3 only. Before We Begin We are using our Kubernetes homelab in this article. Kubernetes v1.19 added support for TLS 1.3 ciphers. Etcd v3.5.8 added support for TLS 1.3. Do note that Kubernetes 1.27 uses Etcd v3.5.7, therefore you need to be on Kubernetes ..read more

The day has finally come. Mountpoint for Amazon S3 is now generally available. Probably the most anticipated headline since ChatGPT. Mountpoint for AWS S3 Mountpoint for AWS S3 is a high-throughput open source file client for mounting an Amazon S3 bucket as a local file system on Linux. Mountpoint automatically translates read and write operations ..read more