Thursday, October 15, 2015

SSL Certs and SHA-1 Weak Encryption

English: An example of a standard key used for...
Not too long ago, some browsers took it upon themselves to deem certain sites "authoritatively weak" due to the use of SHA-1 ciphers in the certificate chain presented by the server.  While the reasoning behind this move is sound, it is still a headache for server admins who may not have had to renew their certs yet and still have old ciphers in use.  If you find yourself in this position, it is fairly easy to resolve.  If you're not sure if this applies to you, you can check your web site at shaaaaaaaaaaaaa.com.  The online tool will tell you if any of the certs in your certificate chain employ SHA-1 weak ciphers.

If you come up on the naughty list, there are two way to resolve the issue.  If it is close to your cert's expiration date, then renewing the cert will most likely fix the issue provided that your CA is using SHA-2 ciphers.  If they are not, then you will just get another cert issues with the same issue.  This is unlikely, as most CA's have been using SHA-2 ciphers for some time now.  If your expiration date is too far off to make renewing your cert feasible, simply request a reissue from your CA.

In either case, be sure to update appropriate revocation lists if necessary and most importantly, update your entire certificate chain for presentation to clients.

Friday, May 15, 2015

How can your disk be full when df shows otherwise? "Inode" the answer!

Sorry, I just couldn't resist.  That's probably the only time I'll ever get to use that joke.  I had a situation recently where I had a system that kept giving errors that the root volume was full, yet df -h showed plenty of available space.  After doing a bit of digging, I found that there were hordes of tiny files chewing up inodes far faster than the space on the drive.  Essentially, this would be like filling a file cabinet full of folders with only a post-it note inside each folder.  The majority of the volume of the cabinet would be taken up with folders rather than "data."

I could detail how to diagnose and fix this issue, but someone has already written an excellent blog post on how to do just that.

No space left on device – running out of Inodes

Thanks to Ivan Kuznetsov for taking the time to post his tutorial!

Thursday, April 16, 2015

Virtualization is cool... literally

I happened to notice that removing yet another rack of equipment  that our ambient temperature in the data room has dropped even more.  It doesn't seem like that long ago when we would struggle with keeping the temp under 85.  Going the VM route sure took care of that issue.

Monday, January 5, 2015

Remmina won't connect to Windows machines?

If you're like me, you still have to deal with Windows servers in your environment.  I typically RDP over to the ones in my environment with Remmina.  Every so often I run into an issue where a saved RDP connection will stop working and I have to blow it away and recreate it.  I finally had my fill and looked for a solution today.  Apparently the fix is to just change the security method from 'Negotiate' to 'TLS'.  Amazing what you can find when your annoyance level exceeds your laziness level.

Take a look at the original post where I found the fix over at Bauer-Power.net.