Daniel S. Reichenbach<p>If you are into <a href="https://mastodon.world/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a> infrastructure, I have a new <a href="https://mastodon.world/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kubernetes</span></a> <a href="https://mastodon.world/tags/cert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cert</span></a>-manager webhook for you:</p><p>The Canonical <a href="https://mastodon.world/tags/MAAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MAAS</span></a> webhook allows you to use your internal MAAS API along with an e.g. a <a href="https://mastodon.world/tags/smallstep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smallstep</span></a> CA with the ACME provisioner enabled.</p><p><a href="https://github.com/kogito-ops/cert-manager-webhook-maas" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kogito-ops/cert-man</span><span class="invisible">ager-webhook-maas</span></a></p><p>If you wanted this too, give it a try, leave some feedback. 👋</p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.7Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#smallstep
1 post · 1 participant · 0 posts today
Risotto Bias<p>wonder if the <a href="https://toot.risottobias.org/tags/SmallStep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallStep</span></a> folks have made a "make your own tiny CA" that you can install client side such that you only trust the CA to issue certs for a particular domain. (Name Constraints extension support for e.g. Firefox)</p><p>e.g., only trusting a CA for certs of *.example.com or something.</p><p><a href="https://toot.risottobias.org/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://toot.risottobias.org/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://toot.risottobias.org/tags/PKI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PKI</span></a> <a href="https://toot.risottobias.org/tags/certificatetransparency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificatetransparency</span></a> <a href="https://toot.risottobias.org/tags/firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firefox</span></a></p>
kgoetz<p>Planning to make <a href="https://aus.social/tags/CertificateAuthority" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CertificateAuthority</span></a> for our business. Opinions on <a href="https://aus.social/tags/smallstep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smallstep</span></a> <a href="https://aus.social/tags/certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificates</span></a> Vs <a href="https://aus.social/tags/EasyRSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EasyRSA</span></a> ?</p>
Andreas Bulling<p>Vielleicht interessant für manche <a href="https://mastodon.social/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homeserver</span></a> Besitzer:innen, die ihre Systeme nur in ihrem - vom Internet "isolierten" -Heimnetz nutzen, aber trotzdem nicht auf SSL verzichten möchten:</p><p>Mit <a href="https://mastodon.social/tags/smallstep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smallstep</span></a> lässt sich innerhalb von Minuten eine eigene CA aufsetzen.</p><p><a href="https://github.com/smallstep/certificates" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/smallstep/certifica</span><span class="invisible">tes</span></a></p>
Roland<p>100$? no way. The Yubikey is 60€, the TRNG is 30€ + shipping alone, not to mention the RPI</p><p> <a href="https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">smallstep.com/blog/build-a-tin</span><span class="invisible">y-ca-with-raspberry-pi-yubikey/</span></a></p><p><a href="https://vm.io/tags/smallstep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smallstep</span></a> <a href="https://vm.io/tags/CA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CA</span></a> <a href="https://vm.io/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a></p>
Mauricio Teixeira 🇺🇸🇧🇷<p>And, after some hard work, and a few struggles with <a href="https://hachyderm.io/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a>, <a href="https://hachyderm.io/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> and <a href="https://hachyderm.io/tags/Firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firewall</span></a> rules, I finally have been able to install <a href="https://hachyderm.io/tags/StepCA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StepCA</span></a> from <a href="https://hachyderm.io/tags/SmallStep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallStep</span></a> on my <a href="https://hachyderm.io/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a>, so now I have a nice private <a href="https://hachyderm.io/tags/CertificateAuthority" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CertificateAuthority</span></a> with which I can use <a href="https://hachyderm.io/tags/Certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certbot</span></a> to manage my service certificates in a <a href="https://hachyderm.io/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> style. Took a lot of notes. Blog post will come eventually! (too tired right now)<br><a href="https://smallstep.com/docs/step-ca/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">smallstep.com/docs/step-ca/</span><span class="invisible"></span></a></p>
shulhan<p><a href="https://kilabit.info/journal/2023/research_ssh_with_2fa/" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">kilabit.info/journal/2023/rese</span><span class="invisible">arch_ssh_with_2fa/</span></a></p><p>In this journal, we review several options to manage <a href="https://fosstodon.org/tags/SSH" class="mention hashtag" rel="tag">#<span>SSH</span></a> authorization beyond using public keys, possibly also enabling 2FA, using Time-Based One-Time Password (TOTP). Some of the alternatives that we will review are Google Cloud OS Login, <a href="https://fosstodon.org/tags/Smallstep" class="mention hashtag" rel="tag">#<span>Smallstep</span></a>, <a href="https://fosstodon.org/tags/Teleport" class="mention hashtag" rel="tag">#<span>Teleport</span></a>, and google-authenticator-libpam.</p><p><a href="https://fosstodon.org/tags/sysadmin" class="mention hashtag" rel="tag">#<span>sysadmin</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="tag">#<span>security</span></a></p>
PhoenixSerenity<p>On <a href="https://mastodon.sdf.org/tags/repatriation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>repatriation</span></a> - <a href="https://mastodon.sdf.org/tags/Rohingyas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rohingyas</span></a> have <a href="https://mastodon.sdf.org/tags/MixedOpinions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MixedOpinions</span></a> from <a href="https://mastodon.sdf.org/tags/distrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>distrust</span></a> of <a href="https://mastodon.sdf.org/tags/Junta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Junta</span></a> & <a href="https://mastodon.sdf.org/tags/fear" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fear</span></a> of <a href="https://mastodon.sdf.org/tags/persecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>persecution</span></a> still in their mind. The <a href="https://mastodon.sdf.org/tags/PilotProject" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PilotProject</span></a> is that <a href="https://mastodon.sdf.org/tags/SmallStep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallStep</span></a> that needs to be taken. <br>On the other hand, <a href="https://mastodon.sdf.org/tags/deadline" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deadline</span></a> for <a href="https://mastodon.sdf.org/tags/Myanmar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Myanmar</span></a> <a href="https://mastodon.sdf.org/tags/counterargument" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>counterargument</span></a> in the Rohingya <a href="https://mastodon.sdf.org/tags/genocide" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>genocide</span></a> case at the <a href="https://mastodon.sdf.org/tags/InternationalCourt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InternationalCourt</span></a> of <a href="https://mastodon.sdf.org/tags/Justice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Justice</span></a> (<a href="https://mastodon.sdf.org/tags/ICJ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICJ</span></a> ) has been set for April 24 this year. To some experts, the sudden repatriation plan has <a href="https://mastodon.sdf.org/tags/connection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>connection</span></a> w/the <a href="https://mastodon.sdf.org/tags/GenocideCase" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GenocideCase</span></a></p><p><a href="https://thegeopolitics.com/will-the-junta-come-out-from-their-cocoon-to-accept-rohingyas" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thegeopolitics.com/will-the-ju</span><span class="invisible">nta-come-out-from-their-cocoon-to-accept-rohingyas</span></a></p><p><a href="https://mastodon.sdf.org/tags/AsianMastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsianMastodon</span></a> <a href="https://mastodon.sdf.org/tags/Myanmar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Myanmar</span></a> <a href="https://mastodon.sdf.org/tags/Burma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Burma</span></a></p>
Matt Knight<p>Is it possible to install a client TLS client certificate on an iPhone running iOS 16?</p><p>I'm trying to do it but can't get it to show the certificate as verified (even though the Root and Intermediate CAs are both installed, verified and fully trusted).</p><p>Really want to leverage mTLS. I've had it working on an iPhone before (a couple of years ago, I think), but not sure if it's possible any longer.</p><p><a href="https://mastodon.knight.fyi/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tls</span></a> <a href="https://mastodon.knight.fyi/tags/https" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>https</span></a> <a href="https://mastodon.knight.fyi/tags/smallstep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smallstep</span></a> <a href="https://mastodon.knight.fyi/tags/stepca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stepca</span></a> <a href="https://mastodon.knight.fyi/tags/mtls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mtls</span></a> <a href="https://mastodon.knight.fyi/tags/https" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>https</span></a> <a href="https://mastodon.knight.fyi/tags/iphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iphone</span></a> <a href="https://mastodon.knight.fyi/tags/ios" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ios</span></a> <a href="https://mastodon.knight.fyi/tags/apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apple</span></a> <a href="https://mastodon.knight.fyi/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
ϺΛDИVTTΛH<p>Nice, <a href="https://fosstodon.org/tags/pihole" class="mention hashtag" rel="tag">#<span>pihole</span></a> is working flawlessly again including a fresh issued certificate from my recreated <a href="https://fosstodon.org/tags/smallstep" class="mention hashtag" rel="tag">#<span>smallstep</span></a> <a href="https://fosstodon.org/tags/ca" class="mention hashtag" rel="tag">#<span>ca</span></a> after I've ruined it successfully yesterday trying to post-init ssh. :blobcatgiggle:</p>
ϺΛDИVTTΛH<p>There are only two <a href="https://fosstodon.org/tags/webservices" class="mention hashtag" rel="tag">#<span>webservices</span></a> without <a href="https://fosstodon.org/tags/ssl" class="mention hashtag" rel="tag">#<span>ssl</span></a> remaining, which I'll switch too. <a href="https://fosstodon.org/tags/pihole" class="mention hashtag" rel="tag">#<span>pihole</span></a>, my <a href="https://fosstodon.org/tags/nas" class="mention hashtag" rel="tag">#<span>nas</span></a> and <a href="https://fosstodon.org/tags/opnsense" class="mention hashtag" rel="tag">#<span>opnsense</span></a> is serving their pages using ssl already. <a href="https://fosstodon.org/tags/smallstep" class="mention hashtag" rel="tag">#<span>smallstep</span></a> <a href="https://fosstodon.org/tags/pki" class="mention hashtag" rel="tag">#<span>pki</span></a> <a href="https://fosstodon.org/tags/ca" class="mention hashtag" rel="tag">#<span>ca</span></a> <a href="https://fosstodon.org/tags/certificateauthority" class="mention hashtag" rel="tag">#<span>certificateauthority</span></a> <a href="https://fosstodon.org/tags/selfhosting" class="mention hashtag" rel="tag">#<span>selfhosting</span></a> <a href="https://fosstodon.org/tags/docker" class="mention hashtag" rel="tag">#<span>docker</span></a></p>
ϺΛDИVTTΛH<p><a href="https://fosstodon.org/tags/opnsense" class="mention hashtag" rel="tag">#<span>opnsense</span></a> is the first <a href="https://fosstodon.org/tags/certificate" class="mention hashtag" rel="tag">#<span>certificate</span></a> holder of my new <a href="https://fosstodon.org/tags/smallstep" class="mention hashtag" rel="tag">#<span>smallstep</span></a> <a href="https://fosstodon.org/tags/ca" class="mention hashtag" rel="tag">#<span>ca</span></a> The <a href="https://fosstodon.org/tags/docker" class="mention hashtag" rel="tag">#<span>docker</span></a> setup wasn't quite intuitive and I struggled from one issue to another but it works nicely now.</p>
ϺΛDИVTTΛH<p>The next addition for my <a href="https://fosstodon.org/tags/homelab" class="mention hashtag" rel="tag">#<span>homelab</span></a> will be a <a href="https://fosstodon.org/tags/selfhosted" class="mention hashtag" rel="tag">#<span>selfhosted</span></a> <a href="https://fosstodon.org/tags/docker" class="mention hashtag" rel="tag">#<span>docker</span></a> <a href="https://fosstodon.org/tags/ca" class="mention hashtag" rel="tag">#<span>ca</span></a>. I'll use <a href="https://fosstodon.org/tags/smallstep" class="mention hashtag" rel="tag">#<span>smallstep</span></a>. <br />:ablobcatwink:</p>
Dr. Roy Schestowitz (罗伊)● NEWS ● <a class="hashtag" href="https://pleroma.site/tag/smallstep" rel="nofollow noopener" target="_blank">#SmallStep</a> ☞ DIY <a class="hashtag" href="https://pleroma.site/tag/ssh" rel="nofollow noopener" target="_blank">#SSH</a> Bastion Host <a href="https://smallstep.com/blog/diy-ssh-bastion-host/" rel="nofollow noopener" target="_blank">https://smallstep.com/blog/diy-ssh-bastion-host/</a>
Dr. Roy Schestowitz (罗伊)● NEWS ● <a class="hashtag" href="https://pleroma.site/tag/smallstep" rel="nofollow noopener" target="_blank">#SmallStep</a> <a class="hashtag" href="https://pleroma.site/tag/programming" rel="nofollow noopener" target="_blank">#Programming</a> ☞ <a class="hashtag" href="https://pleroma.site/tag/ssh" rel="nofollow noopener" target="_blank">#SSH</a> Emergency Access <a href="https://smallstep.com/blog/ssh-emergency-access/" rel="nofollow noopener" target="_blank">https://smallstep.com/blog/ssh-emergency-access/</a>
Dr. Roy Schestowitz (罗伊)● NEWS ● <a class="hashtag" href="https://pleroma.site/tag/smallstep" rel="nofollow noopener" target="_blank">#smallstep</a> <a class="hashtag" href="https://pleroma.site/tag/ssh" rel="nofollow noopener" target="_blank">#SSH</a> ☞ SSH Agent Explained <a href="https://smallstep.com/blog/ssh-agent-explained/" rel="nofollow noopener" target="_blank">https://smallstep.com/blog/ssh-agent-explained/</a>
Dr. Roy Schestowitz (罗伊)● NEWS ● <a class="hashtag" href="https://pleroma.site/tag/smallstep" rel="nofollow noopener" target="_blank">#smallstep</a> <a class="hashtag" href="https://pleroma.site/tag/encryption" rel="nofollow noopener" target="_blank">#encryption</a> <a class="hashtag" href="https://pleroma.site/tag/security" rel="nofollow noopener" target="_blank">#security</a> ☞ DIY Single Sign-On for <a class="hashtag" href="https://pleroma.site/tag/ssh" rel="nofollow noopener" target="_blank">#SSH</a> <a href="https://smallstep.com/blog/diy-single-sign-on-for-ssh/" rel="nofollow noopener" target="_blank">https://smallstep.com/blog/diy-single-sign-on-for-ssh/</a>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload