Checking expiry dates of local and remote SSL certificates

A few years ago I already covered how to check the expiry date of a SSL certificate using OpenSSL. When the recent global outage of Windows Azure was caused by an expired SSL certificate, this got me thinking about this topic once again.

In my previous post, I presented a mechanism to check the remaining lifetime of an SSL certificate using the PEM certificate file locally on disk. However, in the case with Azure recently, customers were dependent on the actions by Microsoft and had no access to the actual file. Thus, there might be a need to check remote certificates of services you use, e.g. your off-site backup provider. As you want to ensure you can always use this service, why not check this for expiring certificates once in a while? Maybe it’s your notification to the sysadmins who saves yourself and all other customers from being locked out.

Here is the updated script ssl-cert-check that now not only handles x509 certificate files, but also remote addresses for various forms and protocols. For simplicity, here are the usage instruction from inside this script:

Continue reading

tmux update-environment

tmux is one of the tools I use everyday. But one thing always annoyed me: even though I am using X11 forwarding and ssh-agent forwarding when re-attaching to a session, the DISPLAY and SSH_AUTH_SOCK environment variables are often wrong. Environment variables are initialized only once when the window was created. tmux is able to update some environment variables for new windows and panes based on the update-environment setting, however, existing shell windows cannot be updated.

Continue reading

The mysterious stalled scp connections

Lately, I had some problems with stalling transfers when using scp, the file transfer tool for the SSH protocol and part of the OpenSSH suite. Here is a report on what happened, how I found the cause and how I applied the solution. Actually, this is a pretty lame story, but I just wanted to write it down anyway.

Continue reading

Google’s Privacy Policy over the Years

Google’s Privacy Policy is going to change this March in order to unify up to 60 different policies across all the services Google has to offer. While reading through the new terms, I compared what did change exactly to see if the coverage in other blogs and media is correct.

As older versions are still available, I noticed that the beginning of this Privacy Policy has changed over the years. There used to be a first sentence explaining the general approach Google takes towards your data. But read yourself:

Continue reading