Skip to content

Instantly share code, notes, and snippets.

View jzuijlek's full-sized avatar

Jonathan van Zuijlekom jzuijlek

  • Bridgevest B.V.
View GitHub Profile

Client-side SSL

For excessively paranoid client authentication.

Using self-signed certificate.

Create a Certificate Authority root (which represents this server)

Organization & Common Name: Some human identifier for this server CA.

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
#### this is the main config file for nginx, to specify it from the command line, use the -c switch, e.g
#### nginx.exe -c nginx-railo.conf
##** if connecting to Tomcat, use Tomcat's RemoteIpValve to resolve CGI.REMOTE_ADDR, CGI.SERVER_NAME, and CGI.SERVER_PORT_SECURE
##** <Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" remoteIpHeader="X-Forwarded-For" protocolHeaderHttpsValue="https" />
#user nobody;
#pid logs/nginx.pid;
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN"
"http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd">
<!--
Configuration file for UrlRewriteFilter
http://www.tuckey.org/urlrewrite/
-->
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
metadata-complete="true"
version="2.5">
<!-- ********************************************************************* -->
$ wget http://tengine.taobao.org/download/tengine-1.3.0.tar.gz
$ wget http://download.savannah.gnu.org/releases/libunwind/libunwind-1.0.1.tar.gz
$ wget http://gperftools.googlecode.com/files/gperftools-2.0.tar.gz
$ tar zxvf libunwind-1.0.1.tar.gz && cd libunwind-1.0.1
$ CFLAGS=-fPIC ./configure
$ make CFLAGS=-fPIC
$ sudo make CFLAGS=-fPIC install
$ cd ..

Setting up a SSL Cert from Comodo

I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.

These are the steps I went through to set up an SSL cert.

Purchase the cert

Setting up a SSL Cert from Comodo

I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.

These are the steps I went through to set up an SSL cert.

Purchase the cert

Client-side SSL

For excessively paranoid client authentication.

Using self-signed certificate.

Create a Certificate Authority root (which represents this server)

Organization & Common Name: Some human identifier for this server CA.

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
<!--- Drop these in the Theme or a Plugin eventHandler.cfc (global events won't work in the Site Handler) --->
<cfset variables.passwordexpired = false />
<!--- Custom method to determine if password is expired --->
<cffunction name="isPasswordExpired" output="false">
<cfargument name="userBean" required="true" />
<cfset var daysUntilExpired = 90 />
<cfset var expires = DateAdd('d', daysUntilExpired, arguments.userBean.getValue('passwordcreated')) />
<cfreturn DateCompare(expires, Now()) eq 1 ? false : true />