Author Archives

• Vespa Parts Index

  By GrumpyTechie on March 25, 2021 • ( 0 )

  

  When you’re working on your vintage Vespa, it’s good sometimes to know the exact dimensions of bearings, seals and o-rings if you need to source one locally. Below is an index of all the parts I’ve identified so far, along… Read More ›

• Trusted Root Certificate Authorities Missing from Domain Controllers?

  By GrumpyTechie on January 25, 2021 • ( 0 )

  

  Today I ran into a peculiar issue when configuring a GPO policy for 802.1X authentication with WPA2-Enterprise. When you use PEAP for authentication, you need to assign which Certificate Authorities’ (CAs) certificates will be accepted for authentication. I went to… Read More ›

• Generating Certificate Signing Requests using OpenSSL

  By GrumpyTechie on October 29, 2020 • ( 0 )

  

  Requesting SSL Certificates can be a bit of a hassle, so today I’m going to show you how to easily generate SSL certificates with the help of OpenSSL and your CA of choice.

• Disabling Insecure Ciphers on NGINX – NGINX Tricks Part 4

  By GrumpyTechie on April 22, 2020 • ( 0 )

  

  HTTPS is everywhere these days, but not many people think that much about which cipher suites are considered safe. Cipher suites determines what encryption algorithms are used to secure the communication over HTTPS, and as time goes on older cipher… Read More ›

• Adding Custom Root CA Certificates to Debian

  By GrumpyTechie on February 25, 2020 • ( 0 )

  

  Adding custom root CA certificates to Debian is rather easy, but there are some non-obvious pitfalls that you might encounter. Here I’ve tried to collect most things to a single post for your convenience. Adding Custom Root CA Certificates Debian… Read More ›

• Office 365 – Changing User’s Principal Name

  By GrumpyTechie on February 13, 2020 • ( 0 )

  

  A quite common occurrence for IT admins is that people change their names, and thus need their username to reflect this change. In the good ol’ days, this wasn’t an issue, just change their name in AD in 15 different… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Enabling HSTS

  By GrumpyTechie on November 25, 2019 • ( 0 )

  

  This week, we’re going for the gold medal, that sweet sweet A+ grade on Qualys SSL Labs. And to achieve this lofty goal of ours, we’ll need to enable one thing, HSTS. This is no small task, and for the… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Custom Cipher Groups

  By GrumpyTechie on November 18, 2019 • ( 2 )

  

  As promised in my last post on F5 load-balancers, this weeks issue of the never-ending guide on how to keep your F5 Big-IPs in the good graces of Qualys SSL Labs will deal with TLSv1.3 demanding that we use cipher… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Enabling TLSv1.3

  By GrumpyTechie on November 12, 2019 • ( 2 )

  

  In my last post on F5 load-balancers, we disabled TLS v1 and v1.1 as a preemptive measure as SSL Labs is going to start capping your grade to B if you’re caught supporting these protocols after January 2020. In this… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Disabling TLSv1 and TLSv1.1

  By GrumpyTechie on October 31, 2019 • ( 6 )

  

  So, it’s again time to start worrying about your SSL Labs grade. Coming January 2020, any site still supporting TLSv1 and TLSv1.1 will have their grade capped to B. As we all know, this is unacceptable, so we’ll once again… Read More ›