OPNsense BIND Plugin Configuration

    Setting up BIND can be a challenge in of itself. Interfaces can be make things easier, but it isn’t always quiet obvious how-to go about achieving what you want, and still require some knowledge of BIND/named configuration.

    As with OPNsense DNS plugin, can be quite tricky to get right. This post is how I got my internal domain, hq.cormier.co, setup in OPNsense, complete with reverse zones.

    Plugins BIND
    Mar 11, 2021 - Filed in: OPNsense BIND DNS
    Reading Time: 2 minute(s)

    A Container NAS named Phong

    I recently purchased a Synology DS920+ NAS to use as a host for Linux containers and manage it via the Docker API and Terraform. This post is how I got the device to do exactly that. As to the name of the device, it is named after a ReBoot character.

    Feb 20, 2021 - Filed in: Docker Linux Storage Certificates
    Reading Time: 5 minute(s)

    Create PKCS12/PFX Archive from Certificate and Private Key

    I have been doing some work with security certifcates lately and had the chance to document the creation of PKCS12/PFX archives using command line tools without first having CSR/private key in a key store.

    Site security certificate

    Most are familar with the following work flow of obtaining a security certificate…

    • Generate Certificate Signing Request (CSR)
      • This generates a private key (sometimes out of interface scope)
    • Submit CSR to Certificate Authority (CA) for certificate generation
      • Internal Windows CA - certsrv
      • Public CA like - GoDaddy
    • Retrieve certificate bundle from CA
    • Import into keystore used to create CSR
      • The private key lives here (sometimes with no interface to manage, Windows for example)
    • Export PFX archive that includes certificate, private key, and CA certificate(s) protected with password
      • Include private key in the export

    Voila! PFX Archive!

    But… if you have the private key on a file system some where and not in a key store (Windows or Java), the work flow changes.

    Note: Remeber to password protect any export of certificates with private keys with strong passwords

    To bundle those together in a PKCS12/PFX archive file you can use OpenSSL command line tool, I am sure there are others. Available on all major flavors of Linux and installable other operating systems.

    Nov 22, 2020 - Filed in: X.509 PKCS12 PKI PEM
    Reading Time: 2 minute(s)

    Localization with SwiftUI

    I have been performing a bit of localization lately on an Xcode project and was looking for a way to reduce human errors due to typos and other human errors.

    The best method I found was to create a separate a simple Translation.swift file to storage all the i18n code. Here I extend the LocalizedStringKey struct with my own project based localized strings for easy access on the Xcode autocomplete menu.

    Jul 6, 2020 - Filed in: SwiftUI iOS macOS
    Reading Time: 1 minute(s)