Unless otherwise expressly stated, all original material of whatever nature created by Andreas Jaggi and included in this weblog is licensed under a Creative Commons License.
When renewing certificates it is a good idea to verify that the newly installed SSL certificate matches the newly installed private key (eg. to make sure no mixup between the new and old files occurred).
This can be done by comparing the modulus of the two files:
openssl x509 -in <certificatefile> -noout -modulus|sha1sum openssl rsa -in <privatekeyfile> -noout -modulus|sha1sum
13:32 | Networking | Permalink
Loading the configuration from http://config.server/configfile.xml (provisioning has to be enabled on the phone):
http://<PHONEIP>/admin/resync?http://config.server/configfile.xml
Upgrading the firmware with the image from http://upgrade.server/firmware.bin:
http://<PHONEIP>/upgrade?http://upgrade.server/firmware.bin
21:02 | Networking | Permalink
Create the PKA DNS record:
# localpart=andreas domain=jaggi.info url=http://andreas-jaggi.ch/1C6AC951.asc
# LANG=C gpg --fingerprint ${localpart}@${domain}|awk -v local=$localpart -v domain=$domain -v url=$url \
'/fingerprint/{printf("%s._pka.%s. TXT \"v=pka1;fpr=%s;uri=%s\"\n",local,domain,$4$5$6$7$8$9$10$11$12$13,url)}'
andreas._pka.jaggi.info. TXT "v=pka1;fpr=1073501542F38352FC85788207A32EAB1C6AC951;uri=http://andreas-jaggi.ch/1C6AC951.asc"
Test DNS resolution:
# dig +short -t txt andreas._pka.jaggi.info. "v=pka1\;fpr=1388580990F38352FC85788207A32EAB1C6AC951\;uri=http://andreas-jaggi.ch/1C6AC951.asc"
Test with GPG:
# gpg --auto-key-locate pka -ea -r ${localpart}@${domain}
Detailed explanation of the different DNS publication mechanisms for PGP Keys:
Publishing PGP Keys in DNS
(via)
13:52 | Networking | Permalink