ipSCA offers free 2 year certificates for edu’s. But, back in 2009, their root CA expired, and since then, many browsers don’t trust their certificates. And while this isn’t a huge issue for the well informed IT crowd, it does pose a problem for the average user. Especially with browsers like Firefox that present certificate trust errors like the world is coming to an end.
RHEL 6 genkey
genkey in RHEL 6 seems to be broken, or at least it is in vSphere. Generating an SSL key takes forever, and then it fails at the end of the process with a non-descript error.
The fix, after futzing for a bit was to run it with the “–test” option. When run that way, it doesn’t try to use the kernel’s random number generator, but instead uses random keyboard input to generate the randomness for the key.
Looking online for info with regards to this turned up nothing, so I thought I would post the solution here. Good luck!
UPDATE:So after receiving a signed cert back from ipSCA using a CSR generated with the above process, I found the CRT doesn’t work. I don’t know if this is because of the process, or whether ipSCA made a mistake in creating the CRT. I have instead generated the key and csr manually using the openssl utility and submitted that CSR to ipSCA. We will see if they send me back a valid CRT. Will update again once I know.
Facebook’s crappy RSS/Atom Feed
We are building a new website at work using Drupal 7, and one of the requirements is integration of work’s Facebook and Twitter streams. The easiest way to do this, of course, is with the Drupal Aggregator and the RSS/Atom feeds both Facebook and Twitter provide.
The problem is, while Twitter’s RSS/Atom feed is standards compliant, Facebook’s is not, by any stretch. The main problem for us being, Facebook provides relative URLs linking to posts rather than Absolute URLs, as required by the RSS standard. The relevant part being here:
RSS places restrictions on the first non-whitespace characters of the data in <link> and <url> elements. The data in these elements must begin with an IANA-registered URI scheme, such as http://, https://, news://, mailto: and ftp://. Prior to RSS 2.0, the specification only allowed http:// and ftp://, however, in practice other URI schemes were in use by content developers and supported by aggregators. Aggregators may have limits on the URI schemes they support. Content developers should not assume that all aggregators support all schemes.
Others have also had this problem (the problem being URLs that should be “http://www.facebook.com/USER/post/xxxxxxx” turn into “http://www.mysite.com/USER/post/xxxxxxx”), and rather than resign to the fact that it’s just not going to work, I decided to spend some time to actually make it work for me.