Monthly Archives: January 2010 - Page 2

New Year, New Theme

Posted by on January 11, 2010 1 comment

Having realized that I haven’t looked at WordPress theme development in nearly a year, I decided to search around and ended up switching over to Mystique. The theme offers a wealth of features and even obsoletes some plugins and widgets I was previously using. I’m not sure if I’ll stick with it long-term but it’s certainly a very polished product. Fidgetr may need a few upgrades to keep up with the times… Let me know in the comments if you spot anything broken!

I’ve put quite a few custom CSS tweaks in already, some of which I’ve listed below. Others who use the Mystique theme may find these changes helpful.

  1. To hide the websnapr feature add “.webshot{display:none !important;}” to the user CSS section.
  2. Fidgetr’s comment display depends on sidebar overflow so I added “#sidebar {overflow:visible;}” as well. Secondary sidebar overflow would need #sidebar2

Parsing A CRL With OpenSSL

Posted by on January 10, 2010 No comments

Short and sweet. This command will parse and give you a list of revoked serial numbers:

openssl crl -inform DER -text -noout -in mycrl.crl

Most CRLs are DER encoded, but you can use -inform PEM if your CRL is not binary. If you’re unsure if it is DER or PEM open it with a text editor. If you see —–BEGIN X509 CRL—– then it’s PEM and if you see strange binary-looking garbage characters it’s DER.

OpenSSL and IDN Certificates

Posted by on January 3, 2010 No comments

As internationalized domain names (IDN) proliferate more people need to test with, and ultimately purchase, IDN certificates. If you need to generate a CSR or even a self-signed certificate for an internationalized domain follow these steps:

  1. Take the UTF-8 characters and paste them into a punycode converter (also known as ASCII compatible encoding, or ACE).
  2. The resulting converted text will be a fairly long string that starts with “xn--”. Copy the entire thing.
  3. Now run this command.

For CSR generation1:

openssl req -new -nodes -out mycsr.csr -keyout mykey.pem -newkey rsa:2048

For self-signed certificate generation2:

openssl req -new -nodes -x509 -days 3650 -out mycert.cer -keyout mykey.pem -newkey rsa:2048

Either way, follow the prompts and when you reach Common Name paste the text you copied from the punycode converter. Now you can submit your CSR to a certification authority or install the self-signed certificate for testing.

  1. We are generating a 2048-bit CSR
  2. This will generate a 10 year self-signed certificate.