(I've CC'd general@ <mailto:firstname.lastname@example.org> as we've got
a fair few people travelling from afar who'd not normally go to regular
The CAcert event is in TWO WEEKS! AAAND that might be a little too much
excitement for some top notch nerdy bureaucracy!
_*Here is what CAcert *is* and *why* you should care...*_
CAcert is a global non-profit certificate authority that can issue
certificates for use with TLS (commonly still known as SSL). But unlike
commercial certificate authorities (like Digicert, Comodo, IdenTrust,
GoDaddy) they're completely free!
CAcert /*predates*/ Let's Encrypt (abbreviated "LE", who also do free
certificates) and has 5 key advantages...
* Certificates can be issued for 2 years rather than only 3 months
with automation scripts
* E-mails, code and other things can be signed rather than just websites
* Certificates can be issued in your name or your organisations rather
than just in the name of your domain
* Isn't reliant upon cross-signing with another profit making CA (e.g.
IdenTrust cross-signs LE)
* Supports wildcards so you can cover many subdomains!
Since your identity needs proving before they can be issued... CAcert
users physically meet one another to verify we're who we say we are.
The more you've been "assured" by someone, the more points you get until
you've got enough to generate free certificates and also assure other
people... effectively it's "crowd sourced" trust.
After the presentation is over (presented by Alex Roberton, who
presented a UK CAcert event in 2012) there'll be time to "assure" people
and get "assured".
We've got all the forms here... so bring government-issued ID that has
your photo on it, *as many as possible* (e.g. UK passport and UK drivers
license). Failing that, bring anything that confirms your ID (in an
official way) especially something like your birth certificate, plus any
documentation for marriage or "change of name" too if it applies. If
you're unsure there is a page on it here...
CAcert has fell on some hard times lately and I'm hoping to help bring
this excellent project some new blood. Work continues in being accepted
by the "CA/Browser Forum" so their root certificates can get widely
"SSL certificates" are a RIGHT RACKET for the price you pay and it's
shocking the small number of commercial players involved! LE helps
somewhat but as it's aims are different, it can only go so far. Not far
enough if we actually want to combat phishing involving misspelt domains
(especially when people get a false sense of security seeing a padlock!
some re-education needed there, not helped by the browsers!).
It's advisable to make yourself a free CAcert account before coming
along. It's also helpful to know how to install their root certificate
and generate your own client certificate.
If you want to assure people, you'll also need to pass a "challenge"
online. If you get stuck on this, just come to the presentation first
and then try to take this after while you're here (we've got plenty of
PC's). If you've already generated a client certificate, just remember
you'll need to have access to it (or create another) when you get here!
I've detailed any steps you might want to follow before the presentation
(from making an account, to taking the "challenge") in the below blog
Hope to see you all there :)
This is more a "better late than never" scenario! Unfortunately I
couldn't make the last workshop (being on a train bound for London for
work) but I hear Iain presented a truly thorough introduction to
OpenStreetMaps. Big thanks to Iain for that and Richard/Keira for
taking care of the event in general.
Since I wasn't there I asked Keira to make some notes, plus Iain gave me
the presentation files... using them (and a crap microphone I left
recording... a one off! plus people knew I had.. but it was bad
quality!)... I got the general idea how it went... including a joke at
the end... "is it still Tuesday?" :D.
Anyway I typed it all up in a blog post a week ago and showed it Iain
but forgot to mention it on the list so here it is... in case anyone was
curious about what was covered and how...
I sent this to the wrong email address! Hopefully this should get through!
The link to the Potteries Hackspace website under Resources on the
StaffsLUG website is outdated.
However, I've found the correct link and here it is:
Hope that helps.
Does anybody here have any experience with Kubernetes?
I'm being asked to solve an issue with a kubernetes-based web portal not renewing its SSL certificates automatically anymore. I've been able to ascertain that it's using cert-manager with let's encrypt. I can also see that the cert-manager, cainjector and webhook pods are running... I've not used cert-manager before and I'm just wondering what else I can check? I've had a look on Google and the best I could find was to try and 'describe' the certificate and check the orders/challenges... but I don't know the name of the certificate and I can't even figure out how to list them.
P.S. If you're clued up on Kubernetes and up for a quick phone call, that would be amazing.
Anyone ever been to this event?
I was hoping there would be one in 2019 but it seems they've not
bothered (but there was one in 2017 and 2018).
I only remember discovering these events even existed... when I was
looking into how Linux Journal got shut down (who were also supported by
"Private Internet Access"... just like Freenode is)... and I ended up
going 12 rounds debating with Christel (the person who has been the head
of freenode since 2006) who was really running the show over there :S
Maybe some you have been and it was good? Bristol is a nice place anyway.