Stuff I'm Up To

Technical Ramblings

Android Trusted CA Certificate — September 20, 2017

Android Trusted CA Certificate

We have been tested by some of our Android Lollipop tablets. Adding a trusted CA certificate used to be as easy as visiting the proxy portal and clicking the install certificate button.

Now these devices come up with an error complaining that there is “no certificate in file”.

Reading a lot of Android nightmare posts about converting the PEM certificate to pfx/p12 using openssl and then rooting the device and delivering the certificate into the folder for the cacerts using the command line it turned out to be far simpler.

Continue reading

Advertisements
Squid Kerberos Nightmare — July 25, 2017

Squid Kerberos Nightmare

What a terrible sequence of events we suffered today. Took quite a bit of head scratching, log reading and plenty of Google fu to resolve.

We use Squid with an LDAP and authenticated lookup to establish if a user is a member of an AD group to allow them through the proxy. For some very strange reason the authentication and lookup began failing today.

Continue reading

Squid3 changes for Debian Jessie — July 21, 2017
Windows Proxy Fun & Games — January 20, 2017
Nginx, Not Just a Web Server — October 26, 2016

Nginx, Not Just a Web Server

Nginx is capable of more than serving web pages. It can load balance, cache and act as a reverse proxy.

We recently had need to access two web services on the same server through a single interface. This is where the reverse proxy came in.

  • Service A runs on port 9010
  • Service B runs on port 9020
  • Access to both services needs to be via a single front end using traditional http over port 80

Not ideal, but it’s not my system design, just a challenge we need to face. The way we tackled it was using an Nginx reverse proxy and split the calls to specific URL paths on each web service to the relevant underlying back end service.

Continue reading

Windows Proxy Settings — October 5, 2016

Windows Proxy Settings

Set the Server to use the proxy at the command line using:

C:\> netsh winhttp set proxy "http://myproxy:3128" "<local>"

Where the <local> parameter means skip using a proxy for local addresses.

View your setting using:

C:\> netsh winhttp show proxy

Syntax:

set proxy [proxy-server=] ProxyServerName [bypass-list=] <HostsList>