Back to Home / #linode / 2021 / 01 / Prev Day | Next Day
#linode IRC Logs for 2021-01-10

---Logopened Sun Jan 10 00:00:48 2021
02:54-!-g0t [] has joined #linode
02:54-!-g0t is "username" on #linode
03:30-!-g0t [] has quit [Ping timeout: 480 seconds]
03:34-!-g0t [] has joined #linode
03:34-!-g0t is "username" on #linode
04:12-!-Shentino [] has quit [Ping timeout: 480 seconds]
04:20-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
06:45-!-lls [] has quit [Remote host closed the connection]
07:15-!-NomadJim [~Jim@] has quit [Ping timeout: 480 seconds]
07:25<linbot>New news from community: How do I work my fully qualified domain name and my root domain to a website <>
09:31-!-jojo [~u0_a157@2408:8420:6b00:a003:1c17:4dba:e29c:c24a] has joined #linode
09:31-!-jojo is "fu xin son" on #linode
10:25-!-Shentino [] has joined #linode
10:25-!-Shentino is "realname" on #kernelnewbies #qemu #mm #linode #tux3
10:32-!-xtrWrithe [] has joined #linode
10:32-!-xtrWrithe is "xtrWrithe" on #tor-south #linode #qemu
10:36<Cromulent>Right I need some advice here - I basically need a private and public X.509 key pair for JWT signing and verification
10:37<Cromulent>my thought was that if I created a self signed certificate authority and then generated the key pair from the CA cert I could have the public CA cert verify if the private key was legit
10:37<Cromulent>and then store the CA cert private key in a totally locked down Linode
10:37<Cromulent>am I misunderstanding anything here?
10:59<branko>Well, the terminology you are using looks a bit off to me when talking about X.509.
11:00<Cromulent>in what way?
11:00<Cromulent>I need a pem encoded X.509 key pair - the CA part can be ignored but I was curious about it
11:01<branko>Well, what you care about in the X.509 trust model the most is the certificates - the metadata stored within. E.g. name of issuer etc. Validation of crypto-related stuff (like who signed what, who has posession etc of private key) matters, but that's kinda "in the background".
11:03<branko>So, you'd create your self-signed/root CA (private key + certificate), generate private key for entity, generate certificate signing request with that private key that will contain extra info about the entity, and then issue a certificate based on that CSR. Afterwards you validate the end entity certificate using the CA certificate chain (in your case just the root CA).
11:03<branko>Mind you, CSR can kinda be skipped around, many CAs won't really trust much the info contained within.
11:04<branko>My explanation is also most likely oversimplified too :)
11:04<Cromulent>I see - I'm obviously misunderstanding something here
11:05<branko>Cromulent: To get maybe to one point - "generated teh key pair from the CA" sounds a bit unusual.
11:06<branko>Cromulent: Well, reading up on some basics might be a good idea - keep in mind one thing, though - in _root_ you trust.
11:07<branko>E.g. you can have a pretty long chain of CA certificates leading to your end entity certificate, but you trust the thing at the top of the chain. That's where you bootstrap the trust.
11:59-!-Shentino [] has quit [Remote host closed the connection]
12:11-!-xtrWrithe [] has quit [Quit: WeeChat 2.4]
12:11-!-xtrWrithe [] has joined #linode
12:11-!-xtrWrithe is "xtrWrithe" on #tor-south #linode #qemu
12:12-!-xtrWrithe [] has quit []
12:12-!-xtrWrithe [] has joined #linode
12:12-!-xtrWrithe is "xtrWrithe" on #tor-south #linode #qemu
12:16<linbot>New news from community: Theoretical Server Usage <>
12:29-!-Parshant_test [~oftc-webi@] has joined #linode
12:29-!-Parshant_test is "OFTC WebIRC Client" on #linode
12:29-!-Parshant_test [~oftc-webi@] has quit []
13:03-!-duckydanny [] has quit [Quit: ZNC -]
13:05-!-duckydanny [] has joined #linode
13:05-!-duckydanny is "Dan" on #tor-project #moocows #linode #debian
14:37-!-jojo [~u0_a157@2408:8420:6b00:a003:1c17:4dba:e29c:c24a] has quit [Ping timeout: 480 seconds]
14:41<LouWestin>Cromulent: usually when I've done a self signed cert the web browsers (if you're accessing something via browser) throws huge warning.
14:42<Cromulent>this isn't for a website - this is for signing and verifying JWT
14:43<Cromulent>but yeah you are right
14:43<LouWestin>Might be fine.
14:43<LouWestin>Only one way to find out!
14:44<LouWestin>LE would nice if it didn't last for only 90 days
14:45<LouWestin>Sometimes it's a pain to auto renew without certbot and in your case you might not be able to do that anyway. Not too sure.
15:49-!-Shentino [] has joined #linode
15:49-!-Shentino is "realname" on #kernelnewbies #qemu #mm #linode #tux3
16:29<grawity>Cromulent: in this case, yes, you start by generating a self-signed certificate, but then you can just use it directly for jwt, no need for step 2
17:38-!-lls [] has joined #linode
17:38-!-lls is "lls" on #linode
18:20-!-aheczko [] has joined #linode
18:20-!-aheczko is "OFTC WebIRC Client" on #linode
18:21-!-aheczko [] has quit []
18:49-!-jess [] has quit [Quit: Leaving]
18:55-!-g0t [] has quit [Ping timeout: 480 seconds]
19:17-!-retro|blah [] has quit [Quit: Leaving]
19:17-!-retro|blah [] has joined #linode
19:17-!-retro|blah is "retrograde inversion" on #linode
19:40-!-u0_a310 [~u0_a310@] has joined #linode
19:40-!-u0_a310 is "Unknown" on #linode
19:41-!-u0_a310 is now known as J07
19:41-!-J07 [~u0_a310@] has quit []
19:46<Ikaros>Was going to drop an 'f' in there, too bad they left.
19:47<@pwoods>Ikaros: please no f bombs.
19:50<Ikaros>Of course not, why I didn't say "f bomb" lol
19:51<Ikaros>You know, d...e...f...etc
20:02<kharlan>You callin’ me a defetc?
20:09<Ikaros>I'll just be over in my corner now...
20:14-!-packetcat [] has quit [Quit: WeeChat 2.9]
20:16-!-packetcat [] has joined #linode
20:16-!-packetcat is "staticsafe" on #linode
20:58-!-|GIG-1 [~MYOB@] has quit [Quit: usairc org ]
20:59-!-|GIG [~MYOB@] has joined #linode
20:59-!-|GIG is "J" on #linode #moocows
21:01-!-|GIG [~MYOB@] has quit []
21:12-!-|GIG [~MYOB@] has joined #linode
21:12-!-|GIG is "J" on #linode #moocows
21:13-!-|GIG [~MYOB@] has quit [Remote host closed the connection]
21:15-!-|GIG [~MYOB@] has joined #linode
21:15-!-|GIG is "J" on #linode #moocows
21:15-!-|GIG-1 [~MYOB@] has joined #linode
21:15-!-|GIG-1 is "J" on #linode #moocows
21:19-!-jojo [~u0_a157@] has joined #linode
21:19-!-jojo is "fu xin son" on #linode
21:23-!-|GIG [~MYOB@] has quit [Ping timeout: 480 seconds]
21:33-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
21:49-!-jojo [~u0_a157@] has joined #linode
21:49-!-jojo is "fu xin son" on #linode
22:06-!-jojo_ [~u0_a157@] has joined #linode
22:06-!-jojo_ is "fu xin son" on #linode
22:08-!-jojo [~u0_a157@] has quit [Ping timeout: 480 seconds]
22:12-!-jojo_ [~u0_a157@] has quit [Remote host closed the connection]
22:14-!-jojo_ [~u0_a157@] has joined #linode
22:14-!-jojo_ is "fu xin son" on #linode
22:32-!-metta_ [~Quassel@2a01:4f8:1c0c:49df::1] has joined #linode
22:32-!-metta_ is "metta" on #linode
23:26<Shentino>Btw is there any recourse if someone hacks into my linode account and nukes my vm?
23:26<Shentino>just asking hypothetically
23:29<chesty>Shentino, restore from backups
23:29<chesty>ideally off site backups.
---Logclosed Mon Jan 11 00:00:49 2021