Please note that all blog posts before 8 April 2007 were automatically imported from LiveJournal. To see the comments and any LiveJournal-specific extras such as polls and user icons, please find the source posting at http://brianenigma.livejournal.com/2003/01/Help Me I Am In [PKI, security, certificate, keychain, RSA, PEM, DER, PKCS12, RC4, MD5, 3DES] Hell.
It used to be that setting up a secure webserver with a nice, valid, SSL certificate was hell. I can now do that blindfolded, in handcuffs (the William Gibson X-Files episode comes to mind now: “Are you gonna take these off, or am I gonna have to do this with my tongue?” “Trust me, you don't want to take a vote.”). Now, I'm trafficking business-to-business messages that are MIME/Multipart strings over SSL connections. Parts of the multipart messages are plaintext, parts are simply signed with any one of a variety of algorithms, and parts are encrypted with a variety of algorithms. Of course, this is determined dynamically at runtime, with the plaintext parts telling what the non-plaintext parts are. Of course, the responses need to be dynamically generated and returned in the same format. Good times!
If everything went well and DNS propogated properly, I should have http://cu.be. As substitute pointed out, I should also have all subdomains (hyper.cu.be, sugar.cu.be, gleaming.the.cu.be, etc). Something tells me that not all went well. …especially after looking at the current whois record.
In other news, after a number of useful patch submissions, I am officially a SoleSeek developer. W00t. And stuff. If I have the time, I will be writing one metric shload of internal/developer documentation this week. There is a lot of debugging to do–file transfers exist in the most recent cvs version, but don't work past the “Hi! Can you send me that file of yours?” request message. Oops.
