Skip to main content

· 7 min read

I've been involved in a project that uses Pivotal CloudFoundry as the PAAS platform of choice. To provide some minimal background info: CloudFoundry is an open-source PAAS platform that can run on top of a number of cloud infrastructures: Azure, AWS, GCP, OpenStack, VMware vSphere and more. Pivotal is a company that offers a commercial CloudFoundry package that includes support, certification and additional services.

· 6 min read

In two previous posts I explained [how to setup TLS for a local Azure Service Fabric cluster][1] and [how to configure this for a cluster running on Azure][2]. In this post I describe how to setup client certificate authentication for the same API endpoint. Client certificate authentication requires that a client can only access the API with a client authentication certificate (certificate purpose [1.3.6.1.5.5.7.3.2][7]).

· 6 min read

[Azure Service Fabric][1] is Microsofts [micro-services][2] platform. Well, it's actually more than that but that is all well-documented in other places on the interwebs.

It is relatively new and documentation is still a bit behind so I had some trouble in getting the following setup working:

  • I want to run my production cluster on a domain name that is not the default. So instead of mycluster.westeurope.cloudapp.azure.com I want my-api.my-services.nl.
  • The custom API endpoint that is exposed through my cluster should run on https and not the default http.

· 3 min read

On several GitHub projects nowadays you find these nice badges in the readme.md that tell you whether the current build passed. Until a few days ago I didn't know how these were implemented but since I have my own small open-source [GitHub project][1] now, I wanted a badge. Sounds a bit like [gamification][2] if I say it like this but that's an entirely different topic :)

· 5 min read

[Let's Encrypt][1] is a new certificate authority that provides free certificates for web server validation. It issues [domain-validated][2] (DV) certificates meaning that the certificate authority has proven that the requesting party has control over some DNS domain (more on that later). And the best thing: it's fully automated through an [API][4] and a [command-line client][3].

Free DV certificates seem to be the new trend nowadays with Symantec being the next player in the market [announcing][5] they're giving them away for free. Let's Encrypt issued their [first][7] certificate on September 14, 2015 and announced on March 8, 2016 that they were at one million after just three months in [public beta][8].