Tuesday, November 30, 2010

Commercial SSL certificate untrusted - what did I pay for?

I recently bought a commercial SSL certificate, and was slightly mystified as to why the browser was calling it untrusted. How could they possibly be selling certs that Firefox doesn't trust? After some head scratching I realised the answer was that I needed to install the intermediate certificates (provided by the CA) on the server side, to complete the chain of trust.

During the SSL certificate exchange the web server (in this case Apache) can provide the client with additional certificates to enable it to establish a chain of trust.  Use the SSLCertificateChainFile directive in your site config, something like:

    SSLCertificateChainFile /etc/apache2/ssl/ExternalCARoot1.crt
    SSLCertificateChainFile /etc/apache2/ssl/CACompanySecureServerCA.crt

According to the apache help, you can cat these two together and just specify one file.  Say the browser trusts RootCA1, it can check that RootCA1 signed ExternalCARoot1.crt, which signed CACompanySecureServerCA.crt, which signed my certificate. Without those intermediate certificates, the browser cannot establish trust.

Saturday, November 27, 2010

Making blogger look prettyish: removing the attribution footer and increasing the post width

The new templates provided by blogger go a long way to making it look prettier. There are IMHO a few fundamental problems. The first is the attribution footer gadget - that is nice for the original designer, but I don't need to advertise for them on my blog. A lot of people seem to be trying to change this behaviour.

To remove the attribution footer, search in your css for 'attribution' and use html comments to comment out those sections. Check with preview to see if they are gone. When you click 'save template' blogger will ask if you want to delete the attribution gadget. You can delete it, and it will stay gone.

Next, making the post wider. Blogger is stuck being optimised for small screen sizes no-one uses any more. To increase the post width, change the 'value' attribute of this tag (search for 'content.width'):

<b:variable default='930px' name='content.width' type='length' value='1000px'/>

And to change the width of your gadget panel, change value of:

<b:variable default='360px' name='main.column.right.width' type='length' value='370px'/>

Wednesday, November 24, 2010

Set file modification time of a JPEG to the EXIF time

After editing a photo, it is nice to be able to set the file modification time back to its original so filesystem date sorting is still sensible. This can be achieved by reading the "Exif.Photo.DateTimeOriginal" or "Exif.Image.DateTime" out of the JPEG header. exiv2 will do this for you:
exiv2 -T rename *.JPG

To do every file recursively under a directory, cd into the directory and use this:
find . -type f -iname "*.jpg" -print0 | xargs -0 exiv2 -T rename