Use AWS Secret Manager to handle credentials


AWS Secret Manager is a great solution for secret management. It is similar to HarshiCorp Vault, but with better integrations with other AWS services, e.g. IAM, RDS, Redshift, DocumentDB. As illustrated above, I created a database in RDS and a credential in Secret Manager, then attached the credential to the database for dynamic reference. The … Continue reading Use AWS Secret Manager to handle credentials

LDAP: error code 11 – This search operation has checked the maximum of 5000 entries for matches]


We have a Jenkins box that use OpenDJ as the LDAP authenticator. And recently we migrated the ldif data from the old OpenDJ to a new OpenDJ server, and reconfigured the Jenkins to use the new box. After that, the Jenkins authentication stops working. I noticed this message in the Jenkins log. It looks like … Continue reading LDAP: error code 11 – This search operation has checked the maximum of 5000 entries for matches]

Using Comala worflow to classify Confluence page


I was working on a data classification project a few months ago, and one of systems that needs to be classified is Confluence. The data on Confluence can be Public, Internal, Protected and Highly Protected. I designed a solution to use Comala workflow which we have purchased already, so no more extra cost on software. … Continue reading Using Comala worflow to classify Confluence page

iframe shows as blank page in Confluence


If your added iframe macro shows as a blank page in confluence page. I think there are two places you need to check. Ensure the site url (include protocol scheme) has been whitelisted. Check whether the site allows cross origin access. For example, *.sharepoint.com does not cross origin access by setting x-frame-option as SAMEORIGIN. Reference: … Continue reading iframe shows as blank page in Confluence

Step by step to install SSL cert for Crowd server


In this article, I am going to show you how to install or renew SSL certificate for Crowd server step by step. Note: In my example, my hostname is crowd.jackiechen.org (skip if you already have your new certificate) Run the following command to generate a csr file for your certificate, and you will get two … Continue reading Step by step to install SSL cert for Crowd server

ERR_CERT_COMMON_NAME_INVALID because of Subject Alternative Name missing


If you are seeing similar errors in Chrome as below, your private cert probably missed the SAN. Starting from Chrome 58, it validates the DNS against the SAN that is in the certificate. Here is the quote that I found "Certificates have two ways to express the domain/IP they're bound to - one which is … Continue reading ERR_CERT_COMMON_NAME_INVALID because of Subject Alternative Name missing

BitLocker on Windows 10


Three quick commands to turn on/off and check BitLocker on Windows 10 Professional and Enterprise. You have to run the following commands in an Administrative terminal. To turn on BitLokcer against volume C:  manage-bde -on C: -RecoveryPassword -skiphardwaretest -UsedSpaceOnly To turn off BitLocker against volume C:  manage-bde -off C: To check BitLocker against volume C:  … Continue reading BitLocker on Windows 10