My first super blood wolf moon

Today was the first time I have witnessed this natural phenomenon through the lens of my old and dusty Nikon DSLR camera. Because of the good forecast I decided to go out of bed early to give it a shot. I cannot remember me taking photos of the moon before, so I struggled a bit in order to get a proper setup. Especially the lack of a tripod made it a little bit clumsy and it took too much precious time to make some good shots.

Personal note:

  • Go outside
  • Use a tripod
  • Set Mirror-lock
  • Use self-timer

So here is definitely room for improvement. Hope you enjoyed as it much as I did!

Certificate on Yubikey4

This instruction is primarily intended for my own documentation, but published here it can serve others as well.

My personal (client) certificate was generated using the Mozilla Firefox browser. To move the certificate key combination to my Yubikey I had to make a backup of the certificate. In Mozilla you are able to create a P12 backup of the certificate including key (remember the password!).

1. Extract certificate and key

$ openssl pkcs12 -in person.p12 -nocerts -out privateKey.pem
Enter Import Password:                                          
Enter PEM pass phrase:                                          
Verifying - Enter PEM pass phrase:                              
$ openssl pkcs12 -in person.p12 -clcerts -nokeys -out publicCert.pem
Enter Import Password:

2. Remove password on the key

$ openssl rsa -in privateKey.pem -out privateKey-nopassword.pem
Enter pass phrase for privateKey.pem:
writing RSA key

3. Import the key

$ ykman piv import-key -P ****** --pin-policy ONCE 9a privateKey-nopassword.pem

4. Import the certificate

$ ykman piv import-certificate -P ****** 9a publicCert.pem
Enter password to decrypt certificate:

Huh? That’s strange. The certificate is not password protected. It appears there are some attributes placed above the actual certificate. Remove those lines so that ‘—–BEGIN CERTIFICATE—–‘ is on top.

5. Import the certificate again

$ ykman piv import-certificate -P ****** 9a publicCert.pem

6. Cleanup

Since the certificate and key are now on the smartcard you can safely delete them from disk:

$ rm publicCert.pem privateKey.pem person.p12

As soon as you configure your Yubikey as smartcard for Firefox you can also remove the certificate from the Mozilla Certificate store.


For reference, this instruction was created on a Arch Linux installation.