Wednesday, March 26, 2014

SSL Keystore cheat sheet

I often find myself scouring the net for how to create a selfsigned certificate and then how to actually use it.  So I have now created a Cheat Sheet.

JAVA: how to obtain keystore file for a certification (crt) file

Create store with temporary key inside:
keytool -genkey -alias temp -keystore yourkeystore.jks -storepass Hello1
Then delete existing entry:
keytool -delete -alias temp -keystore yourkeystore.jks -storepass Hello1 
Now you've got empty store. You can check that it's empty:
keytool -list -keystore yourkeystore.jks -storepass Hello1
Then import your certificate to the store:
keytool -import -alias alias -file cert_file.crt -keypass keypass -keystore yourkeystore.jks -storepass Hello1

  • I like to create a directory to keep my certificates in separately. (for this doc I'll use C:\SSL)
  • Open a command prompt and cd to that dir. (cd c:\ssl)
  • Generate the keystore as follows
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass myPass -keysize 2048

  • You will need to fill in the prompts that follow
                        Use something you will remember.
                First & Last Name:  
                        Use the domain or IP that you will be using to
                        access the site with.
                        If you're only hitting tomcat from the local machine
                        use "localhost".
                        If you don't, the user will be warned that the certificate
                        is for a different domain.
                Organizational Unit: 
                Name of your organization:
                Name of your city:
                Name of your state or province.
                The two letter contry code for this unit.
                        Make sure it's upper case ("ZA")
        You will be shown all of your entries and asked to confirm.
        (Is CN=localhost, OU=SXI, O=SXI, L=Johannesburg, ST=Gauteng, C=ZA correct?)
                Hit enter.
        You will be asked for your password again with the option to 
        just hit enter.
                Hit enter

  • You should now have a keystore.jks file in C:\SSL

TO Configure Tomcat to use this keystore

1. Open server.xml, located in TOMCAT\conf. 
(Or right click on the tomcat server in netbeans and click on edit server.xml)
2. Find and uncomment the SSL <Connector port entry.
        NOTE: XML uses the "<!--" start and "-->" end symbols 
                to begin and end comments.
        NOTE: There is a comment just above it that looks like this:
         <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

3. Add two more attributes to this tag:
4. Restart Tomcat.

Example of the section to configure in the server.xml file:

    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
    <Connector port="8443"
               keystorePass="myPass" />

Export the generated server certificate in keystore.jks into the file server.cer

keytool -export -alias selfsigned -storepass myPass -file server.cer -keystore keystore.jks

(NB: the alias >selfsigned< must exist in the keystore)

To add the server certificate to the truststore file sxi.jks 

Run keytool from the directory where you created the keystore and server certificate.

keytool -import -v -trustcacerts -alias selfsigned -file server.cer -keystore /path/to/keystoredir/myServersKey.jks -keypass myPass -storepass myPass

/path/to/keystoredir is obviously the path to where the keystore that your application is going to use (In java you set this property as follows:

System.setProperty("", "/path/to/keystoredir/myServersKey.jks");
If you get keytool error: java.lang.Exception: Input not an X.509 certificate check that the server.cer is not 0 bytes

I hope I can refer to this many times and not have to get the into from loads of different sites in the future again ;)

Friday, February 21, 2014

Ubuntu 13.10 connect to MS VPN Server

I was not able to make a VPN connection to a MS site. I tried Cisco Anyconnect (openconnect), Cisco Compaitble VPN (vpnc ), OpenVPN or PPTP (the default)

This was a real source of frustration and the "IT guy" kept telling me that I should just install Windows and have done with it.

Turns out that this is SIMPLE to fix.

Setup a new PPTP Connection Type.

Click the "Advanced" button.  I disabled EAP but when I clicked Use Point-to-Point encryption(MPPE) under "Security and Compression" the window above for "Allow the following authentication methods:" changed and EAP was greyed out.

I then selected "128-bit (most secure)" from the "Security:" drop down menu and clicked OK

I was then able to successfully connect to a MS VPN Server.

Hope this helps... I know in the future it will definitely save me time and effort when setting this up again.

So there Mr. MS "IT guy" ... 

Thursday, February 20, 2014

Netbeans 7.4 bold menus in Ubuntu

I have suffered with this problem many times when using Netbeans in Ubuntu and I finally decided not get to the bottom of it.

The problem started only after I installed Wine.  Wine install a whole load of fonts so this was definitely where to look for the problem.

I found out that if I remove the fonts-unfonts-core package my menus go back to normal.  to remove the package run the following

sudo apt-get remove fonts-unfonts-core

I still had a smaller problem in that the menus don't have a border and when they are drawn over a busy development screen it takes me longer to find the item I am looking for.

I found the following tip when trying to fix the bold menu issue and have now made all my netbeans installations look the same.  I think this is a much cleaner theme for netbeans.  It makes it far easier for me to use netbeans at least.

You need to run netbeans with the following switch "
--laf Nimbus

So your command to launch will look as follows

"/home/whatever/netbeans-7.4/bin/netbeans" --laf Nimbus