Wednesday, March 26, 2014

SSL Keystore cheat sheet

I often find myself scouring the net for how to create a selfsigned certificate and then how to actually use it. So I have now created a Cheat Sheet.

This site has commonly used keytool commands (http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html)

JAVA: how to obtain keystore file for a certification (crt) file

Create store with temporary key inside:

keytool -genkey -alias temp -keystore yourkeystore.jks -storepass Hello1

Then delete existing entry:

keytool -delete -alias temp -keystore yourkeystore.jks -storepass Hello1

Now you've got empty store. You can check that it's empty:

keytool -list -keystore yourkeystore.jks -storepass Hello1

Then import your certificate to the store:

keytool -import -alias alias -file cert_file.crt -keypass keypass -keystore yourkeystore.jks -storepass Hello1

I like to create a directory to keep my certificates in separately. (for this doc I'll use C:\SSL)
Open a command prompt and cd to that dir. (cd c:\ssl)
Generate the keystore as follows

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass myPass -keysize 2048

You will need to fill in the prompts that follow

Password:

Use something you will remember.

First & Last Name:

Use the domain or IP that you will be using to

access the site with.

If you're only hitting tomcat from the local machine

use "localhost".

If you don't, the user will be warned that the certificate

is for a different domain.

Organizational Unit:

SXI

Name of your organization:

SXI

Name of your city:

Johannesburg

Name of your state or province.

Gauteng

The two letter contry code for this unit.

Make sure it's upper case ("ZA")

You will be shown all of your entries and asked to confirm.

(Is CN=localhost, OU=SXI, O=SXI, L=Johannesburg, ST=Gauteng, C=ZA correct?)

Hit enter.

You will be asked for your password again with the option to

just hit enter.

Hit enter

You should now have a keystore.jks file in C:\SSL

TO Configure Tomcat to use this keystore

1. Open server.xml, located in TOMCAT\conf.

(Or right click on the tomcat server in netbeans and click on edit server.xml)

2. Find and uncomment the SSL <Connector port entry.

NOTE: XML uses the "" end symbols

to begin and end comments.

NOTE: There is a comment just above it that looks like this:

3. Add two more attributes to this tag:

keystoreFile="C:\SSL\kekstore.jks"

and:

keystorePass="myPass"

4. Restart Tomcat.

Example of the section to configure in the server.xml file:

<Connector port="8443"

maxHttpHeaderSize="8192"

maxThreads="150"

minSpareThreads="25"

maxSpareThreads="75"

enableLookups="false"

disableUploadTimeout="true"

acceptCount="100"

scheme="https"

secure="true"

clientAuth="false"

sslProtocol="TLS"

keystoreFile="c:\ssl\keystore.jks"

keystorePass="myPass" />

Export the generated server certificate in keystore.jks into the file server.cer

keytool -export -alias selfsigned -storepass myPass -file server.cer -keystore keystore.jks

(NB: the alias >selfsigned< must exist in the keystore)

To add the server certificate to the truststore file sxi.jks

Run keytool from the directory where you created the keystore and server certificate.

keytool -import -v -trustcacerts -alias selfsigned -file server.cer -keystore /path/to/keystoredir/myServersKey.jks -keypass myPass -storepass myPass

/path/to/keystoredir is obviously the path to where the keystore that your application is going to use (In java you set this property as follows:

System.setProperty("javax.net.ssl.trustStore", "/path/to/keystoredir/myServersKey.jks");

If you get keytool error: java.lang.Exception: Input not an X.509 certificate check that the server.cer is not 0 bytes

I hope I can refer to this many times and not have to get the into from loads of different sites in the future again ;)

Friday, February 21, 2014

Ubuntu 13.10 connect to MS VPN Server

I was not able to make a VPN connection to a MS site. I tried Cisco Anyconnect (openconnect), Cisco Compaitble VPN (vpnc ), OpenVPN or PPTP (the default)

This was a real source of frustration and the "IT guy" kept telling me that I should just install Windows and have done with it.

Turns out that this is SIMPLE to fix.

Setup a new PPTP Connection Type.

Click the "Advanced" button. I disabled EAP but when I clicked Use Point-to-Point encryption(MPPE) under "Security and Compression" the window above for "Allow the following authentication methods:" changed and EAP was greyed out.

I then selected "128-bit (most secure)" from the "Security:" drop down menu and clicked OK

I was then able to successfully connect to a MS VPN Server.

Hope this helps... I know in the future it will definitely save me time and effort when setting this up again.

So there Mr. MS "IT guy" ...

Thursday, February 20, 2014

Netbeans 7.4 bold menus in Ubuntu

I have suffered with this problem many times when using Netbeans in Ubuntu and I finally decided not get to the bottom of it.

The problem started only after I installed Wine. Wine install a whole load of fonts so this was definitely where to look for the problem.

I found out that if I remove the fonts-unfonts-core package my menus go back to normal. to remove the package run the following

sudo apt-get remove fonts-unfonts-core

I still had a smaller problem in that the menus don't have a border and when they are drawn over a busy development screen it takes me longer to find the item I am looking for.

I found the following tip when trying to fix the bold menu issue and have now made all my netbeans installations look the same. I think this is a much cleaner theme for netbeans. It makes it far easier for me to use netbeans at least.

You need to run netbeans with the following switch "

--laf Nimbus

So your command to launch will look as follows

"/home/whatever/netbeans-7.4/bin/netbeans" --laf Nimbus

Wednesday, October 9, 2013

Mount my SD Card in Ubuntu 12.04

I had several problems mounting my SD Card in Ubuntu. From NOTHING happening (my worst case of issue ... How can some-one troubleshoot with NO, ZERO messages etc ... to the partitions being mounted but readonly ... So I could never install Raspbmc (or any distro for that matter) onto my Raspberry Pi

Until I came across a post on Ask Ubuntu which pointed me in the right direction.

Turned out to be a permissions issue.

First thing to do is to check the permissions on the hardware device mounting your card. You'll need to find the device name. To do this run the following command:

sudo fdisk -l

Your device will probably be something along the lines of /dev/sdb1, in my case the SD Reader was /dev/mmcblk0p1.

Next you need to get the permissions on this device:

sudo ls -l /dev/mmcblk0p1

Replace "/dev/mmcblk0p1" with your device location. The output will look something like this:

brw-rw---- 1 root disk 179, 1 Feb 3 21:58 /dev/mmcblk0p1

This tells us the device is owned by User 'root' and group 'disk' You need to be a member of group 'disk' to be able to write to the SD card. You can check which groups your a member of with

groups username

In my case I was not a member of the 'disk' group, I rectified this with

sudo usermod -g disk username

This adds you to the group 'disk' which should allow you to now read & write to the SD card

The BIG thing for me was adding my user to the Group 'disk' which sorted everything out. Thanks to Cage for pointing this out.

Hope this helps.

Tuesday, March 12, 2013

Reading .eml files in Win7

I use webmail (Google) however some of my colleagues insist on using MS Outlook.

Often when I get an email from them that contains another email that they forwarded the additional message arrives in an attachment called noname.eml

This freaks me out ... and I have spent much time looking for an app that will read these files (there are some available but I can't really recommend any that stand out as being an elegant solution for me).

I stumbled onto a very simple solution today.

Simply download the file (noname.eml) from your original email
Rename it to noname.mht
Open it with Internet Explorer

No need for any additional software .... which suits me.

Saturday, July 21, 2012

Ubuntu Server Disable screen blanking

This is so simple however I always seem to forget how to do it.

I have an Ubuntu server and often want to run htop over a few days while testing something. The problem is though that the screen keeps going blank. This is fine but then I quickly want to see what the current performance is at a glance while walking past. I don't want to have to press a key to get the screen live again.

As root run the following

setterm -powersave off -blank 0

Here are a few more interesting things you can do with setterm.

Thursday, July 12, 2012

Custom menus in Windows Start Menu

I like to keep bunch of portable utility apps on my Windows machines that I use from time to time. Normally I store these apps in C:\Utils and then just access them via Explorer but recently I have been using one of my new favourite apps (MobaXterm), to access my Linux media centers, a lot and it's becoming a bit of pain to always go via Explorer.

So with that in mind I decided to see if I could create a custom menu in my Start menu and guess what, you can.

To do this all you need to do is:

Right click the Start button and select Properties.
Click the Customize... button

Select one of the following menus that you are not using.
Documents, Downloads, Music, Pictures, Recorded TV or Videos.
I went with Recorded TV.
You can either use Display as a link or Display as a menu.
A link will just be a shortcut to your folder but a menu will display a pop out list, I chose menu because it's one less click.

Click the Start button and you will see the new menu, right click it and select Properties.
Add the folder or folders, you which to appear in your new menu, with the Include a folder... button. While you're there remove any default folders you don't want to appear.

Lastly right click on the new menu again and select Rename to give it a nice name and with that you are done.