Here are a few simple steps to setup a basic PKI; this will involve creating a root CA and then signing some certificates with the root CA:
Update your ssl configuration as per this link:
https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/
Create the Root CA
Create a root CA private key:
openssl genrsa -aes256 -out ca.key.pem 4096
Enter the pass phrase to protect the file.
Create the root CA certificate:
openssl req -new -x509 -days 365 -key ca.key.pem -out ca.cert.pem
Enter the pass phrase you entered when creating the root private key.
Enter the values for prompted questions for the certificate.
Create a server certificate
Generate a server private key:
openssl genrsa -aes256 -out my.test.cert.com.key.pem 4096
Enter the pass phrase to protect the file.
Now we can create a certificate signing request (CSR) to allow us to sign the server certificate with the root CA (you can also do this with an intermediate CA)
openssl req -new -key my.test.cert.com.key.pem -out sign-request.csr
Enter the pass phrase you entered when creating the root private key.
Enter the values for prompted questions for the certificate.
Now you can sign a new client certificate (using sha1 message digest) for your server with the CSR:
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -in sign-request.csr -out my.test.cert.com.pem -md sha1
Enter the pass phrase you entered when creating the root private key.
Create a client certificate
Generate a client private key:
openssl genrsa -aes256 -out client.key.pem 4096
Enter the pass phrase to protect the file.
Now we can create a certificate signing request (CSR) to allow us to sign the client certificate with the root CA (you can also do this with an intermediate CA)
openssl req -new -key client.key.pem -out client-sign-request.csr
Enter the pass phrase you entered when creating the root private key.
Enter the values for prompted questions for the certificate.
Now you can sign a new client certificate (using sha1 message digest) for your server with the CSR:
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -in client-sign-request.csr -out client.cert.pem -md sha1
Enter the pass phrase you entered when creating the root private key.
References:
https://jamielinux.com/articles/2013/08/act-as-your-own-certificate-authority/
https://jamielinux.com/articles/2013/08/create-and-sign-ssl-certificates-certificate-authority/
creative-couch
The Creative Couch to inspire ideas and share knowledge.
Wednesday, July 30, 2014
Wednesday, July 9, 2014
SED unix utility explained
SED is a great unix utility that enables you to manipulate the contents of a file with simple regular expressions. Say for instance if you wanted to remove the first line in a file:
sed -i '1d' /filepath/hello.txt
The above command specified to insert the text into the file i.e. modify the file specified after the command.
The '1d' tells sed to delete the first line from the file.
You can also replace text in files e.g:
sed -i 's/text your looking for/text you want to replace it with/' /filepath/hello.txt
The above statement will find the text: "text your looking for" and replace it with "text you want to replace it with" the 's' in the beginning stands for pattern space. The syntax explained:
s/regex/replacement/
Have fun with it!
sed -i '1d' /filepath/hello.txt
The above command specified to insert the text into the file i.e. modify the file specified after the command.
The '1d' tells sed to delete the first line from the file.
You can also replace text in files e.g:
sed -i 's/text your looking for/text you want to replace it with/' /filepath/hello.txt
The above statement will find the text: "text your looking for" and replace it with "text you want to replace it with" the 's' in the beginning stands for pattern space. The syntax explained:
s/regex
Have fun with it!
Wednesday, January 8, 2014
Java bitwise operations and bit masks
I recently needed to refresh my understanding of simple bitwise operations.
Here is a good article i used to understand it: http://rodrigosasaki.com/2013/06/06/bit-shift-and-bitwise-operators/
This article explains how to represent various options in a bit mask: http://www.vipan.com/htdocs/bitwisehelp.html
Thursday, January 2, 2014
Sunday, June 30, 2013
Login via ssh without providing a password
Here are the easy steps to add you public ssh keys onto a remote host so you dont have to continue entering your password when connecting via ssh:
I am running osx so I had to install ssh-copy-id (tool that allows you to copy the public ssh key to remote host) from a port to OSX from:
Then generate your public key and send to the remote host:
I am running osx so I had to install ssh-copy-id (tool that allows you to copy the public ssh key to remote host) from a port to OSX from:
curl https://raw.github.com/beautifulcode/ssh-copy-id-for-OSX/master/ssh-copy-id.sh -o /usr/local/bin/ssh-copy-id
chmod +x /usr/local/bin/ssh-copy-id
Then generate your public key and send to the remote host:
Step 1: Create public and private keys using ssh-key-gen on local-host
jsmith@local-host$ [Note: You are on local-host here] jsmith@local-host$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key] Enter passphrase (empty for no passphrase): [Press enter key] Enter same passphrase again: [Pess enter key] Your identification has been saved in /home/jsmith/.ssh/id_rsa. Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub. The key fingerprint is: 33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host
Step 2: Copy the public key to remote-host using ssh-copy-id
jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host jsmith@remote-host's password: Now try logging into the machine, with "ssh 'remote-host'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.
Step 3: Login to remote-host without entering the password
jsmith@local-host$ ssh remote-host Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2 [Note: SSH did not ask for password.] jsmith@remote-host$ [Note: You are on remote-host here]
Thursday, May 23, 2013
ThreadLocal in thread pools
ThreadLocals not happy in Thread Pools
I recently ran into a problem where i was trying to propogate a value over using a ThreadLocal.
The problem was i was doing it in a scenario where the threads being executed where in a thread pool which cause problems where ThreadLocal values where being shared between different threads.
A better approach is to have a static map which allows you to use the current thread (Thread.currentThread()) to map to your value. Just remember to clear the entry from the map when your done using it so the thread can die.
http://blog.maxant.co.uk/pebble/2008/09/23/1222200780000.html
Tuesday, July 24, 2012
Testing your javascript with BDD
Jasmine is a behavior-driven development framework for testing JavaScript code. It does not depend on any other JavaScript frameworks. It does not require a DOM. And it has a clean, obvious syntax so that you can easily write tests.All you need to do it download the standalone version and cull out the existing files in 'src' and 'specs' directories (they are just examples), implement your test spec and add the source files to the SpecRunner.html and vwala you have a nice little JS test suite. Jasmine Documentation Reference Example Tutorial
Subscribe to:
Posts (Atom)