Connect to the server using s_client and download the certificate to cert.txt
openssl s_client -connect server:port > cert.txt
Verify the expiry date from the downloaded certificate
openssl x509 -in cert.txt -noout -enddate
Wednesday, July 4, 2012
Verify expiry date of SSL Certificate using OpenSSL
Connect to the server using s_client and download the certificate to cert.txt
openssl s_client -connect server:port > cert.txt
Verify the expiry date from the downloaded certificate
openssl x509 -in cert.txt -noout -enddate
Friday, June 15, 2012
Speed up SSH connections using ControlMaster
It is possible to speed up ssh connections from the same host by using ControlMaster. What we need is establish a ControlMaster connection to the host and all the subsequent connection from the same host will be allowed with out prompting for passwords.
The configuration required is simple. Just create a file ~/.ssh/config and add the contents provided below.
Host *
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster auto
For more information refer man page
man 5 ssh_config
The configuration required is simple. Just create a file ~/.ssh/config and add the contents provided below.
vi ~/.ssh/config
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster auto
For more information refer man page
man 5 ssh_config
Monday, April 25, 2011
Monday, February 21, 2011
Linux timeline
| Date | Event |
|---|---|
| 1984 | |
| January 1984 | Richard Stallman quits his job at MIT and starts working on the GNU Project. |
| 1985 | |
| Month unknown | Free Software Foundation, an organization for creating and promoting free software, is founded by Richard Stallman. |
| March 1985 | The GNU manifesto, a statement by Richard Stallman advocating the cause of free software movement, is published in the March 1985 issue of Dr. Dobb's Journal |
| 1991 | |
| August 25 1991 | Linus conceives the idea of Linux and announces the project in a Usenet Post |
| September 1991 | Version 0.01 is released on the Net |
| 1992 | |
| January 1992 | First Linux Newsgroup: alt.os.linux founded in the UseNet |
| April 1992 | Ari Lemmke starts the popular Linux newsgroup comp.os.linux in the UseNet |
| November 1992 | Adam Richter announces the release of the first Linux Distribution from his company: Yggdrasil |
| 1993 | |
| June 1993 | Slackware, the famous Linux distribution is released by Peter Volkerding |
| August 1993 | Matt Welsh releases Linux Installation and getting started: version 1 |
| 1994 | |
| March 1994 | Linux kernel version 1.0 is released |
Wednesday, February 16, 2011
write command in linux
We can broadcast message through terminal using wall command, but, what if we want to send a message to a particular used through terminal.
We can use write command for this.
root@host# w
18:23:38 up 10 days, 10:03, 2 users, load average: 0.17, 0.02, 0.22
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 xx.xx.xx.xx 10:48 0.00s 0.02s 0.03s -ksh
diju pts/3 xx.xx.xx.xx Tue18 17:18m 0.00s 0.01s sshd: diju [priv]
root@host# write diju pts/3
Hello are you working on the mail server issue, I am asked to troubleshoot the same.
root@host#
After typing “write diju pts/3" as the command hit enter key once.
Then type the message and hit ctrl+d to exit from the write session
Some commonly used SED oneliners
Commonly used SED one liners
# double space a file
sed G
# triple space a file
sed 'G;G'
# remove double-spacing
sed 'n;d'
# count lines
sed -n '$='
# convert DOS newlines (CR/LF) to Unix format
sed 's/.$//'
# delete leading whitespace (spaces, tabs) from begining of each line
sed 's/^[ \t]*//'
# delete trailing whitespace (spaces, tabs) from end of each line
sed 's/[ \t]*$//'
# delete BOTH leading and trailing whitespace from each line
sed 's/^[ \t]*//;s/[ \t]*$//'
# substitute "chit" with "chat" on each line
sed 's/chit/chat/' # replaces only 1st instance in a line
sed 's/chit/chat/2' # replaces only 2nd instance in a line
sed 's/chit/chat/g' # replaces ALL instances in a line
# substitute "chit" with "chat" ONLY for lines which contain "tea"
sed '/tea/s/chit/chat/g'
# substitute "chit" with "chat" EXCEPT for lines which contain "tea"
sed '/tea/!s/chit/chat/g'
# print first 5 lines of file
sed 5q
# print first line of file
sed q
# print last 10 lines of file
sed -e :a -e '$q;N;11,$D;ba'
# print last line of file
sed '$!d'
# print only lines which match regular expression
sed -n '/pattern/p'
or
sed '/patttern/!d'
# print only lines which do NOT match pattern
sed -n '/pattern/!p'
sed '/pattern/d'
Thursday, January 27, 2011
JAVA Keytool
Ohhhh Goodness......!
So though of sharing some information ( commands rather which I commonly use) on it..
This world is no more secure....! . Especially when it comes to communication, needs to be more cautious.
To protect information passed to and from a web site we use encryption using SSL/TLS. we need a way to certify the identity of either the client or the server or the both (in the case of two way SSL) . The client can authenticate using using a username and password, but the server needs some mechanism to prove that the information you are sending to it actually ends up in the right hands.
Take the case of a credit card transaction. We need to know that we are communicating to the correct party and that the information we are passing are transmitted in a secure way and also that the the message is not tampered. HTTPS solves the above problems. It guarantees the identity of the server (and optionally, also the identity of the client) through the usage of certificates as well as provide encryption for the communication.
PKI - Every entity is associated with one public and one private key. When two entities communicate both parties use their own private key and their counterparts use the public key, to make sure that only the two entities can talk to each other.
A public key is essentially a publically available number associated with a particular entity, and everyone who is supposed to communicate securely with the entity should know this number.
A private key is also a number, but one that is kept a secret. In a typical public key crypto system, such as DSA, a private key corresponds to exactly one public key.
Only the private key can be used to create a signature, but the public key can be used to verfiy the signature. This means that the private/public key combination means that an entity can guarantee that it knows its private key without giving away what it is.
"keytool is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers."
Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. Java Keytool stores the keys and certificates in what is called a keystore. A Keytool keystore contains the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.
Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key. You will then generate a CSR and have a certificate generated from it. Then you will import the certificate to the keystore including any root certificates.
Below, we have listed the most common Java Keytool keystore commands and their usage:
Java Keytool Commands for Creating and Importing
These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.
- Generate a certificate signing request (CSR) for an existing Java keystore
keytool -certreq -alias "mydomain" -keystore keystore.jks -file mydomain.csr
- Import a root or intermediate CA certificate to an existing Java keystore
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
- Import a signed primary certificate to an existing Java keystore
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
- Generate a keystore and self-signed certificate
keytool -genkey -keyalg RSA -alias "selfsigned" -keystore keystore.jks -storepass "password" -validity 360
Java Keytool Commands for Checking
If you need to check the information within a certificate, or Java keystore, use these commands.
- Check a stand-alone certificate
keytool -printcert -v -file mydomain.crt
- Check which certificates are in a Java keystore
keytool -list -v -keystore keystore.jks
- Check a particular keystore entry using an alias
keytool -list -v -keystore keystore.jks -alias mydomain
Other Java Keytool Commands
- Delete a certificate from a Java Keytool keystore
keytool -delete -alias "mydomain" -keystore keystore.jks
- Change a Java keystore password
keytool -storepasswd -new new_storepass -keystore keystore.jks
- Export a certificate from a keystore
keytool -export -alias mydomain -file mydomain.crt
- List Trusted CA Certs
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
- Import New CA into Trusted Certs
keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
Subscribe to:
Posts (Atom)