Wednesday, July 4, 2012

Verify expiry date of SSL Certificate using OpenSSL


Connect to the server using s_client and download the certificate to cert.txt
openssl s_client -connect server:port > cert.txt

Verify the expiry date from the downloaded certificate
openssl x509 -in cert.txt -noout -enddate 

Friday, June 15, 2012

Speed up SSH connections using ControlMaster

It is possible to speed up ssh connections from the same host by using ControlMaster. What we need is establish a ControlMaster connection to the host and all the subsequent connection from the same host will be allowed with out prompting for passwords.

The configuration required is simple. Just create a file ~/.ssh/config and add the contents provided below.

vi ~/.ssh/config
Host *
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster auto


For more information refer man page

man 5 ssh_config

Monday, April 25, 2011

Monday, February 21, 2011

Linux timeline

DateEvent
1984
January 1984Richard Stallman quits his job at MIT and starts working on the GNU Project.
1985
Month unknownFree Software Foundation, an organization for creating and promoting free software, is founded by Richard Stallman.
March 1985The GNU manifesto, a statement by Richard Stallman advocating the cause of free software movement, is published in the March 1985 issue of Dr. Dobb's Journal
1991
August 25 1991Linus conceives the idea of Linux and announces the project in a Usenet Post
September 1991Version 0.01 is released on the Net
1992
January 1992First Linux Newsgroup: alt.os.linux founded in the UseNet
April 1992Ari Lemmke starts the popular Linux newsgroup comp.os.linux in the UseNet
November 1992Adam Richter announces the release of the first Linux Distribution from his company: Yggdrasil
1993
June 1993Slackware, the famous Linux distribution is released by Peter Volkerding
August 1993Matt Welsh releases Linux Installation and getting started: version 1
1994
March 1994Linux kernel version 1.0 is released

Wednesday, February 16, 2011

write command in linux

We can broadcast message through terminal using wall command, but, what if we want to send a message to a particular used through terminal.

We can use write command for this.

root@host# w
18:23:38 up 10 days, 10:03, 2 users, load average: 0.17, 0.02, 0.22
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 xx.xx.xx.xx 10:48 0.00s 0.02s 0.03s -ksh
diju pts/3 xx.xx.xx.xx Tue18 17:18m 0.00s 0.01s sshd: diju [priv]


root@host# write diju pts/3

Hello are you working on the mail server issue, I am asked to troubleshoot the same.

root@host#

After typing “write diju pts/3" as the command hit enter key once.
Then type the message and hit ctrl+d to exit from the write session


Some commonly used SED oneliners

Commonly used SED one liners

# double space a file
sed G

# triple space a file
sed 'G;G'

# remove double-spacing
sed 'n;d'

# count lines
sed -n '$='

# convert DOS newlines (CR/LF) to Unix format
sed 's/.$//'

# delete leading whitespace (spaces, tabs) from begining of each line
sed 's/^[ \t]*//'

# delete trailing whitespace (spaces, tabs) from end of each line
sed 's/[ \t]*$//'

# delete BOTH leading and trailing whitespace from each line
sed 's/^[ \t]*//;s/[ \t]*$//'

# substitute "chit" with "chat" on each line
sed 's/chit/chat/' # replaces only 1st instance in a line
sed 's/chit/chat/2' # replaces only 2nd instance in a line
sed 's/chit/chat/g' # replaces ALL instances in a line

# substitute "chit" with "chat" ONLY for lines which contain "tea"
sed '/tea/s/chit/chat/g'

# substitute "chit" with "chat" EXCEPT for lines which contain "tea"
sed '/tea/!s/chit/chat/g'

# print first 5 lines of file
sed 5q

# print first line of file
sed q

# print last 10 lines of file
sed -e :a -e '$q;N;11,$D;ba'

# print last line of file
sed '$!d'

# print only lines which match regular expression
sed -n '/pattern/p'
or
sed '/patttern/!d'

# print only lines which do NOT match pattern
sed -n '/pattern/!p'
sed '/pattern/d'

Thursday, January 27, 2011

JAVA Keytool

Ohhhh Goodness......!

Dealing with lots of Java stuff now a days, that too with SSL certificates

So though of sharing some information ( commands rather which I commonly use) on it..

This world is no more secure....! . Especially when it comes to communication, needs to be more cautious.

To protect information passed to and from a web site we use encryption using SSL/TLS. we need a way to certify the identity of either the client or the server or the both (in the case of two way SSL) . The client can authenticate using using a username and password, but the server needs some mechanism to prove that the information you are sending to it actually ends up in the right hands.

Take the case of a credit card transaction. We need to know that we are communicating to the correct party and that the information we are passing are transmitted in a secure way and also that the the message is not tampered. HTTPS solves the above problems. It guarantees the identity of the server (and optionally, also the identity of the client) through the usage of certificates as well as provide encryption for the communication.

PKI - Every entity is associated with one public and one private key. When two entities communicate both parties use their own private key and their counterparts use the public key, to make sure that only the two entities can talk to each other.

A public key is essentially a publically available number associated with a particular entity, and everyone who is supposed to communicate securely with the entity should know this number.

A private key is also a number, but one that is kept a secret. In a typical public key crypto system, such as DSA, a private key corresponds to exactly one public key.

Only the private key can be used to create a signature, but the public key can be used to verfiy the signature. This means that the private/public key combination means that an entity can guarantee that it knows its private key without giving away what it is.

"keytool is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers."

Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. Java Keytool stores the keys and certificates in what is called a keystore. A Keytool keystore contains the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.

Each certificate in a Java keystore is associated with a unique alias. When creating a Java keystore you will first create the .jks file that will initially only contain the private key. You will then generate a CSR and have a certificate generated from it. Then you will import the certificate to the keystore including any root certificates.

Below, we have listed the most common Java Keytool keystore commands and their usage:

Java Keytool Commands for Creating and Importing

These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

  • Generate a certificate signing request (CSR) for an existing Java keystore

keytool -certreq -alias "mydomain" -keystore keystore.jks -file mydomain.csr

  • Import a root or intermediate CA certificate to an existing Java keystore

keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks

  • Import a signed primary certificate to an existing Java keystore

keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

  • Generate a keystore and self-signed certificate

keytool -genkey -keyalg RSA -alias "selfsigned" -keystore keystore.jks -storepass "password" -validity 360

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java keystore, use these commands.

  • Check a stand-alone certificate

keytool -printcert -v -file mydomain.crt

  • Check which certificates are in a Java keystore

keytool -list -v -keystore keystore.jks

  • Check a particular keystore entry using an alias

keytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands

  • Delete a certificate from a Java Keytool keystore

keytool -delete -alias "mydomain" -keystore keystore.jks

  • Change a Java keystore password

keytool -storepasswd -new new_storepass -keystore keystore.jks

  • Export a certificate from a keystore

keytool -export -alias mydomain -file mydomain.crt

  • List Trusted CA Certs

keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

  • Import New CA into Trusted Certs

keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts