2012 in review

30Dec12

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

600 people reached the top of Mt. Everest in 2012. This blog got about 8,000 views in 2012. If every person who reached the top of Mt. Everest viewed this blog, it would have taken 13 years to get that many views.

Click here to see the complete report.


I just started studying for my VCP certification and needed an easy way to run the free ESXi 5 Hypervisor for learning purposes.

I already had Oracle’s free VirtualBox product on my Windows 7 x64 laptop. Some Googling and I found a ‘recipe’ that worked for me and allowed me to get it working.

VirtualBox version 4.1.14
VMware ESXi  Hypervisor 5.0 Update 1

Create a VirtualBox VM with at least the following

OS type – Linux RedHat (64 bit)
IO APIC Enabled
2 CPUs
SATA Storage controller
Hard Disk 10GB
Intel virtual NIC
2GB of memory

The one restriction seems to be that you can only create 32-bit guests in ESXi on VirtualBox.


Bookmark and Share

StartSSL offers a great service – free SSL certificates that are trusted by most browsers.

When generating a certificate from a Certificate Signing Request they require the private key to be RSA 2048 bits and SHA1. Below are the commands I used setting up Tomcat on windows. It took me a while to get it just right so I thought I would share.

First, create the keystore containing the self signed certificate using the java keytool command. The keypass and storepass must be the same (Tomcat limitation). The important things for StartSSL compatability are the keysize, key algorithm and signing algorithm.

keytool -genkey -keysize 2048 -keyalg RSA -sigalg SHA1withRSA -alias myserver -keystore serverkeystore -keypass changeit -storepass changeit -dname “CN=myserver.mydomain.com,OU=ITS,O=OurCompany,L=Memphis,ST=Tennessee,C=US”

Next create the CSR

keytool -certreq -alias myserver -file myserver.csr -keystore serverkeystore

Copy and paste the contents of the CSR into the StartSSL Certificate wizard when prompted. Once the certificate is issued import it into the keystore along with the Certificate Chain that should be downloaded from the StartSSL site.

keytool -import -alias startsslca -file startssl.ca.cer -keystore serverkeystore -trustcacerts
keytool -import -alias startsslca2 -file startssl.sub.class2.server.ca.cer -keystore serverkeystore -trustcacerts
keytool -import -alias myserver -file myserver.mydomain.com.cer -keystore serverkeystore

Now, modify the Tomcat server.xml file to enable SSL and restart Tomcat. Sample SSL section below using port 8443.

<!– Define a SSL HTTP/1.1 Connector on port 8443 –>
<Connector port=”8443″ maxHttpHeaderSize=”8192″
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” keystorePass=”changeit” keystoreFile=”D:\Program Files\Apache\Tomcat55\serverkeystore”/>

Bookmark and Share


Bookmark and Share


I have an iPhone 3GS that is coming up on 2 years old. I keep it up to date and it currently has iOS 4.2.1 installed.

About two weeks ago it started getting very warm and the battery charge would only last about 5 hours. Initially I thought it was a program running in the background that was going crazy. So I rebooted by holding down the Home and Sleep buttons until the screen went blank and then restarted. Same thing continued to happen. Next I made sure I had a current backup in iTunes and then did a Reset / Erase All Content and Settings on the phone. Then, I did a restore from the backup. Same thing. The phone would get very warm and the battery charge would only last 5 hours.

So, I decided to try the battery. I didn’t want to pay Apple $79.00 + $6.95 S&H to change the battery when there was no guarantee this would fix it. So, I researched and purchased a battery and tools from http://www.directfix.com. I chose them because they have taken the time to produce PDF instruction sheets and videos stepping you through the process.

The parts arrived very quickly (2 days) and I successfully replaced the battery and powered the phone back on. Same thing – warm and 5 hours battery life :-(

The only thing left to try was to erase the phone and then reinstall all of the applications and settings manually, not using a backup. So, on the phone I did a Reset / Erase All Content and Settings. Then, I hooked up to iTunes and selected Setup as a new iPhone and went through the process of configuring the sync options and reloading all of my apps, music, email etc. and setting up the application settings.

Thankfully, this fixed the issues. My iPhone is now working as expected; it no longer gets warm and the battery has great life.

Could my phone have become infected with a virus? Or did something trip a bug in iOS? I just hope it wasn’t a virus but I am changing all of my passwords just in case.

Bookmark and Share


Bookmark and Share

We recently had to renew a Verisign certificate for one of our domains.
We installed the renewed certificate and restarted Apache (we are running Apache on RHEL  5). Initially everything looked ok but we then found that Firefox was complaining that it could not validate the certificate although IE, Safari and Chrome did not complain. We also started seeing errors in our Weblogic logs for select applications running under that domain name -

java.io.IOException: weblogic.security.AuthenticationException: Incorrect block length 256 (modulus length 128) possibly incorrect SSLServerCertificateChainFileName set for this server certificate.

We called Verisign Support and they pointed us to the following bulletin

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657&actp=search&viewlocale=en_US

Apparently to use certificates issued by them after October 2010 requires new intermmediate  CAs. The article gives a link to download the required CA Bundle (Primary Intermediate CA and a Secondary Intermediate CA). Instead of supplying a file the page contains the text that has to be copied and pasted to create the certificate file. On Windows 7 using IE9 Beta and on XP using IE 8 we had issues copying and pasting the text; It would paste and look correct in Notepad but Apache would reject the file. In the end I tried using Google Chrome and Notepad on Windows 7 and it finally worked.

In case you run into the same problem, here is a link to Verisign2010.doc for you to use as your SSLCertificateChainFile  in Apache. Save it as verisign.2010.cer – don not open in MS Word (I had to use the .doc extension to be able to upload it to wordpress).

 

http://magictrevor.files.wordpress.com/2010/12/verisign2010.doc


Bookmark and Share

My work laptop was recently upgraded to a Dell Latitude E6500 running Windows 7.
I wanted a mouse that didn’t have a cable or require a dongle. So, I installed a Dell Wireless 370 Bluetooth Mini-card (purchased for $9.95 from eParts and More), installed the Dell drivers and paired the Microsoft Bluetooth Notebook Mouse 5000 that I got on eBay for $29.95.
Everything went smooth except that randomly the mouse would pause / freeze for a few seconds and then start working again. This got annoying very quickly. I did some searching and found quite a lot of posters with the same problem but no solution. I tried various solutions with no success but then found some information that led to a solution that worked for me. I thought I would post here in the hope of helping others solve this frustrating issue.

Go to Control Panel and select Power Options. Select the High Performance plan and then Select Change plan settings. Select Change advanced power settings. Scroll down to USB settings and click the + to expand. Click + to expand USB selective suspend setting. Disable Plugged in and On battery. Click Apply / OK and then close the power plan window.

The mouse will no longer pause / freeze.


Bookmark and Share

We are running SiteScope 10.10 on Windows Server 2003 authenticating against Active Directory using LDAP. We needed to secure SiteScope by using https for the interface and secure LDAP (ldaps) for authentication. The manuals for Version 10.10 are not complete in their instructions on how to do this. This is how we did it.
Note: These instructions work if you have the Enable  configuration files box checked in the Preferences Main Panel. If not checked you will have to use PersistencyViewer.bat in the SiteScope bin directory to make the changes to master.config.
SiteScope runs on Tomcat and has a builtin http server used to display reports. Both have to be reconfigured to use https.
The instructions assume the Domain Controllers are already setup to accept secure ldap connections on port 636.

  1. We use our own Certificate Authority (CA) and so needed SiteScope to trust it. This was done by importing our CA’s root certificate into the correct java certificate store. c:\ss_10.10 is the directory where we have SiteScope is installed. These are the commands we used.
    cd c:\ss_10.10\sitescope\java\lib\security
    ..\..\bin\keytool -import -alias ourca -file our-ca.crt -keystore cacerts

    The default password for the cacerts store is changeit .
  2. Next we changed the ldap service provider values in c:\ss_10.10\SiteScope\groups\user.config from
    ldap://dc.ourdomain.local:389
    to
    [LDAP-SSL]ldap://dc.ourdomain.local:636
  3. Next a keystore was setup for SiteScope to use. Per HP, the keypass and storepass should be the same.
    ..\java\bin\keytool -genkey -alias sitescopeserver -keyalg “RSA” -keystore serverKeystore -keypass changeit -dname “CN=sitescope.ourdomain.local,OU=ITS,O=OurCompany,L=Memphis,ST=Tennessee,C=US” -storepass changeit
  4. Next, a certificate request was generated and sent to the CA
    ..\java\bin\keytool -certreq -alias sitescopeserver -file sitescope_local.csr -keystore serverKeystore -keyalg “RSA”
  5. The issued certificate was then imported into the keystore
    ..\java\bin\keytool -import -trustcacerts -alias sitescopeserver -file c:\Certs\drsitescope_local.crt -keystore serverKeystore
  6. Next, tomcat had to be configured to create an https connector and disable the http connector.
    Edit c:\ss_10.10\SiteScope\Tomcat\conf\server.xml . Comment out the http connector definition and add the https connector definition
        <!– Define a SSL Coyote HTTP/1.1 Connector on port 8443 –>
        <Connector port=”8443″
                   maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
                   enableLookups=”false” acceptCount=”100″
                   debug=”0″ connectionTimeout=”20000″
                   scheme=”https” secure=”true”
                   clientAuth=”false” sslProtocol=”TLS”
                   keystoreFile=”C:\SS_10.10\SiteScope\groups\serverKeystore” keystorePass=”changeit”
                   disableUploadTimeout=”true”
                compression=”on”
                compressionMinSize=”2048″
             noCompressionUserAgents=”gozilla, traviata”
             compressableMimeType=”text/html,text/xml”
                   />
      
  7. Next, edit c:\ss_10.10\SiteScope\groups\master.config and define the new https port and cert password with the following lines
    _httpsActivePort=8889
    _httpSecurePort=8889
    _httpSecureKeyPassword=changeit
    _httpSecureKeystorePassword=changeit
  8. Once all of the above steps were completed we restarted the SiteScope windows service and then in IE went to the new URL https://sitescope.ourdomain.local:8443/SiteScope/ and logged in.



Follow

Get every new post delivered to your Inbox.