Read this:
http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html
Once you give up reading that, try this stuff:
wget the url to see if it exists:
wget --no-check-certificate https://www.myDomain.com.au
Check certificate for a url:
openssl s_client -connect www.mydomain.com.au:443
If it's self signed (ie the issuer is the same as the certificate), you can add it to your trusted certicates:
Copy the data inbetween the begin/end tags and put it into a file called myCertificateName.pem
-----BEGIN CERTIFICATE-----
<certificate data>
-----END CERTIFICATE-----
Convert it to a DER file by doing this:
openssl x509 -in myCertificateName.pem -inform PEM -out myCertificateName.der -outform DER
Test the certificate
openssl s_client -CApath /path/to/your/certificate/folder/ -connect www.myDomain.com.au:443
Add this certificate to your java cacerts file. This will ask you for your cacerts password.
Check to see if the certificate is in there and check when it expires. If it has expired, remove it. All these actions will ask for a password.
Read cacerts:
/usr/java/jdk1.6.0_18/jre/bin/keytool -list -v -keystore /home/myUser/certs/cacerts
Delete a cert:
keytool -delete -alias myAlias -keystore /usr/java/jdk1.6.0_18/jre/lib/security/cacerts
Import a cert:
/usr/java/jdk1.6.0_18/jre/bin/keytool -import -v -keystore /home/myUser/certs/cacerts -file /home/myUser/certs/thawte_Premium_Server_CA.pem -alias thawtePremiumServerCA
If the root certificate is missing or another link in the chain of issuers are missing:
wget the root or other issuer certificate from the trusted certificate authorities website:
wget https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
Follow the other steps of adding a certificate.
Other commands: make your own testing HTTPS certificate:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Tuesday 8 November 2011
LSOF Sort
Stolen from somewhere. How to sort lsof by file size or most files open. Useful when you have read speed issues, too many open files, too many large files open.
Check your read/write speeds:
sort by size:
sudo lsof -s | awk '$5 == "REG"' | sort -n -r -k 7,7 | head -n 50
process with most files open:
sudo lsof | awk '$5 == "REG" {freq[$2]++ ; names[$2] = $1 ;} END {for (pid in freq) print freq[pid], names[pid], pid ; }' | sort -n -r -k 1,1
Check your read/write speeds:
hdparm -tT /dev/sdasort by size:
sudo lsof -s | awk '$5 == "REG"' | sort -n -r -k 7,7 | head -n 50
process with most files open:
sudo lsof | awk '$5 == "REG" {freq[$2]++ ; names[$2] = $1 ;} END {for (pid in freq) print freq[pid], names[pid], pid ; }' | sort -n -r -k 1,1
Wednesday 2 November 2011
Ben ain't heavy
Stuff I forget:
#run a web service with full detail debugging, xml file is a soap message
wget --debug --post-file='things.xml' --header='Content-Type:application/soap+xml;charset=UTF-8' http://localhost:8088/someService
#monitor all traffic for a web service (this will not be as useful with HTTPS as the https data will appear as encrypted)
sudo /usr/sbin/tcpdump host 10.1.1.2 -i eth0 -vv
#search all jars; unzip and search for stuff
find . -type f -name '*.jar' -print0 | xargs -n1 -0i sh -c 'unzip -t "{}" | grep -nH SomeSearchCriteria && echo "{}"'
#find anything and grep it in a file that is not a log file
sudo find . -type f \( ! -iwholename "*log*" \) -exec grep -HniI "someTerm" {} \;
sudo find . -type f \( ! -iwholename "*log*" \) -exec egrep -Hn "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" {} \;
#search inside zips
find . -type f -name '*.zip' -print0 | xargs -n1 -0i sh -c 'unzip -t "{}" | grep -nH sql && echo "{}"'
#find any hardcoded IP addresses
sudo find . -type f \( ! -iwholename "*log*" \) -exec egrep -HnI "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" {} \;
#find and grep
find . -type f -exec sed -i 's/Default/BC/g' {} \;
#run a web service with full detail debugging, xml file is a soap message
wget --debug --post-file='things.xml' --header='Content-Type:application/soap+xml;charset=UTF-8' http://localhost:8088/someService
#monitor all traffic for a web service (this will not be as useful with HTTPS as the https data will appear as encrypted)
sudo /usr/sbin/tcpdump host 10.1.1.2 -i eth0 -vv
#search all jars; unzip and search for stuff
find . -type f -name '*.jar' -print0 | xargs -n1 -0i sh -c 'unzip -t "{}" | grep -nH SomeSearchCriteria && echo "{}"'
#find anything and grep it in a file that is not a log file
sudo find . -type f \( ! -iwholename "*log*" \) -exec grep -HniI "someTerm" {} \;
sudo find . -type f \( ! -iwholename "*log*" \) -exec egrep -Hn "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" {} \;
#search inside zips
find . -type f -name '*.zip' -print0 | xargs -n1 -0i sh -c 'unzip -t "{}" | grep -nH sql && echo "{}"'
#find any hardcoded IP addresses
sudo find . -type f \( ! -iwholename "*log*" \) -exec egrep -HnI "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" {} \;
#find and grep
find . -type f -exec sed -i 's/Default/BC/g' {} \;
Subscribe to:
Posts (Atom)