Using RapidSSL Certificate from GoGetSSL for Java Server

The following steps show how a RapidSSL certificate obtained through GoGetSSL can be used to secure a Java server.

Step 1: Purchase Certificate

Go to gogetssl and purchase a Standard RapidSSL certificate (should be around $5 / year).

Step 2: Create Keystore

Run:

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore server.keystore

When asked for ‘What is your first and last name?’ enter the domain of your server (can also be a subdomain).

Press ENTER when prompted for ‘Enter key password for <tomcat>’

Step 3: Create CSR 

Run:

keytool -certreq -keyalg RSA -alias tomcat -file server.csr -keystore server.keystore

Open the file server.csr and copy its contents into the clipboard.

Step 4: Upload CSR to GoGetSSL

Login to GoGetSSL and select ‘Manage SSL Certificates’ / All.

Next to the certificate you have just purchased should be a [Generate] button. Click it.

Choose ‘Order Type': ‘New Order’

Choose ‘Web Server Software': ‘Jakart-Tomcat’

Paste the CSR you copied from server.csr.

Choose signature algorithm SHA2.

Click [Validate CSR]

Step 5: Perform Email Validation and Give Your Details

Specify an email address to which the validation email should be sent and click [Next Step].

Also give your details and confirm the RapidSSL terms and conditions.

Note: Now wait a few minutes until you get the email and confirm it when you got it.

Step 6: Import RapidSSL Certificates Into Keystore

You will receive an email with the certificate for the server and the intermediate certificate from RapidSSL.

You’ll need to add both to your keystore.

First the intermediate certificate:

Get it from the email and paste it into a file ‘intermediate.crt’ and put it into the same folder as you keystore. Then run:

keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore server.keystore

You should get a message ‘Certificate was added to keystore’

Then the server certificate:

Get it from the email and paste it into a file ‘server.crt’ and put it into the same folder as you keystore. Then run:

keytool -import -trustcacerts -alias server -file server.crt -keystore server.keystore

You should again get a message ‘Certificate was added to keystore’.

Now you can use server.keystore to secure your Java Webserver with SSL.

Forward All Email from Gmail (even SPAM)

Problem

By default, Gmail does not forward email it considers spam even if it’s configured to forward all email to a designated address.

Solution

You can make Gmail forward ALL emails by following these simple steps:

  1. Go to settings:

  1. Go to Filters and ‘Create a new Filter’

  1. Set Size less than 500 MB and ‘Create Filter with this search’

  1. Then select ‘Never mark as spam’ and [Create Filter]

Note: This will assure that messages marked as SPAM are forwarded. However, it will also result in all messages you sent being copied into your INBOX automatically. To prevent this, add a second filter:

5. Create a new filter

6. In the ‘From’ field put Your Email address and click ‘create filter with this search’.

7. Tick the option ‘Skip the Inbox (Archive it) and click [Create filter]

All done; all your emails should be forwarded from now on.

Remove Hard Disk in Linux in 3 Easy Steps

This guide describes how you can unlink a hard disk from Linux/Unix. This might be useful for instance if you replaced a disk image in Virtual Box or another VM.

WARNING: Do a backup of your virtual machine first or, if you are running on a physical computer, make sure you know what you are doing!

1. Assure the Hard Disk is not mounted

Edit /etc/fstab and assure there is no mount point for any partition of the hard drive.

IMPORTANT: Make sure that as many hard drives are identified by their UUID as possible since Hard Disk ids might change. See here.

2. Delete the Partition

Use fdisk as described here.

fdisk [your disk id eg /dev/sdb]

Note: You can find out the disk id by running fdisk -l (and use sudo if there is no output)

In fdisk running, input:

d

then input (assuming there is only one partition, otherwise give the number of a valid partition and repeat for all paritions):

w

3. Restart Machine

Shut down Linux

Disconnect your hard drive.

Restart Linux.

Your hard disk should be gone and no error should occur when you are staring.

Notes

When you are getting a message upon booting the machine that ‘The superblock could not be read or does not describe a correct ext2 filesystem.’ You are doing something wrong. Just reattach the hard disk in that case and Linux should start again. Make sure your other (not removed disks are identified by UUID as noted above).

 

 

 

Free Cloud Based Load Testing Tools

Good load testing of web and cloud applications should involve many concurrent connections originating from diverse networks. To set up such tests on your own is not trivial and probably very expensive. Thankfully, there are numerous service providers, which allow to use their infrastructure for testing your applications.

A few of these offer free online load tests. These fall into the two categories of free On Demand Tests which usually allow to test a website with 5 to 10 users and free tier accounts, which allow to use a certain number of concurrent users after sign up.

On Demand Tests

The following providers allow to conduct quick on demand tests of websites.

Loadstorm

http://loadstorm.com/

Flood.io

https://flood.io/

Neustar

https://www.neustar.biz/resources/tools/free-website-performance-test

Free Tier Accounts

Furthermore, there are a few services which allow to sign up for a free account, which allows to do some testing with their testing infrastructure:

Blaze Meter

http://blazemeter.com/pricing

=> Free Account with 50 concurrent users

Loader.io

https://loader.io/pricing

=> Free Account with 10000 clients

 

 

Install Oracle JDK with Puppet

Problem

You would like to install Oracle JDK using Puppet.

Using the puppetlabs/java module, you might get an error message such as:

Error: Java distribution oracle-jdk is not supported. at […]/init.pp:57 on node […]

Solution

Use the module puppet-jdk-oracle.

Just follow the installation instruction from the GitHub page.

Note that you might want to set the java version used to the latest available. You can find the latest version and build number from the Oracle JDK downloads page.

To get the build number, you first need to accept the terms and conditions and then check the URL of the link to download the version of the JDK you are interested in:

Also, make sure to configure the right platform: ‘x64′ for 64 bit systems and ‘i586′ for 32 bit systems.

As of 30th of April 2015, this would be the configuration for the latest JDK version on 64 bit Linux:

class { ‘jdk_oracle':

    version => ‘8’,

    version_update => ’45’,

    version_build => ’14’,

    platform => ‘x64′,

    ensure => ‘installed’,

}

MySQL ERROR 2026 (HY000): SSL connection error – Some Troubleshooting Ideas

I just spent a fair amount of time setting up MySQL replication between two servers encrypted by SSL (using MySQL 5.1.73).

I struggled with fixing a nasty error displayed only as ‘ERROR 2026 (HY000): SSL connection error‘.

In the following, I have collected a few possible strategies for resolving this error:

  • Is the password for the user on your server shorter than 36 characters?
  • Do the *.pem files on the server and client have the right file permissions?
  • Do your client and server certificates use a different COMMON NAME?
  • Have you tried a basic SSL setup with only certificate authority certificate (e.g. ca-cert.pem), server certificate (e.g. server-cert.pem) and server key (e.g. server-key.pem) (see). In theory, client certificates are not required for a basic setup.
  • Have you tested your certificates with a simple openssl HTTP server (see)?
  • Is your private key in the PKCS#1 format (file starts with ‘—–BEGIN RSA PRIVATE KEY—–‘)? (see, see)
  • Did you generate your certificates with TinyCA with the default settings?
  • Did you try connecting to the server WITHOUT using the certificate authority certificate (e.g. ca-cert.pem) BUT WITH specifying a client certificate and key?
    • mysql –ssl –ssl-cert=[client_cert] –ssl-key=[client_key] -u[ssluser] -h[server] -p[ssluser psw]
  • Is your certificate ‘simple enough’ for the MySQL SSL implementation e.g. not a chained certificate tree? (see) Or did you use a wildcard certificate (which are not supported) (see).

Good luck :)

Resources