Using SSL Certificates with the Apache Tomcat Web Server
Free tools like openssl, keytool, and KeyStore Explorer can be used to transform common SSL certificate formats into archives that are compatible with web servers like Apache Tomcat.
Linux
Node.js: Connecting to MySQL on a socket with Sequelize
According to its official description, “Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server.” Sequelize is widely used in Node.js web applications to abstract the database layer. I recently found a “corner case” for Sequelize which is possible to accomplish, but is not well documented anywhere on the web. …
Node.js: Connecting to MySQL on a socket with Sequelize Read More »
Use an SSL/TLS Certificate with ESET Security Management Center Appliance
ESET Security Management Center (ESMC) is the replacement for the ESET Remote Administrator (ERA) Server. You can install ESMC as a “virtual appliance” which will run on hosts such as VMWare or Linux/KVM/QEMU. Under the hood, this appliance is a CentOS 7 server running the Apache Tomcat web server. ESMC is implemented as a Java …
Use an SSL/TLS Certificate with ESET Security Management Center Appliance Read More »
Testing Access to Google Bigtable
This is a minimal PHP script that’s useful for verifying connectivity and permissions to read data from a Google Bigtable instance. Unlike some of the sparse examples in Google’s PHP SDK, this script will work for any table, and you don’t need to know anything about the structure of the table. This script tests the …
curl or libcurl: SSL certificate problem: unable to get local issuer certificate
curl, or an application that uses libcurl, may have a problem with an SSL certificate that works fine when using a web browser to access the same URL. Typical error output from curl looks like this: $ curl -v https://my-subdomain.mysecuresite.com Trying xxx.xxx.xxx.xxx:443… TCP_NODELAY set Connected to my-subdomain.mysecuresite.com (xxx.xxx.xxx.xxx) port 443 (#0) ALPN, offering h2 ALPN, …
curl or libcurl: SSL certificate problem: unable to get local issuer certificate Read More »
Monitoring a switch or router port via SNMP
Most business-class switches and routers support monitoring via SNMP. The main barrier to implementing SNMP monitoring is that so many parameters can be monitored, and it can be very hard to isolate the most important parameters. This example shows how to monitor the status of a specific port. Note that the term “port” includes link …
openssl unable to read/load/import SSL private key from GoDaddy
openssl is the standard open-source, command-line tool for manipulating SSL/TLS certificates on Linux, MacOS, and other UNIX-like systems. I recently ran into an interesting problem using openssl to convert a private key obtained from GoDaddy. Someone else used GoDaddy’s “wizard” interface to generate a certificate signing request (CSR) and private key, and saved the files …
openssl unable to read/load/import SSL private key from GoDaddy Read More »
Nginx default user changed in RedHat/CentOS package nginx-1.16.1-1.el7
The latest Nginx rpm (nginx-1.16.1-1.el7) from EPEL for CentOS/Redhat is a fairly major update, from version 1.12 to 1.16, and includes some very important fixes to address multiple CVEs. There is another small but critical change in the latest RPM that isn’t mentioned in the bug report. RedHat had configured nginx to run as user “apache” …
Nginx default user changed in RedHat/CentOS package nginx-1.16.1-1.el7 Read More »
mount.cifs error 13 after update (CentOS/RedHat Linux 7.6)
How to fix “permission denied” error when attempting to mount a CIFS share on RedHat/CentOS Linux 7.
Secure, Automated Network Device Backups
You probably have at least a few business-class switches and routers silently do their job, year after year. Network devices can be so reliable that we configure them once, and then forget that they exist. However, forgetting them is a really bad idea, since they require regular OS or firmware updates to patch vulnerabilities, and …