Friday, December 4, 2020

Convert a SSL certificate from crt to PFX (GoDaddy)

When you're creating a .pfx, you'll need a copy of the private key from your server, as well as the .crt file that you downloaded from GoDaddy.

When you download certificates from Go daddy portal you will get files something like this

Rename files first Main root certificates as Certificate.crt and other gd file which is intermediate file as supporting more file.

You can use OpenSSL commands in command line to create the PFX, I'm including a sample below:

openssl pkcs12 -export -out certificate.pfx -inkey generated-private-key.txt -in certificate.crt -certfile more.crt

This will create a certificate.pfx file from your private key, as well as the .crt you downloaded.

You'll just need to make sure that you update the names in the sample code above to match your certificate/private key information.

user@server:~$ cd Certs_Apache /

user@server:~/ Certs_Apache$ openssl pkcs12 -export -out certificate.pfx -inkey generated-private-key.txt -in certificate.crt -certfile more.crt

unable to load private key

140238327080608:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

When you convert the cert by using the openssl you can get the above error sometime

For above error solution is to check the .key file encoding.

Carry out the following steps: open the .key file with Visual Studio Code or Notepad++ and verify that the .key file has UTF-8 encoding. In my case, the file had UTF-8 with BOM encoding, so I saved the file with just UTF-8, and then tried the conversion again:

In addition, make sure that .key file has a valid scheme:

-----BEGIN PRIVATE KEY-----

Cipher here

-----END PRIVATE KEY-----

user@server:~/Certs_Apache$ openssl pkcs12 -export -out certificate.pfx -inkey generated-private-key.txt -in certificate.crt -certfile more.crt

Enter Export Password:

Verifying - Enter Export Password:

user@server:~/ Certs_Apache $

It will prompt for password for pfx file which needs to provide for verification. Which is required while importing certificate.

Tuesday, November 10, 2020

Create Local YUM Repository with DVD in RHEL 7

Create Source

Mount the CD/DVD ROM on any directory of your wish. For testing, mount it on /cdrom.

#mkdir /cdrom

#mount /dev/cdrom /cdrom

Create Repo file

Before creating a repo file, move your existing repo files present in /etc/yum.repos.d directory, if not required.

#mv /etc/yum.repos.d/*.repo /tmp/

Create the new repo file called cdrom.repo under /etc/repos.d directory.

#vi /etc/yum.repos.d/local.repo

Add the following details.

[LocalRepo]

name=LocalRepository

baseurl=file:///cdrom

enabled=1

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Where,

[LocalRepo] = Repository Name which will be displayed during package installation

name = Name of the repository

baseurl = Location of the package

Enabled = Enable repository

gpgcheck = Enable secure installation

gpgkey = Location of the key

gpgcheck is optional (If you set gpgcheck=0, there is no need to mention gpgkey)

Install Package from Local DVD YUM repository

Clear the repository cache by issuing the following command.

#yum clean all

Let’s install the vsftpd package from the local repository.

#yum install vsftpd

How to mount CD/DVD ROM on CentOS / RHEL Linux

System

CentOS 6/7/8, RHEL 6/7/8

How to mount CD/DVD ROM on CentOS / RHEL Linux step by step instructions

Locate CD/DVD block device: First we need to find a correct CD/DVD block device. To do this execute a command blkid as root user:

# blkid

/dev/sda1: UUID="d9704e79-b05e-4c9d-b94a-09643ba70592" TYPE="xfs" PARTUUID="83288aa1-01"

/dev/sda2: UUID="21291424-9d73-4c7e-b039-ce311702c75f" TYPE="swap" PARTUUID="83288aa1-02"

/dev/sr0: UUID="2019-08-15-21-52-52-00" LABEL="CentOS-8-BaseOS-x86_64" TYPE="iso9660" PTUUID="3e04f576" PTTYPE="dos"

Take a note of the relevant block device eg. /dev/sr0 and optionally also take a note of the shown UUID 2019-08-15-21-52-52-00.

Create Mount Point:
Mount point will be a directory where you wish to mount your CD/DVD drive. It can be any arbitrary directory. For example in this case we will be using /media/iso as a directory mount point:

# mkdir /media/iso

Mount CD/DVD:
We are now ready to mount CD/DVD by using the mount command:

# mount /dev/sr0 /media/iso/

mount: /media/iso: WARNING: device write-protected, mounted read-only.

At this point you should be able to access all files on your CD/DVD drive:

   $ ls /media/iso/

   AppStream  BaseOS  EFI  images  isolinux  media.repo  TRANS.TBL

Permanent CD/DVD mount:

To mount your drive permanently edit /etc/fstab by adding the following line. Change UUID and mount point to fit your environment:

UUID=2019-08-15-21-52-52-00             /media/iso                iso9660 ro,user,auto  0 0

Once ready mount the CD/DVD by:

   # mount /media/iso/

Wednesday, October 3, 2018

Cancelling running Tasks on Nutanix AHV

Nutanix Controller VM

nutanix@192.168.15.40's password:

Last login: Wed Oct 3 20:45:53 IST 2018 from 192.168.15.21 on ssh

Last login: Wed Oct 3 20:46:03 2018 from 192.168.14.27

nutanix@NTNX-16SM60490506-B-CVM:192.168.15.21:~$ acli

<acropolis> task.list

Task UUID Parent Task UUID Component Sequence-id Type Status

8e1891db-8684-4a96-a82a-255bcdd46e76 Acropolis 1654 kVmDiskUpdate kSucceeded

fb4c9fc5-d1a4-4ee0-b85f-bffe5aa3b277 Nutanix Guest Tools 11 MountGuestTools kSucceeded

e97eeae1-6769-4b99-8697-500ee6fc4a49 a5f5b02f-31b4-4949-a9ef-bc6306ca83c5 Acropolis 1653 kVmSetPowerState kSucceeded

a5f5b02f-31b4-4949-a9ef-bc6306ca83c5 Uhura 988 VmChangePowerState kSucceeded

d93385de-20aa-4ea3-82be-34eae61963e3 b242c17f-6bc2-456a-b48d-8a047aa9df5e Acropolis 1652 kVmUpdate kSucceeded

b5e06fb1-9bd9-4846-91d3-c92bace664de Acropolis 1650 kImageCreate kRunning

351990a6-f901-4d98-8775-97fe1f7a6148 Acropolis 1649 kImageCreate kRunning

<acropolis> task.get b5e06fb1-9bd9-4846-91d3-c92bace664de

<acropolis> task.cancel task_list=b5e06fb1-9bd9-4846-91d3-c92bace664de

Task cancel for UUID: b5e06fb1-9bd9-4846-91d3-c92bace664de: complete

Monday, September 11, 2017

Configure DC to synchronize time with external NTP server

How do I configure time in my Active Directory?

Well, it's simple! Normally it should be set correctly if we don't modify it in purpose,

Otherwise, we do provide some tools for that: w32tm.exe command-line utility and GPO. we are going to look here w32tm whihc is very easy.

Using w32tm.exe

Run the following command on the PDC emulator:

If you have multiple domain controller and don't know which DC holds PDC role then use following command: netdom /query fsmo

w32tm /config /manualpeerlist:timeserver /syncfromflags:manual /reliable:yes /update

(where timeserver is a –space delimited– list of your time source servers)

Repairing WMI problems - WMI Service is Missing

WMI Service is missing but the wbem folder structure is present in the system.

After so much attempt able to resolve this issue..

Remember WinXP Service Pack 3 Solution ?? Permission issue or access is denied

Same applied here

resetting the security permissions on the registry and system drive, which will also make sure that WMI is setup with the right permissions. You can do this by grabbing the SubInACL tool from Microsoft and running the following commands from the directory in which you installed it: