How to convert your SSL certificates to be used by Tomcat instead of Apache

I have a wildcard certificate that needs to be used on multiple websites that my employer owns.

To be able to use that SSL certificate on Tomcat, it has to be used in a totally different format, that’s Java-specific.

That article has everything that you may need:

1. Get x509 certificates from Apache/Nginx

You will need three certificates Private Key certificate used for generating CSR, Signed Certificate  provided by signing authority and Intermediate or Root certificate of signing authority.

For Apache:

Check your site’s configuration for below settings:

SSLCertificateFile /etc/apache2/ssl/star_livfame_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/star_livfame_com.key
SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt

For Nginx:

Check your site’s configuration for below settings:

ssl_certificate /etc/nginx/ssl/star_livfame_com.crt;
ssl_trusted_certificate /etc/nginx/ssl/intermediate.crt;
ssl_certificate_key /etc/nginx/ssl/star_livfame_com.key;

2. Copy the three files which can be found in the above to one location
(Ex. /opt/tomcat/ssl).

3. Using below OpenSSL command generate pkcs12 file:

cd /opt/tomcate/ssl
openssl pkcs12 -export -in star_livfame_com.crt -inkey star_livfame_com.key -certfile intermediate.crt -out star_livfame_com.p12

Note: You will be prompted for a password to secure the certificate, please enter the password and remember the password.

4. Convert pkcs12 certificate to keystore:

You will now convert our star_livfame_com.p12 file to a keystore by performing the following command line in Tomcat using keytool:

keytool -importkeystore -srckeystore star_livfame_com.p12 -srcstoretype PKCS12 -destkeystore star_livfame_com.jks

Note: It will ask for password of the pkscs12 that we generated earlier and a new password for the keystore, remember the password that you have given for keystore you will need it in configuration.

That’s it !! Your keystore is generated and ready to be used at: /opt/tomcat/ssl/star_livfame_com.jks.

5. Test the Keystore

You can test your keystore if its generated properly with below command:

$keytool -list -v -keystore star_livfame_com.jks

Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: 1
Creation date: 29 Apr, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=*.livfame.com, OU=Media - Technology, O=Fame Digital Pvt. Ltd., L=Mumbai, ST=Maharashtra, C=IN
Issuer: CN=thawte SSL CA - G2, O="thawte, Inc.", C=US
.....

Source: http://www.tothenew.com/blog/convert-apache-x509-cert-ssl-certificate-to-tomcat-keystore

Posted in Uncategorized, Linux | Tagged , , , , | Leave a comment

How to share files with Samba (SMB) from Ubuntu and mount on Windows

I am using a Windows 7 VM under KVM/QEMU, and there is no direct way – as far as I know – to make a shared drive between the host and guest, like the vboxsf that exists on VirtualBox hypervisor.

The best solution I found in order to share files between the host and the guest is to use Windows Sharing, or in other words: Samba (SMB).

We will do that with Nautilus.

You should follow these steps on the host (samba server) side:

  • Install samba: “sudo apt install samba nautilus-share”
  • Right-click on the folder you want to share and choose “Local Network Share”
  • Enable, give it a name, and allow read/write if you wish to
  • Click Create Share
  • Run “sudo smbpasswd -a any_username“, you could just use the same account in linux, but take care that the SMB password set is not the same password used in your system

On the guest (Windows VM), you need to apply the following (make sure that the samba ports are open in your firewall):

  • Right-click on “Network” and choose “Map network drive”
  • Choose a drive letter
  • Add the folder in this way: \\SERVER_IP\shared_folder_name
  • It should prompt you for a username and password
  • Type as the username “COMPUTER_NAME\user_name“, where user_name is the any_username used when you ran the command smbpasswd above
  • Type the password and there you go!
  • Enjoy!

Sources:

  1. https://help.ubuntu.com/community/How%20to%20Create%20a%20Network%20Share%20Via%20Samba%20Via%20CLI%20%28Command-line%20interface/Linux%20Terminal%29%20-%20Uncomplicated%2C%20Simple%20and%20Brief%20Way%21
  2. https://help.ubuntu.com/community/Samba/SambaClientGuide
Posted in Linux, Uncategorized | Tagged , , , | Leave a comment

How to reset lost password on Ubuntu

From the official Ubuntu LostPassword documentation (with minor changes to work on more recent versions of Ubuntu)

  • Reboot your computer.
  • Hold Shift during boot to start GRUB menu.
  • Press e to edit.
  • Find the line starting with “linux” and change “ro” to  “rw” then append “init=/bin/bash” at the end of that line.
  • Press Ctrl + X to boot.
  • Type in passwd username.
  • Type the new password
  • Restart and login with the new password
  • Enjoy!

Tested on Ubuntu 16.04 Desktop, 64-bit

Posted in Linux, Uncategorized | Tagged , , | Leave a comment

How to delete all files in a folder EXCEPT certain ones in BASH

Imagine you have a folder that has about 20 files that you need and like 100 files that you don’t. In this case, there is a very simple bash script that allows you to do that in a jiffy!

Here it is:

ls | grep -v "hobba.txt\|tito.sh\|mambo.sh\|.xlsx" | xargs rm

This command does the following (in order):

  1. lists all files in the folder with “ls”
  2. grep -v means grep everything except the following
  3. The list of files – or globs – that it’s going to ignore, you have to separate each by pipe preceded with a backslash. It ignores 3 files and 1 glob:
    1. hobba.txt
    2. tito.sh
    3. mambo.sh
    4. .xlsx (means anything with extension .xlsx)
  4. Finally it deletes them one by one through the xargs rm

Enjoy!

Sources: Many which I unfortunately forgot to take note of, but they are mostly from Stackoverflow

Posted in Linux, Uncategorized | Tagged , , , | Leave a comment

How to install Shutter Screenshot Tool and assign as the default in Linux Mint

Shutter is an amazing screenshot taker and annotator.

To install it successfully, you have to install two packages:

sudo apt-get install shutter libgoo-canvas-perl

Note: That second package is to allow editing and annotation

You are done with the installation now.

Next, you need to assign the shortcuts to the keyboard (like PrintScrn for example):

  • Open Keyboard -> Shortcuts -> Custom Shortcuts
  • Add custom shortcut (we will add 2):
    1. For full screen screenshots, give it any name, e.g. “shutter” and make the command “shutter -f”. Then double click on keyboard bindings to assign a keyboard shortcut of your choice (in my case I used PrntScrn)
    2. For Active Window screenshots, give it any name, e.g. “shutter-window” and make the command “shutter -a”. Then double click on keyboard bindings to assign a keyboard shortcut of your choice (in my case I used Shift+PrntScrn)
  • Enjoy!

 

Posted in Linux, Uncategorized | Tagged , , | Leave a comment

Batch-resize videos on Ubuntu Linux with ffmpeg

So, the case is as follows:

I have about 15 videos files that were recorded at 4K and are very large in size. I wanted to keep everything as is, but just reduce the resolution to HD (720p).

ffmpeg would be great to achieve this, so I created the following script:

for i in *.MP4;
 do name=`echo $i | cut -d'.' -f1`;
 echo $name;
 ffmpeg -i $i -s 1280x720 -c:a copy $name.mp4.mp4;
done

This loops them one-by-one and calls ffmpeg to process them and create an output file with the same name, but with extension .mp4.mp4 (just to distinguish them, nothing more).

That’s it! Enjoy!

Sources:

Posted in Linux, Uncategorized | Tagged | Leave a comment

Allow non-root users to capture network packets with Wireshark on Ubuntu

It’s very easy to do, all you need is just add your user to the wireshark group, e.g.

sudo adduser hobba wireshark

so this makes user hobba able to capture packets without requiring sudo privileges.

Enjoy!

Tested on LinuxMint 18.1 (based on Ubuntu 16.04)

Source: https://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/trunk/debian/README.Debian?view=markup

Posted in Linux, linuxmint, Uncategorized | Tagged , , , | Leave a comment