Search This Blog

Tuesday, June 11, 2013

Public key types


1. OpenSSH key type

ssh-rsa AXCAB3NzaC1yc2EAAABAJQAAAIEAmGd3y/xJDjUeaJvFhRkcfpywWyrK3ZlR828E
jN4G0S0RsAgFiDnGGsYz5HuzZM1A+AabcswyMzhMoQDOKr99jLr/WbEdN2tZ8gN2
44C+LSXIAy3lCQgAWnYtOuAdBxmfcX3kQAH+ktejPd6GA1qAnPAHkv/+TaAawvAm
FbAA030=

2. OpenSSL PEM (Privacy Enhanced Mail) key type

-----BEGIN CERTIFICATE-----
QT8AG4baZYOizxdycd5tYazANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQG [...]
-----END CERTIFICATE-----

Convert private OpenSSL to public OpenSSH:
ssh-keygen -y -f company.com.key > company.com.pub

Convert OpenSSH to OpenSSL PEM:
ssh-keygen -f key.pub -e -m pem > key.pem.pub

3. Convert:-----BEGIN PRIVATE KEY----- -----END PRIVATE KEY-----
to: -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

openssl rsa -in mykey.key -text > mykey.pem

4. Convert CSR to -----BEGIN PUBLIC KEY----- -----END PUBLIC KEY-----

openssl req -in brodline.com.csr -pubkey -noout

5. Issued certificate should be of a format:
 -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----

Sunday, June 9, 2013

Ubuntu TeamCity No suitable JDBC driver found for database type: MySQL

Due to licensing terms, TeamCity does not bundle driver jars for external databases. You will need to download the Java driver and put the appropriate jars (see below) from it into <TeamCity Data Directory>/lib/jdbc directory (create it if necessary).

apt-get install libmysql-java
cp /usr/share/java/mysql.jar ~/.BuildServer/lib/jdbc/


[2013-06-09 18:39:34,963]   INFO -  jetbrains.buildServer.STARTUP - Current stage: Checking the database
[2013-06-09 18:39:36,581]   INFO -  jetbrains.buildServer.STARTUP - Database contains no tables.
[2013-06-09 18:39:36,582]   INFO -  jetbrains.buildServer.STARTUP - Current stage: Database is empty or doesn't exist

-> Just login to TeamCity via WWW (127.0.0.1:8111) and open administration panel (giving authorization token). From there you can initialize new database.



Windows - set up SSL/HTTPS reverse proxy using Apache HTTPD; Wrap HTTP traffic in SSL tunnel layer on Windows

Our main goal is to secure traffic that would normally go in an unsecured HTTP channel with SSL tunnel. To do that you need to buy an SSL certificate - you need to have private as well as public key for that certificate.

To have a working reverse proxy you need to enable the following modules in Apache's http.config file.

mod_ssl - this module enables HTTPS connections, encrypting traffic between the Internet and the proxy server using SSL
mod_proxy - this module enables Apache to act as a forward or reverse proxy server
mod_proxy_http - this module enables HTTP connections between the proxy server and the RequisiteWeb server
mod_vhost - controls virtual hosts in Apache



Download Apache HTTPD (version with ssl_mod already built in): here


Modify httpd.config in the following manner:

#Listen 80 - disable :80 listening port - it's not needed for 
#reverse proxy
Listen 443


#=== MODULES IMPORTANT FOR SSL REVERSE PROXY ===
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so


<VirtualHost *:443>
  ServerName *.forcom.com.pl
  ProxyRequests On
  <Proxy *>
    Order allow,deny
    Allow from all
 </Proxy>

  SSLProxyEngine On
  ProxyPass / http://127.0.0.1:890/
  ProxyPassReverse / http://127.0.0.1:890/

  LogLevel info
  ErrorLog "c:/ApacheLogs/ssl-proxy.log"
  CustomLog "c:/ApacheLogs/ssl-proxy.log" combined

  SSLEngine on
  SSLProxyEngine On
  SSLProtocol all
  SSLCertificateFile "C:/cert/ssl/fcompany.pem"
  SSLCertificateKeyFile "C:/cert/ssl/fcompanypriv.key"
</VirtualHost>


Apache HTTPD config file along with sample certificates can be downloaded from here.

Friday, June 7, 2013

Windows - set up SSL/HTTPS reverse proxy using NGINX; Wrap HTTP traffic in SSL tunnel layer

Our main goal is to secure traffic that would normally go in an unsecured HTTP channel with SSL tunnel. To do that you need to buy an SSL certificate - you need to have private as well as public key for that certificate.


This means that we want to call address:  https://yourdomain.com  and have that browser call transfered to our unsecured HTTP server WRAPPED in SSL tunnel.

First download NGINX Windows-1.4.1 from: http://nginx.org/en/download.html
(Remember to choose the stable version, as the Windows-1.5.1 crashes often on Windows XP SP3)

After successful installation of the nginx, you can start the balancer with:

start nginx

and shut it down with:

nginx -s stop

from the main directory of nginx (that's where nginx.exe resides).

The most important parts of the config file (nginx.conf) are:

listen          0.0.0.0:443;
ssl_certificate      ssl/companypub.pem;
ssl_certificate_key  ssl/companypriv.key;
proxy_pass  http://127.0.0.1:80;

Both certificates are in PEM format. This configuration listens an all interfaces on port 443 and tunnels the traffic to its local HTTP server on port 80 (port 80 can be ignored in this case as it is the default port nginx would forward to).

You can download the configuration file along with sample certificate files here.

Thursday, June 6, 2013

Android ICS (4.0 and up) how to take screenshots straight from adb

Taking screenshots of the application you're developing has never been easier since Android 4.0.
If you have your device in debugging mode, just list the devices to see if the tablet/phone is visible:

adb devices

and then take screenshots in the following manner:

adb shell /system/bin/screencap -p /sdcard/screenshot_1.png