Convert Apache2 certificate to IIS (pfx) format

Posted on August 23, 2012 by admin

Sometimes you purchase a certificate for Apache or Nginx and end up eventually installing it in IIS as well. This happens a lot with widcard certificates which seem to propagate.

To import a certificate with key for IIS, you need to convert the certificate and its key from what your Apache server used to something that windows will allow you to import, but the command to do so is hard to remember.

openssl pkcs12 -export -in my.crt -inkey my.key -out my.pfx

To import the .pfx file, go here: http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html

Don’t forget you will need to import any intermediate certificates as well, but you don’t have to convert them to .pfx first.

You can also import the intermediates

openssl pkcs12 -export -in my.crt -inkey my.key -out my.pfx -certfile intermediateCA.crt

 

Posted in Linux, SSL, windows | Comments Off on Convert Apache2 certificate to IIS (pfx) format

Best LXC blog. Ever.

Posted on August 3, 2012 by admin

I didn’t want to lose this link. So I posted it here.

http://www.stgraber.org/category/lxc/

Posted in lxc | Comments Off on Best LXC blog. Ever.

Use ngrep to monitor all web requests

Posted on July 26, 2012 by admin

I can never remember the syntax to do this, so I posted it here.

ngrep -d eth1 -W byline -qilw 'get' tcp dst port 80

-d eth1 (monitor eth1)

So why would one want to do this?

  • Monitor requests on a web server with many websites. Sometimes it can be difficult to determine which site is being hammered
  • Observe malware as it phones home. This works great if your linux box is acting as the gateway for your network
  • Spy on your coworkers 🙂
  • Reverse engineer licensing schemes
  • … you get the idea
Posted in Linux, Malware | Comments Off on Use ngrep to monitor all web requests

xinetd port forwarding

Posted on July 12, 2012 by admin

I always forget how to do this. This little sample will help me next time:

service my-web
{
type = UNLISTED
socket_type = stream
protocol = tcp
wait = no
user = root
bind = 0.0.0.0
port = 80
only_from = 0.0.0.0
redirect = 172.16.1.219 80
}

notes:

  • This file goes in /etc/xinetd.d/my-web
  • For this to work, the service must exist in services or the type must be UNLISTED
  • The bind address is 0.0.0.0 to listen to all addresses on the server. If you want to limit it to listen on a specific IP, like localhost, enter an IP address instead.
  • Port is the port it is going to listen on.
  • Redirect is the destination ip and port.
Posted in Linux | Comments Off on xinetd port forwarding

locale: Cannot set LC_CTYPE to default locale: No such file or directory on Ubuntu 12.04

Posted on July 12, 2012 by admin

Some other messages you might see:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

This has got to be one of the most annoying problems. It occurs infrequently enough that I never can remember how I fixed it. And when you search for this on google, you find many incorrect solutions, or solutions that “work” but are really just hacks.

The problem is you are missing your language pack. The solution is to install it!

aptitude install language-pack-en

Thats it. Problem solved.

Posted in Linux | Comments Off on locale: Cannot set LC_CTYPE to default locale: No such file or directory on Ubuntu 12.04