Generate CSR for SAN Certificate – Tomcat

This article assist you with step-by-step procedure to generate CSR for SAN Certificate (multiple domains) in Tomcat Server

Important Note: You need Java 7 as it has a Keytool with SAN (Subject Alternative Name) to certificates. The previous version of Java do not support this and you receive “illegal option: -ext” error when you try Keytool with -ext

1. Open Cmd

2. Navigate to the Java 7 installation directory, in my case – Windows 2008 and the installation directory is ‘C:\Program Files\Java\jre7\bin’

3. Execute

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore e:\ssl_key\hackandsecure -ext san=dns:www.hackandsecure.com

  • Specify any alias name, here I specified ‘server’
  • Keysize must be specified, otherwise keytool will generate a key which is 1024 bit and it doesnt meet the minimum requirement
  • For the question “What is your first and last name?”, enter the domain name that you need certificate and not your actual first and last name!

4. After entering all the details, you will notice that keystore is created in e:\ssl_key folder

5. Now generate CSR.

keytool -certreq -alias server -file e:\ssl_key\hackandsecure.csr -keystore e:\ssl_key\hackandsecure

Notice that I have used the another domain name whi

Enable Beats Audio Speakers in Ubuntu installed HP Laptop

I had exactly the same problem you have, not able to get the full sound out of Beats Audio Speakers in my HP laptop. I referred several websites but this and this websites together solved the problem. Here’s what I did:

Step 1: Open a terminal (Ctrl + Alt + t) and run:

sudo apt-get instal alsa-tools-gui

Step 2: Open hda-jack-retask

Before-hda intel sound cards

Step 3:

1. Select the codec IDT 92HD91BXX
2. Choose Show unconnected pins
3. Remap 0x0d (Internal Speaker, Front side) to “Internal Speaker” (in my case, it was the default value, so I left it as it is)
4. Remap 0x0f to “Internal Speaker”
5. Remap 0x10 to “Internal Speaker (LFE)”
6. Apply now, then test your laptop audio now by playing some audios from youtube.
7. If it works, select “Install boot override” to save the settings to apply at boot time.

after-hda intel sound cards

Check if your server is vulnerable to FREAK Attack

FREAK Attack, a new SSL/TLS vulnerability that allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weak encryption, which the attacker can break to steal or manipulate sensitive data.

Servers:-

Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK attack. You can perform free SSL FREAK Check on your HTTPS servers to verify if they accept weak encryption.

Clients:-

Not all Client browsers are vulnerable at the moment, you can keep checking here for update if your Chrome, Firefox, IE or Safari browser is vulnerable. If possible, keep your browsers uptodate with latest version. You can perform free SSL FREAK Check on your client computer to verify if they accept weak encryption. You need to click on 2 links provided on this website and if the page loads, then you are vulnerable!

References:
https://www.smacktls.com/#freak
https://freakattack.com/

 

Useful free utilities in Ubuntu for your day to day purpose

1) Zim, alternate to MS OneNote in Windows

Download Zim, available in Ubuntu Software Center

You can take your notes, create pages, add attachments, images and provides additional functionality like task list manager. I store and access my Zim note from dropbox, so you can access it from anywhere as long as you have Zim installed in that computer. Good news is Windows version of Zim is available.

zim,desktopwiki

2) Parcellite, Clipboard Manager

Download Parcellite, available in Ubuntu Software Center

A tool to preserve your history, by default 20 copied items are preserved in history. You can increase it to maximum with preferences option.

parcellite-preferences-history

3) BleachBit, alternate to CCleaner

Download BleachBit, available in Ubuntu Software Center

No much explanation is needed, we all love CCleaner and will miss it in Ubuntu. BleachBit provides similar solution in Ubuntu but not all features of CCleaner. Remember that your history items in Parcellite are still preserved and not deleted while cleaning with BleachBit.

bleachbit-clean

Cisco VPN Setup in Ubuntu

This document will help you configuring Cisco VPN Client in your Ubuntu computer.

1) In the Ubuntu Software Center, search and install “network-manager-gnome“.

2) Then, enable the option “Network management framework (VPNC plugin GNOME GUI)” in the same “network-manager-gnome” window and install it.

VPNC plugin GNOME GUI

2) Lets start configuring VPN in Network option available in the System Settings of Ubuntu (I assume you have all the required information from your VPN administrator!).

3) Click on “+” sign and choose interface as “VPN” to proceed.

ubuntu-cisco-vpn-configuration-1

4) Choose “Cisco Compatible VPN (vpnc)” when you see the below screen.

ubuntu-cisco-vpn-configuration-2

5) Specify your VPN settings and you have an option either to save or always ask for User / Group Password

Connection name name_it_as_you_like

Gateway is your_VPN_device_IP_address

User name is Login_User_Name

Group name is VPN_Group_Authentication_Name

ubuntu-cisco-vpn-configuration-3

6) In the advanced window, most likely you do not need to modify anything and leave it with default settings. Click Apply to complete the VPN configuration

ubuntu-cisco-vpn-configuration-4

7) Click on Network symbol on task bar (you will see a different icon if you are using a wired network connection, in my case my laptop is connected to a wireless network) and choose VPN Connections to establish connection to your corporate connection.

cisco-vpn-access-ubuntu