security

Creating Selfsigned Certificate with an Existing Key

Most OpenSSL documentation out there only shows you how to create a new key and signs it with in single command.  I wanted to use a self-signed in the interm while waiting for my third-party CA approve my certificate. I already had an existing key.   Here is the command to create a self-signed certificate from an existing RSA key.

#> openssl req -x509 -new -key {KEYFILE} -out {SELFSIGNEDCERT}

 

Batch dump SSL certificate bundles to single files

Introduction

This perl script makes the process of unbundling certificates into single files an easy task. Just run the and it will dump the generated files to the current directory.

Requirements

  • Perl
  • openssl
  • certificate bundle (PEM format)

Code

Syntax: ./cert-split-batch.pl <cert_bundle.crt>

Allow UID 0 accounts to login but not root over SSH

Introduction

More than once, I've needed root access to a server over SCP.  As we all know, allowing SSH access with the root user is a blaring security hole because the user is a well-known userid with superuser access. This makes it the first thing that a hacker or script-kiddie will check.  If you create another user with userid number 0 and set PermitRootLogin to 'no' in the sshd_config file, you will still not be able to login.  The PermitRootLogin option actually blocks ANY user if their user id number equals 0.

Convert JKS and PKCS12 back and forth with keytool

Introduction

Here are a few CLI commands to convert a java key store file to a PKCS12 encoded cert chain and back. This requires the java development kit (Sun/Oracle JDK) 6 or newer.  

Instructions

JKS → P12

$> keytool -importkeystore \
-srckeystore keystore.jks \
-srcstoretype JKS \
-deststoretype PKCS12 \
-destkeystore keystore.p12

P12 → JKS

Importing an OpenSSL CSR into Windows CA server

To import a CSR in to a Windows Certificate Authority Server, you must define a certificate template.  OpenSSL does not do this because this is a Microsoft only concept.  With the use of the 'certreq' command, you can apply a template type during the request import process.  This command should be available on your Microsoft CA server. 

certreq -submit -attrib "CertificateTemplate:WebServer" request.csr

 

HiJackThis

Gibson Research Corporation

Home of SpinRight and SheildsUp software. 

http://www.grc.com/default.htm

Off-the-Record Messaging

Off-the-record IM encryption.  OTR supports multiple IM clients.

http://www.cypherpunks.ca/otr/
Syndicate content