Archive for the ‘Computing’ Category

Converting SSL Keys to ikeyman Format

Tuesday, February 21st, 2006

I am posting this on my blog so it gets out on google.

Recently I had to help a colleague convert a key that was created in openssl and submitted to a Certificate Authority. I had problems w/ this in the past, and apparently 5 different helpdesks couldn’t help him. SO here goes….

First off, if you are having problems w/ ikeyman on a server, you can always install IBM HTTP Server on your windows workstation and run the ikeyman utility (called Start Key Management Utility under the IBM HTTP Server entry in the start menu). The keys are the same, and are independent of the actual server itself. Even the information you provide doesn’t really have any bearing on the key itself, except for reference from the key authorities perspective. Another common problem is not having the JAVA_HOME set to the location of your java executable. Mine’s set to the JRE directory under the j2sdk installation directory (ie… JAVA_HOME is set to c:\java\j2sdk_1.4.3.2\jre … something like that).

Another common problem with older versions of IHS & ikeyman/gskit is the JCE not found error. Try setting JAVA_HOME first, then update the java.security files as necessary if you continue to receive this error.

The way to convert any key pair is simple:

  1. Download the IBM Keyman utility.

  2. Open the keys in keyman.

  3. Export the key as a PKCS#12 database using no encryption. This merely sets the pkcs12 file’s encryption to none. Delete this file once you’ve successfully imported it into ikeyman.

  4. Import the key into ikeyman using previously defined passphrase for the PKCS12 database

And that’s it. You should then be able to setup ssl in IHS using the ikeyman db and everything should be smooth after this step. You might have to import the Trusted Root certificate used to sign the ca cert into ikeyman, especially if its not a mainstream CA.

Good Luck!

Resurrection Stan

Friday, December 30th, 2005

My hard-drives have been dropping like flies. After over a month of not wanting to deal with the problem, my systems are up and running again…. way to go me!

I was able to successfully restore my wonderful webserver, among other odds and ends, and only lost little things (like /etc/hosts & /etc/aliases) here and there.

Now, if I could only do that with the hosed 300GB Windoze hard-drive I have…thanks, Maxtor, for being big pricks who can’t even format a drive properly to ensure data integrity. Guess I get what I deserve by relying on a hard-drive vendor to format a windows drive.

Good thing the majority of the 300GB drive was game & game data, which is easily recoverable. Alas, I’ll have to start Doom III all over again if I am to try to win :o(

Oh, and thanks to my genius, not only was my webserver intact, but IHS didn’t have to be reinstalled/reconfigured…I just mounted the drive, ran apachectl start and away it went! I love *nix!

O Slow-o Meo! To Be Likened Unto The Gods.

Thursday, November 3rd, 2005

IBM has created a new chip to slow down light. The photonic silicon waveguide slows down light to approx. 620 Mph, relatively slow compared with its normal 186,000 Mph. This will help pave the way for optical computing, which should be hitting the shelves sometime in 2007 (according to Luxtera).

Ah, who didn’t think of this years ago? Well, one day my brain and the world will unite to come up with a new idea. Perhaps it will involve lottery number analysis or trading…but some day…I’ll create something great (who knows, maybe it’ll just be kids…and kids are the greatest thing since sliced bread).

IM Hungry … Got Worms?!?!

Monday, October 31st, 2005

Rootkit found in new AIM worm.

This is the first time that we have seen a rootkit as part of the bundle of applications that is sent to your machine. It is a disturbing trend.

Umm…I disagree. We saw it bundled with windows and the ‘Remote Assistance’ crap. Its only a matter of time before that is exploited.

In addition to the “lockx.exe” rootkit file, the new worm delivers a version of the Sdbot Trojan horse, said FaceTime, which sells products to protect instant-messaging traffic. Sdbot opens a backdoor on the infected PC

Nice…well, so much for ’safe’ Instant Messaging…Guess we’ll all have to go back to IRC….Oh wait:

Added by the W32/Sdbot-ADD worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.

LOL!!!! Windows AIM users have been 0\/\//\/3d.