Archive for the ‘Security’ Category

Converting SSL Keys to ikeyman Format

Tuesday, February 21st, 2006

I am posting this on my blog so it gets out on google.

Recently I had to help a colleague convert a key that was created in openssl and submitted to a Certificate Authority. I had problems w/ this in the past, and apparently 5 different helpdesks couldn’t help him. SO here goes….

First off, if you are having problems w/ ikeyman on a server, you can always install IBM HTTP Server on your windows workstation and run the ikeyman utility (called Start Key Management Utility under the IBM HTTP Server entry in the start menu). The keys are the same, and are independent of the actual server itself. Even the information you provide doesn’t really have any bearing on the key itself, except for reference from the key authorities perspective. Another common problem is not having the JAVA_HOME set to the location of your java executable. Mine’s set to the JRE directory under the j2sdk installation directory (ie… JAVA_HOME is set to c:\java\j2sdk_1.4.3.2\jre … something like that).

Another common problem with older versions of IHS & ikeyman/gskit is the JCE not found error. Try setting JAVA_HOME first, then update the files as necessary if you continue to receive this error.

The way to convert any key pair is simple:

  1. Download the IBM Keyman utility.

  2. Open the keys in keyman.

  3. Export the key as a PKCS#12 database using no encryption. This merely sets the pkcs12 file’s encryption to none. Delete this file once you’ve successfully imported it into ikeyman.

  4. Import the key into ikeyman using previously defined passphrase for the PKCS12 database

And that’s it. You should then be able to setup ssl in IHS using the ikeyman db and everything should be smooth after this step. You might have to import the Trusted Root certificate used to sign the ca cert into ikeyman, especially if its not a mainstream CA.

Good Luck!

IM Hungry … Got Worms?!?!

Monday, October 31st, 2005

Rootkit found in new AIM worm.

This is the first time that we have seen a rootkit as part of the bundle of applications that is sent to your machine. It is a disturbing trend.

Umm…I disagree. We saw it bundled with windows and the ‘Remote Assistance’ crap. Its only a matter of time before that is exploited.

In addition to the “lockx.exe” rootkit file, the new worm delivers a version of the Sdbot Trojan horse, said FaceTime, which sells products to protect instant-messaging traffic. Sdbot opens a backdoor on the infected PC

Nice…well, so much for ’safe’ Instant Messaging…Guess we’ll all have to go back to IRC….Oh wait:

Added by the W32/Sdbot-ADD worm. When this infection starts it will connect to an IRC server where it will wait for remote commands to execute.

LOL!!!! Windows AIM users have been 0\/\//\/3d.