Tuesday, December 13, 2011

how to manage SSL certificates for Tomcat using IIS tools

I worked in a shop where Windows & IIS servers dominates the operations. A few third-party applications were hosted by Tomcat, which terminates SSL connection as well. Engineers loathes the use of keytool, a java utility to manage certificate and keys. 
I first found that it is relatively easy to convert keystores from the SUNW format used by keytool to PKCS#12 (.pfx) format used by IIS, and back. This means one can easily follow normal procedures to obtain a new certificate and export it to .pfx format.
After tinkering with it a bit, I read the tomcat doc. It seems that Tomcat (at least for v6) can support PKCS12 format directly. 


Tuesday, September 27, 2011

Fixed: Cisco VPN client minimized on Windows 7 taskbar & disconnected

Cisco Systems VPN Client 5.0.0.7.0410 has worked for a month since I first installed it on Windows 7 Enterprise x64. One day, the VPN Client 'connect' window started minimized and stayed in the tool bar when launching. There's no useful choices in pop-up menus for the client window minimized on the taskbar and the VPN service (cvpnd.exe) icon in the Windows tray. Not choices were listed to 'minimize' , 'maximize', 'restore', or 'move'.  Since the Cisco VPN client was launched as 'disconnected', it was basically useless!

Googling found it is rather common a problem and people usually blame it on older versions of the Cisco VPN clients, latest Windows updates, etc. Originally I intended to write a javascript to launch the binary (vpngui.exe) with its window maximized. The javascript snippet I wrote in the past is not handy, so I continued my search a little bit more, only to stumble upon  this thread in a Microsoft forum. One of the answers pointed me to the direction. That is, the direct cause is rather simple. That is, window sizing somehow got messed up in vpnclient.ini under "C:\Program Files\Cisco Systems\VPN Client". 

vpnclient.ini looked like below. Instead of LogWindow* to have super big numbers, my copy has WindowX & WindowY assigned super big numbers. Once I changed WindowX and Window Y to match WindowWidth & WindowHeight, respectively, it started to launch the Cisco VPN client Connect window normally again.  I experimented a little bit more. It seems that the absolute number does not matter such, as long as they are not ridiculously big.

I have dual heads (dual display) setup. HP Elitebook laptop drives two HP L2245wg monitors. A similar thread on Virtual PC 2007 console disappearing problem suspected that dual display may have contributed to erroneous setting with this huge number. On the other hand, this work laptop is a managed node, so, I won't be surprised if something was pushed by our dear IT department to my laptop image to have caused this by accident. 
 
Important thing is, the fix is simple and I'm happy for now. I will keep an eye on this to see if it gets messed up again.

Before (messed-up version)
---------cut-------------8<---------C:\Program Files\Cisco Systems\VPN Client\vpnclient.ini ----------------8<----------
[main]
ClientLanguage=
[GUI]
DefaultConnectionEntry=OneOfFortune500ciscoVPN
WindowWidth=485
WindowHeight=99
WindowX=4294935296
WindowY=4294935296
VisibleTab=0
ConnectionAttribute=0
AdvancedView=1
LogWindowWidth=0
LogWindowHeight=0
LogWindowX=0
LogWindowY=0
---------cut-------------8<----------------------------------8<----------

After (fixed and verified to be working).
---------cut-------------8<---------C:\Program Files\Cisco Systems\VPN Client\vpnclient.ini ----------------8<----------
[main]
ClientLanguage=
[GUI]
DefaultConnectionEntry=OneOfFortune500ciscoVPN
WindowWidth=485
WindowHeight=99
WindowX=485
WindowY=99
VisibleTab=0
ConnectionAttribute=0
AdvancedView=1
LogWindowWidth=0
LogWindowHeight=0
LogWindowX=0
LogWindowY=0



Wednesday, August 17, 2011

migrate to VirtualBox from VMWare Server : sadly & happy to

I have been a loyal VMWare server 1.0 user since it became free in 2005. It is used to build various sandbox  on my Windows XP laptop at work. The guest OS include RHEL, CentOS, Fedora, Solaris 10, Windows server 2008,  Windows server 2003,  Windows XP & Windows Enterprise 7. One feature I like a lot is its capability, with an easy-to-use GUI, to modify network settings to choose subnet, DHCP lease, and port forwarding, etc.
After upgrading my home desktop to long-awaited CentOS 6 early this month, I could no longer compile & run VMWare server. Since my home PC runs a mini lab of 3~4 nodes to play with cobbler & puppet, I need to find a solution that can play the same vmware machine (VMDK storage). Virtualbox from Oracle (Sun/Virtualbox.org) seems to be a good choice, given its popularity in LinuxJounal's 2010 poll. 
  • The one RPM installation is great.
  • It uses DKMS to compile and it compiles successfully in one shot.
  • Guess OS support is up to date, with WIndows 7 and Server 2008. It does not differentiate versions of RHEL, RHL, Fedora though.
  • PXE capability comes from the extension pack. you'll need to download & load. The extension pack license is free only for evaluation or personal use.
  • Nowhere to find UI to modify network settings, other than choosing types of networking (NAT, bridged, etc.).
    • add NAT adapter, only when you need this VM go talk with the world linked to the host
    • add 'intnet' adapter and provides a meaningful name. This name apparently is used by Virtualbox to wire the other guest os into the same network, if they share the same name for their intnet adapter.
  • Virtualbox won't import vmware guest images as is, since it imports only Open Virtualization format. On the other hand, it does support VMDK format, such that you can create a new virtualbox and choose to use an existing virtual disk (the vmware guest image you intend to import or run from virtualbox).
  • Too bad the proxy preference do not extends to guests (behind the NAT). Instead, I had to configure http proxy at various places (profile.d, yum.conf, gnome) inside my CentOS 5 or CentOS 6 guests.
The other thing noteworthy is what type of controller Virtualbox associates your existing vmware disk (vmdk) to. It needs to match. Otherwise the working vmware image may fail to boot properly. It happened to me, when Virtualbox associated an IDE-based disk to SATA controller. Once I powered off the guest, then redid the association, I were able to boot up the image w/o a glitch from there on.

The installation & look & feel are pretty smooth & consitent & faster(?),on both a Windows 7 Enterprise x64 host (HP Elitebook laptop. 4G RAM) and a CentOS 6.0 i386 host (a Compaq PC, 2G RAM).  For now, I think I'll continue the path of migrating to VirtualBox. VMWare server will stay on for a bit, just in case I decide to roll-back.  I am definitely looking forward for taking advantage of the capability to take multiple snapshots, with notes!  It bothered me when I could keep only one snapshot and couldn't annotate what is this snapshot, with VMWare Server 1.x & 2.x

Tuesday, August 16, 2011

willing to pay extra to keep the service you like in business

Recently a premium local computer VAR went out of business. Many are sad.
The question is, are you, willing to pay extra to keep the services you like in business?
Take a moment & note your position in the comment below.