In my weblogic console, i am seeing location of identity, truststore and cacerts. But there are some other cacerts which Apps running in Weblogic is using. Is there any command in linux to check which all cacerts and keystore location is in use. As below location cacerts is used by Apps running on weblogic, but not mentioned anywhere in weblogic console.
[prdzap#vmtlxap security]$ ls
tsscacerts_fde tsscacerts_ret yutz_prod.jks tsscacerts
[prdzap#vmtlxap security]$ pwd
/app/domains/prdzap/PRDZAP/security
As i found the solution myself, so thought of updating [So that it will help others].
To search any jks file even if its extenetion is changed globally [As below files]
[prdzap#vmtlxap security]$ ls
tsscacerts_fde tsscacerts_ret yutz_prod.jks tsscacerts
We can use the combination of "find","file" and "grep" command
[prdzap#vmtlxap security]$ file tsscacerts_fde
tsscacerts_fde: Java KeyStore
[prdzap#vmtlxap security]$ find . -type f -exec file {} \; | grep -i "Java KeyStore"
./tsscacerts_fde: Java KeyStore
./tsscacerts_ret: Java KeyStore
./yutz_prod.jks: Java KeyStore
./tsscacerts: Java KeyStore
Related
I am trying to install vscode using code-server and extensions like python, jupyter and it is giving me error
[2022-03-24T06:31:01.822Z] info Wrote default config file to ~/.config/code-server/config.yaml
Installing extensions...
self signed certificate in certificate chain
Steps that i am following are:
ARG IDE_HOME="/opt"
ARG CODE_SERVER_VERSION="v4.2.0"
ARG CODE_SERVER_FILE="code-server-4.2.0-linux-amd64.tar.gz"
WORKDIR $IDE_HOME/code-server/
RUN wget -qO- https://github.com/cdr/code-server/releases/download/${CODE_SERVER_VERSION}/${CODE_SERVER_FILE} | tar zxvf - --strip-components=1
ENV PATH=$IDE_HOME/code-server/bin:$PATH
RUN code-server --install-extension ms-toolsai.jupyter
Also, on UI it shows the same:
Any idea how to fix this?
I'm trying to generate GPG key and move that key to outside of WSL2.
Generate GPG key and its revocation cert in WSL2
Export keys to Windows by command below:
gpg2 --export-secret-keys --armor "GPG_PUBLIC_ID" > ~/secret-key.asc
This command successfully generates .asc file with permission -rw-r--r--
And my destination directory(/mnt/c) has permission of drwxrwxrwx
So permission seems sufficient.
However, export has failed when the key is exported to outside of WSL or copied to outside of WSL.
gpg2 --export-secret-keys --armor "GPG_PUBLIC_ID" > /mnt/c/secret-key.asc
This command gives error as follows: zsh: permission denied: /mnt/c/secret-key.asc
I'm using Ubuntu 20.04 and package manager is updated.
Root directory fo Windows (C:\) has higher security contraints than other directories. drwxrwxrwx might not reflect real permission in Windows. You should not write files in Windows root directory unless you have a very strong reason to do so.
Try
gpg2 --export-secret-keys --armor "GPG_PUBLIC_ID" > /mnt/c/temp/secret-key.asc
# Create C:\temp in Windows if it does not exist.
I am trying to add certificate Authority (CA) file name - ca.crt to /etc/ssl/certs, for that I followed this article.
I copied my ca.crt file to /etc/pki/ca-trust/source/anchors/ and run the command below;
update-ca-trust extract
After that I checked /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt file, but I didn't find my CA.
I am not able to figure out what may be the problem.
What am I doing wrong and how can I fix it?
copy your certificates inside
/etc/pki/ca-trust/source/anchors/
then run the following command
update-ca-trust
Find *.pem file and place it to the anchors sub-directory or just simply link the *.pem file to there.
yum install -y ca-certificates
update-ca-trust force-enable
sudo ln -s /etc/ssl/your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem
update-ca-trust
Your CA file must have been in a binary X.509 format instead of Base64 encoding; it needs to be a regular DER or PEM in order for it to be added successfully to the list of trusted CAs on your server.
To proceed, do place your CA file inside your /usr/share/pki/ca-trust-source/anchors/ directory, then run the command line below (you might need sudo privileges based on your settings);
# CentOS 7, Red Hat 7, Oracle Linux 7
update-ca-trust
Please note that all trust settings available in the /usr/share/pki/ca-trust-source/anchors/ directory are interpreted with a lower priority compared to the ones placed under the /etc/pki/ca-trust/source/anchors/ directory which may be in the extended BEGIN TRUSTED file format.
For Ubuntu and Debian systems, /usr/local/share/ca-certificates/ is the preferred directory for that purpose.
As such, you need to place your CA file within the /usr/local/share/ca-certificates/ directory, then update the of trusted CAs by running, with sudo privileges where required, the command line below;
update-ca-certificates
QUICK HELP 1: To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system:
add it as a new file to directory /etc/pki/ca-trust/source/anchors/
run update-ca-trust extract
QUICK HELP 2: If your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blacklist trust flags, or trust flags for usages other than TLS) then:
add it as a new file to directory /etc/pki/ca-trust/source/
run update-ca-trust extract
More detail infomation see man update-ca-trust
Maybe late to the party but in my case it was RHEL 6.8:
Copy certificate.crt issued by hosting to:
/etc/pki/ca-trust/source/anchors/
Then:
update-ca-trust force-enable (ignore not found warnings)
update-ca-trust extract
Hope it helps
Complete instruction is as follow:
Extract Private Key from PFX
openssl pkcs12 -in myfile.pfx -nocerts -out private-key.pem -nodes
Extract Certificate from PFX
openssl pkcs12 -in myfile.pfx -nokeys -out certificate.pem
install certificate
yum install -y ca-certificates,
cp your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem ,
update-ca-trust ,
update-ca-trust force-enable
Hope to be useful
I would very much like to take my Git install with me wherever I go, so I have installed GitPortable via PortableApps.
Unfortunately, the OpenSSH utilities available in git-bash insists on placing/searching for the .ssh folder in a nonsensical place (C/.ssh).
Now, I have seen others with the same problem, but the solution generally was to set HOME as a Windows environment variable. But this is not working for me.
From the usual Windows command prompt:
C:\Users\snb>echo %HOME%
C:\Users\snb
Showing that the environment variable is apparently set correctly.
From git-bash:
snb#SNB-WORKSTATION /c/Users/snb
$ echo $HOME
C:\Users\snb
Showing that git-bash agrees. However if I test out an SSH command, OpenSSH has the completely wrong idea of where to locate the .ssh folder:
snb#SNB-WORKSTATION /c/Users/snb
$ ssh -T git#bitbucket.org
Could not create directory 'C/.ssh'.
The authenticity of host 'bitbucket.org (131.103.20.167)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)?
I'm at a loss at what to do to make OpenSSH in the GitPortable installation understand where my home directory is. Do you have any ideas other than giving in and just installing Git for Windows?
EDIT:
The OpenSSH version is:
$ ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1i 6 Aug 2014
The command uses the correct .ssh folder location in a Windows command prompt when using git-cmd.bat:
C:\Users\snb>ssh -T git#bitbucket.org
The authenticity of host 'bitbucket.org (131.103.20.168)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bitbucket.org,131.103.20.168' (RSA) to the list of known hosts.
Enter passphrase for key '/c/Users/snb/.ssh/id_rsa':
But I truly hate cmd.exe, I need this to work for git-bash! :)
The SSH command git-bash uses is:
$ which ssh
/bin/ssh
The /bin folder is located inside the GitPortable installation, so this would be the OpenSSH version distributed with GitPortable.
This GitPortable is based on msysgit PortableGit-1.9.5-preview20141217 github commit
The proper path for HOME in a bash session should be set with:
export HOME=/c/Users/snb
That would make it compatible with ssh in a unix shell.
Using posix path seems safer considering Git is running on top of a posix run-time environment.
While in the keytool directory I type in what I am supposed to as instructed by the Google code website.
To generate an MD5 fingerprint of the debug certificate, first locate the debug keystore. By default, build tools create the debug keystore in the active AVD directory. The location of the AVD directories varies by platform:
MY CODE IN CMD:
C:\Program Files\Java\jdk1.6.0_23\bin>keytool -list -alias androiddebugkey -keys
tore C:\Documents and Settings\nwashington.android\debug.keystore -storepass an
droid -keypass android
MY ERROR:
keytool error: java.lang.RuntimeException: Usage error, and is not a legal command
I have already checked:
-If the files are actually located in these directories
-Tried out this website: http://remwebdevelopment.com/dev/a35/Android-How-To-Set-Up-an-API-Key-for-Google-Maps.html
Please Help!
Thanks
Make sure that you put the path to your debug keystore in quotes because Windows does not recognise spaces in Documents and Settings. Your command should be like this:
keytool -list -alias androiddebugkey -keys tore "C:\Documents and Settings\nwashington.android\debug.keystore" -storepass an droid -keypass android
Copy it just the way it is and paste it in your command prompt. It should be able to run !!!!