due to a legacy project I need to generate a cert7.db file in order to use with LDAP. I've downloaded certutil on Debian but by default it generates cert9.db.
There is a way to convert cert9.db to cert7.db?
Thanks
Related
When trying to install Phantomjs on Ubuntu 22.04, I get the following error:
There are some Q.& A's here from 2015-2022, I tried all of the included suggestions.
https://github.com/ariya/phantomjs/issues/10904
https://gist.github.com/julionc/7476620
wkhtmltopdf - libfontconfig.so.1: cannot open shared object file
http://ubuntuhowtoo.blogspot.com/2019/05/linux-nodejs-phantomjs-error-loading.html
Auto configuration failed
139998593603520:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory
139998593603520:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
139998593603520:error:0E07506E:configuration file routines:MODULE_LOAD_DSO:error loading dso:conf_mod.c:285:module=providers, path=providers
139998593603520:error:0E076071:configuration file routines:MODULE_RUN:unknown module name:conf_mod.c:222:module=providers```
I had the same issue and fixed it by setting export OPENSSL_CONF=/dev/null prior to phantomJS usage. If it's not possible for you to disable openssl then you would have to pack you application with older OpenSSL version.
Explanation:
Ubuntu 22.04 uses the new OpenSSL version 3.0.2 instead of the older OpenSSL version 1.1.1 . These OpenSSL versions are not fully compatible, so this is why you see this error when PhantomJS tries to auto configure the SSL/TLS settings.
Above answer is little about as I am describing.
Step:1 First stop your node server then run this command in base directory.
Step:2 I suggest you to comment out the lines providers = provider_sectin in the
file/etc/ssl/openssl.cnf
Step:3 Start your application
Brief ref. https://github.com/nodejs/node/issues/43132
Working with a client to set up OpenSSL file encryption. They've sent us an encrypted file (I'll call it sample.encrypted), along with key and iv files (key.txt and iv.txt).
The contents of the key.txt file look like this:
KEY: [string of 32 characters]
The contents of the iv.txt file look like this:
IV: [string of 16 characters]
I'm running Windows 7 Professional 64-bit, and learned that OpenSSL doesn't come installed by default with Windows (apparently it's primarily used by Linux users?)
So, I've downloaded and installed a 64-bit OpenSSL package from here:
(https:)//slproweb.com/products/Win32OpenSSL.html
Specifically, the "Win64 OpenSSL v1.0.2d Light" build found here:
(https:)//slproweb.com/download/Win64OpenSSL_Light-1_0_2d.exe
Once installed, I had to manually configure my environment variable for the OpenSSL config files as such (from the command prompt):
set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg
I verified that the path information above was correct, and that the environment variable had stuck, and then attempted to run the following command:
openssl enc -d -K key.txt -iv iv.txt -in sample.encrypted -out sample.decrypted
This was based on the commands found here:https://www.openssl.org/docs/manmaster/apps/openssl.htmland here: https://www.openssl.org/docs/manmaster/apps/enc.html
The command breakdown being:
openssl - the OpenSSL base command
enc - the command used to begin encrypting/decrypting
-d - the tag used to specify decryption
-K - the tag used to specify the use of a key file
key.txt - the key file itself
-iv - the tag used to specify the use of an accompanying initialization vector
iv.txt - the IV file itself
-in - the tag used to specify the input file
sample.encrypted - the input file
-out - the tag used to specify the output file
sample.decrypted - the desired output file
As far as I can tell, the command works - the output file is generated, but its contents are not properly decrypted (it's just garbled text). I don't think there's anything wrong with the files that the client provided, but rather with my implementation of OpenSSL's commands to decrypt the file.
If anyone knows how to properly decrypt a file using provided Key and IV files, help would be greatly appreciated. I've been setting aside other responsibilities while Googling around trying to figure this out.
I am new to WinSCP and am attempting to create a script file that will eventually be used with SSIS to download files from an SFTP site. A lot of the literature WinSCP includes explains the file downloading or uploading portions. For the time being, I just want to create a script to test the connection first and will build from there.
So far I saved the connection in WinSCP and have the following. The below code does not seem to function at all and I am not sure where else to go as I am still reading about the scripting for WinSCP. Is there a way or can someone point me in a direction to see if I am in fact connecting via through the script?
option batch on
option confirm off
open username#address
exit
Not sure what SSIS is (sorry) but I can tell you how I'd set it up from a windows batch file if that helps:
If you are open to using a different software, consider using cygwin. It mimics a linux shell so linux users on windows have a lot of linux utilities handy. That being said, there are some commands which can run on windows straight from command prompt (and thus batchable). What you'd need to do:
1) install cygwin
2) Create a "passwordless" login (using ssh-rsa authentication). To do this start your cygwin terminal and use the commands "ssh-keygen" and "ssh-copy-id" (more on that later)
3) Now you can run "sftp" from the DOS command prompt (does not require cygwin terminal) and sftp to your account. No password required because of step 2).
A few follow up info:
What can run from dos command prompt and what must be run from cygwin terminal?
If you go to the "bin" directory of cygwin (for me it's in c:\cygwin\bin) you can see all the cygwin utilities. Anything with "exe" extension can be run from dos command prompt. If no "exe" extension, must start cygwin terminal first
How to set up ssh-rsa authentication?
You can pretty much google "ssh login without password" and pull up a lot of results. This is common for setting up login from one linux system to another. You would be using the same steps using cygwin on windows. My instructions are here:
http://geekswing.com/geek/unix/how-to-ssh-login-without-a-password-using-ssh-keygen-quick-tutorial/
Storing session settings in WinSCP GUI and trying to access them from WinSCP script running in SSIS is generally a bad idea. I believe there's no example or guide on WinSCP site that would suggest doing that.
WinSCP stores its configuration in registry in HKEY_CURRENT_USER hive. The SSIS typically runs under a dedicated system account, that have its own HKEY_CURRENT_USER hive, and won't see the GUI configuration.
For details see WinSCP FAQ about your problem:
https://winscp.net/eng/docs/faq_scheduler
The best you can do is isolate your your script from configuration by using the session URL with the open command, instead of the stored site name.
See also https://winscp.net/eng/docs/scripting#configuration
Your actual problem can be completely different though. But that's hard to guess as you have not shared any details, such as error message, log file, etc.
I'm analyzing existing Windows Store applications and modifying them to make sure my company's obfuscator works with them.
I've ran into a bit of a problem doing that though. I can grab an APPX package from the store easily enough(requires Fiddler to get the URL). I can then just use any unzip program to extract the appx to a folder. I can then take the assemblies in the APPX and modify the IL a bit. I then remake and sign the package:
makeappx pack /d "mypackage" /p "mypackage.appx"
signtool sign /fd sha256 /f temporarykey.pfx mypackage.appx
I then get an error with signtool though:
SignTool Error: An unexpected internal error has occured
Error information: "Error: SignerSign() failed." (-2147024885/0x800700b)
And then of course get an error when trying to install it with the standard powerscript file created by Visual Studio for installing/sideloading any APPX package.
Found package: C:\....mypackage.appx
Error: The package is not digitally signed or its signature is corrupted
I've used this exact process for packages generated from Visual Studio. Are temporary keys tied to a particular package or something? What am I missing? Is this a bug in signtool?
Apparently, you can't just take any temporary key and sign the APPX with it. In particular the certificate subject lines must match(the "publisher name"). I do not know of a better way of determining what the subject line much actually be. First, try to use signtool and sign the APPX file with any temporary key. Now go to Event Viewer. Then to Applications and Services and then Microsoft and then Windows and then AppxPackaging and finally Microsoft-Windows-AppxPackages/Operational. There should be an error event that just happened from that build. Check it. It should say something like
Error 0x800700B: The app manifest publisher name (CN=random-hex-number) must match the subject name of the signing certificate (CN=MyWrongName)
So, now make sure to hang on to that random-hex-number. That needs to be the subject line of the certificate and is the cause of the error. To generate a working certificate:
makecert.exe mycert.cer -r -n "CN=random-hex-number" -$ individual -sv private.pkv -pe -cy end
pvk2pfx -pvk private.pkv -spc mycert.cer -pfx mytemporarykey.pfx
Now finally, you should have a temporary key that will work with signtool!
Hopefully this answers serves other people well.
I am having a cert8.db in /home/hari/Desktop/certs directory. Now I want to convert this into PEM. tried to do this by first trying to export the cert8.db in pkcs12 to pem using pkutil
pk12util -o cert.pem -n cert8.db -d /home/hari/Desktop/certs
However this throws an error
pk12util: function failed: security library: bad database.
I have no idea what's going wrong here. Please help me out with it. Also any suggestions on alternative ways of doing this would also be greatly appreciated. Thanks a lot in advance.
You probably have figured it out by now, that the file belongs to Mozilla Firefox 4.x - security database. On Windows 7 Pro this is stored on the system root for some odd reason, that causes my security software to go nuts...
Then again, you might not have Firefox installed in your env.