Blog Image

MaxSpirit - bevlogen ICT!

Melle Visser

https://www.maxspirit.nl

Oracle Wallet toolkit

Certificaten Posted on Fri, November 02, 2018 16:49:02

Oracle gebruikt de Oracle Wallet om certificaten in op te slaan.
Hier een aantal methodes om daar mee om te gaan.

Oracle Wallet aanmaken
$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd “geheim”

Importeer een Java keystore in een Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet ./ -pwd “geheim” \
-keystore KEYSTORE.jks -jkspwd “geheim”

Importeer een P12 keystore in een Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki wallet import_pkcs12 -wallet ./ -pwd “geheim” \
-pkcs12file P12.jks -pkcs12pwd “geheim”

Importeer een PEM certifcaat in een Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki wallet add -wallet ./ -trusted_cert -cert ./CERTIFICATE.pem -pwd “geheim”

Maak auto-login mogelijk van de Oracle Wallet
$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet ./ -auto_login -pwd “geheim”

Toon wat er in de Oracle Wallet zit
$ORACLE_HOME/oracle_common/bin/orapki wallet display -wallet ./ -pwd “geheim”

Help pagina Oracle Wallet

$ORACLE_HOME/oracle_common/bin/orapki help

Oracle PKI Tool : Version 12.2.1.3.0
Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.

orapki [crl|wallet|cert|help] <-nologo> <-jsafe>
Syntax :
[-option [value]] : mandatory, for example [-wallet [wallet]]
[-option <value>] : optional, but when option is used its value is mandatory.
<option> : optional, for example <-summary>, <-complete>
[option1] | [option2] : option1 ‘or’ option2

$ORACLE_HOME/oracle_common/bin/orapki wallet help

Oracle PKI Tool : Version 12.2.1.3.0
Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved.

wallet:
create [-wallet [wallet]] [[-pwd <pwd>] [-auto_login|-auto_login_local]] | [-auto_login_only] [-with_trust_flags] [-compat_v12]
display [-wallet [wallet]] <-summary|-complete> [-pwd <pwd>]
convert [-wallet [wallet]] [-pwd <pwd>] | [-auto_login_only] [-compat_v12]
change_pwd [-wallet [wallet]] [-oldpwd <oldpwd>] [-newpwd <newpwd>]
enable_trust_flags [-wallet [wallet]] [-pwd <pwd>] | [-auto_login_only] <-untrust_all>
add [-wallet [wallet]] <[-dn [dn]]> <-asym_alg [RSA|ECC]> <[-keysize [512|1024|2048|4096|8192|16384]] |
[-eccurve [p192|p224|p256|p384|p521|k163|k233|k283|k409|k571|b163|b233|b283|b409|b571]]>
<-self_signed [-validity [days]] | [-valid_from [mm/dd/yyyy] -valid_until [mm/dd/yyyy]]
[-serial_file <file_loc>] | [-serial_num <serial_num>]> <-addext_ski>
<-addext_ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly>
<-addext_basic_cons [CA] | [-pathLen [pathlen]]]>
<-addext_san [DNS:<value>]>
<[-cert [filename]] [-trusted_cert|-user_cert]> [-pwd <pwd>] | [-auto_login_only]
[-sign_alg <md5|sha1|sha256|sha384|sha512|ecdsasha1|ecdsasha256|ecdsasha384|ecdsasha512>]
<-trust_flags [SERVER_AUTH,CLIENT_AUTH|VALID_PEER|NULL]>
assign_trust_flags [-wallet [wallet]] [-pwd <pwd>] [-trust_flags [SERVER_AUTH,CLIENT_AUTH|VALID_PEER|NULL]]
[-dn [cert_dn]] <-issuer [issuer_dn]> <-serial_num [serial_num]>
remove [-wallet [wallet]] [-dn [subject_dn]] [-issuer_dn [issuer_dn]] [-serial_num <serial_num>]
[-trusted_cert_all|-trusted_cert|-user_cert|-cert_req] [-pwd <pwd>] | [-auto_login_only]
replace [-wallet [wallet]] [-issuer_dn <issuer_dn>] [-serial_num <serial_num>] [-cert [filename]]
[-trusted_cert|-user_cert]> <-trust_flags [SERVER_AUTH,CLIENT_AUTH|VALID_PEER|NULL]> [-pwd <pwd>]
export [-wallet [wallet]] [-dn [dn]] [-cert [filename] | -request [filename]] [-pwd <pwd>]
<-issuer_dn [issuer_dn]> <-serial_num [serial_num]>
export_trust_chain [-wallet [wallet]] [-certchain [filename]] [-dn [user_cert_dn]] [-pwd <pwd>]
<-issuer_dn [issuer_dn]> <-serial_num [serial_num]>
export_private_key [-wallet [wallet]] [-pwd <pwd>] [-pvtkeyfile [filename]] [-alias [pvtkey_alias]] [-pvtkeypwd <pwd>] [-salt salt]
import_private_key [-wallet [wallet]] [-pwd <pwd>] [-alias [pvtkey_alias]] [-pvtkeyfile [filename]] [-pvtkeypwd <pwd>] [-salt salt] [-cert [certfilename]] [-cacert [cacertfilename]]
upload [-wallet [wallet]] [-ldap [host:port]] [-user [user]] [-userpwd [userpwd]] [-pwd <pwd>]
download [-wallet [wallet]] [-ldap [host:nonsslport]] [-user [user]] [-userpwd [userpwd]] [-pwd <pwd>]
jks_to_pkcs12 [-wallet [wallet]] [-pwd <pwd>] [-keystore [keystore]] [-jkspwd [jkspwd]]
<-aliases [alias:alias..]>
pkcs12_to_jks [-wallet [wallet]] [-pwd <pwd>] [-jksKeyStoreLoc <jksKSloc> -jksKeyStorepwd <jksKS_pwd>]
[-jksTrustStoreLoc <loc> -jksTrustStorepwd <pwd>]
p11_add [-wallet [wallet]] [-p11_lib <pkcs11Lib>] [-p11_tokenlabel <tokenLabel>]
[-p11_tokenpw <tokenPassphrase>] [-p11_certlabel <certlabel>] [-pwd <pwd>]
p11_verify [-wallet [wallet]] [-pwd <pwd>]
import_pkcs12 [-wallet <wallet>] [[-pwd <pwd>] | [-auto_login_only]] [-pkcs12file <pkcs12Loc>] [-pkcs12pwd <pkcs12Pwd>]
help



Oracle Wallet

Oracle Posted on Fri, November 02, 2018 13:20:34

Oracle gebruikt voor een aantal van zijn producten de Oracle Wallet om certificaten in op te slaan.
In deze post wordt een procedure beschreven hoe je deze zou kunnen aanmaken.

1. Maak of vraag een nieuw certificaat aan

bijvoorbeeld:
openssl req \
-new -newkey rsa:2048 -nodes \
-subj “/CN=voor.beeld.nl/O=bedrijf/OU=PO/C=NL/ST=Noord-Holland/L=Amsterdam” \
-keyout KEY_voor_beeld_nl.pem -out CSR_voor_beeld_nl.pem

Vraag een certificaat aan en verzamel de intermediate en root certificaten.
Maak daar vervolgens een p12 keystore van.

openssl pkcs12 -export -out CERT_voor_beeld_nl.p12 \
-inkey KEY_voor_beeld_nl.pem \
-in CERT_voor_beeld_nl.pem \
-certfile CARootIntermediates.pem

2. Converteer het p12 formaat naar een Java keystore formaat

$JAVA_HOME/jre/bin/keytool -v -importkeystore \
-srckeystore CERT_voor_beeld_nl.p12 -srcstoretype PKCS12 -srcstorepass geheim \
-destkeystore CERT_voor_beeld_nl.jks -deststoretype JKS -deststorepass geheim

3. Maak een Oracle Wallet aan

$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd “geheim”

4. Importeer de Java keystore in de Oracle Wallet

$ORACLE_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet ./ -pwd “geheim” \
-keystore CERT_voor_beeld_nl.jks -jkspwd “geheim”

5. Zet auto_login aan op de Oracle Wallet voor de Oracle Webtier

$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet ./ -auto_login

De Oracle Wallet is klaar.
Er staan nu 2 bestanden in de directory
ewallet.p12 – Dit is de Oracle Wallet
cwallet.sso – Dit is de Oracle Wallet met auto-login

Voor gebruik in de Oracle Webtier kopieer je de cwallet.sso naar de gewenste lokatie.
Dit is de directory die staat geconfigureerd in de Webtier config file bij SSLWallet

Bijvoorbeeld:
<IfModule ossl_module>
SSLEngine on
SSLVerifyClient None
SSLCRLCheck Off
SSLWallet “/u01/oracle/certificates”
# SSL Protocol Support: Configure usable SSL/TLS protocol versions.
SSLProtocol ALL
# SSL Cipher Suite: List the ciphers that the client is permitted to negotiate.
SSLCipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA
</IfModule>



Rdesktop and Win2012 change password

Linux Posted on Wed, December 28, 2016 15:11:44

Rdesktop is a great way to connect to Windows Desktops.

But there is a pesky drawback. How to change your windows password?

Pressing Ctrl+Alt+Delete usally results in your operating system doing some stuff, instead of forwarding the key combo to the Windows RDP server.
The alternative Ctrl+Alt+End combo never worked for me.

Then I came across a great way to send the required key combination:
namely use Sticky Keys !

“I
find that when I type Shift 5 times in a row, a window pops up from the
Windows guest asking if I want to use Sticky Keys, I type Enter to
accept.
Then I can type Ctrl by itself, then Alt by itself, then
Delete by itself, and the remote-desktop guest sees a usual
Ctrl-Alt-Delete and opens the login screen.
The host OS does not see or respond to the Sticky-Keys Ctrl-Alt-Del.”

In short: hit Shift
5 times, Enter in the Sticky-Keys popup, Ctrl down & release, Alt
down & release, Delete down & release = Ctrl-Alt-Del

And you get the option to change your password !



Designer on Oracle 12c

Oracle Posted on Wed, November 02, 2016 12:28:49

Still using Oracle Designer?
And the Windows version has to be updated?
And the Oracle Database version as well?

Don’t Panic! It still works.

Install Oracle Designer with the Installer or Setup set on compatibility WinXP and run as Administrator.

You will find all the registry key now under:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ORACLE

When using Oracle Database 12c you will get an error when using the Oracle Designer java-based utilities, such as version compare.
The underlying error is: ORA-28040
This can be solved by adding the following entries to the sqlnet.ora in the ORACLE_HOME/network/admin folder of the database on the database server:
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8

now the jdbc drivers in the classes12.zip can connect to the Oracle 12c database.

Have Fun !



WLAN password Win10 tonen

Divers Posted on Fri, October 14, 2016 18:29:39

Je bent geconnect, maar bent het wachtwoord alweer vergeten.
Je hebt Windows 10 en geen Linux, dus hoe haal ik dat wachtwoord op?

simpeler dan verwacht:
cmd

C:\>netsh wlan show profile

C:\>netsh wlan show profile name=”<PROFIEL NAAM>” key=clear

Security settings

—————–

Authentication : WPA2-Personal

Cipher : CCMP

Authentication : WPA2-Personal

Cipher : Unknown

Security key : Present

Key Content : <ZWAAR GEHEIM>

NB. nog een interessante:

C:\>netsh wlan show all

Laat alle informatie zien, inclusief beschikbare WiFi netwerken met sterkte en channels…
iwlist for Windows 😉



Rdesktop

Linux Posted on Mon, June 20, 2016 12:33:12

Rdesktop is a great package to connect to windows servers.
And Linux Mint is a great distribution.

but… the latest version of rdesktop (the one without the pesky mouse bug) is not in the repository

So let’s build it ourselves:

1. download rdesktop ( https://github.com/rdesktop/rdesktop/releases )
2. become the root user
3. remove the old rdesktop
apt-get remove rdesktop
4. install the needed development packages
apt-get install gcc-multilib libx11-dev libssl-dev
5. tar xvfz rdesktop-1.8.3.tar.gz
6. cd rdesktop-1.8.3/
7. ./configure –disable-credssp –disable-smartcard
8. make
9. make install

enjoy !



SSH key generation

Certificaten Posted on Tue, May 17, 2016 11:37:26

Connecten met SSH kan natuurlijk prima met een username en wachtwoord.
Maar als je lui bent dan is er ook een handige optie door gebruik te maken van keys.

Stap 1 : Genereer een key voor de verbinding

ssh-keygen -t rsa -f id_voor_serverA

Dit genereert een RSA key met de bestandsnaam id_voor_serverA en id_voor_serverA.pub (key pair)

Stap 2 : Opzetten ssh config bestand

Maak een entry voor serverA in het bestand ~/.ssh/config

Host serverA

Hostname ssh.servera.com

Port 22

IdentityFile ~/.ssh/id_voor_serverA

User <username>

Stap 3 : inloggen en public key toevoegen aan het bestand authorized_keys van serverA

cat ~/.ssh/id_voor_serverA.pub | ssh serverA “cat >> ~/.ssh/authorized_keys”

et voila. Nu kan ingelogd worden met een simpel: ssh serverA
(in plaats van: ssh -l <username> -p 22 ssh.servera.com)



VI ontkleuren

Linux Posted on Thu, November 05, 2015 09:19:59

Je opent de vi editor en wordt verwelkomd door allerlei kleuren.
Wil je dit uitzetten dan doe je het volgende:

$ echo “syntax off” >> $HOME/.vimrc

voila



Next »