There are two main methods for encoding certificate data.
- DER = Binary encoding for certificate data
- PEM = The base64 encoding of the DER encoded certificate, with a header and footer lines added.
DER: (Distinguished Encoding Rules) is a subset of BER encoding providing for exactly one way to encode an ASN.1 value. DER is intended for situations when a unique encoding is needed, such as in cryptography, and ensures that a data structure that needs to be digitally signed produces a unique serialized representation.
PEM: (Privacy-enhanced Electronic Mail) Simply a US-ASCII by base64 encoded DER certificate, certificate request, or PKCS#7, enclosed between typical PEM delimiters. ie “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–”. PEM is an abbreviation for Privacy Enhanced Mail (RFC 1421 – RFC 1424), an early standard for securing electronic mail (IRTF, IETF). PEM never has been widely adopted as Internet Mail Standard, but has become a staple standard in x509 pki (also called pkix)
Certificate naming extensions
If you want to learn more about certificate extensions please see my other blog post here: der vs crt vs cer vs pem certificates
Install Java from Oracle
Setup the plugin with this command
sudo /usr/sbin/update-alternatives –install /usr/lib64/browser-plugins/javaplugin.so javaplugin /usr/java/default/lib/amd64/libnpjp2.so 3 –slave /usr/bin/javaws javaws /usr/java/default/bin/javaws
Step 1 – Software Needed
- Get a Windows 7 SP1 installation media. For this article I’ll be using a Windows 7 SP1 Enterprise 32 bit version of Windows.
- The Windows® Automated Installation Kit (AIK) for Windows® 7 http://www.microsoft.com/download/en/confirmation.aspx?id=5753 This file downloads as: KB3AIK_EN.iso
- The Windows Automated Installation Kit (AIK) Supplement for Windows 7 SP1 is an optional update to AIK for Windows 7 that helps you to install, customize, and deploy the Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 family of operating systems. http://www.microsoft.com/download/en/details.aspx?id=5188 The release I’ve downloaded was released on 2/21/2011 and downloads as waik_supplement_en-us.iso
- 7zip – used to extract files from the iso images.
Install Windows 7 using default settings. We will customize this install. I’m using a virtual machine running in VMware Fusion so I can snapshot the progress.
- User: default
- Machine Name: BaseImage
- No Updates
- No password
- Enable Administrator Account
- Work Network
- Copy All 3 isos to the desktop
- Install 7zip
- Install VMware Tools
- Login with your newly created account (not Builtin Administrator)
All Programs needed for Sysprep.
Step 3 – Installing the wAIK
Extract the contents of the isos to the desktop using: Right click -> 7zip –> Extract to “foldername”. You should now have three folders on your desktop with the contents of the three isos.
From the KB3AIK_EN folder run the wAIKX86.msi (wAIKAMD64.msi if you’re installing a 64bit windows)
Run the wAIKX86.msi
- Accept the License Agreement [next]
- Accept Default folder of C:Program FilesWindows AIK
- Install for Everyone [next]
- Click Next to start installation [next]
- Finish install [Close]
Step 4 – Load image into System Image Manager
This will walk through loading a windows image (in this case the image is the install DVD) into the System Image Manager.
- Launch the windows system image manager
- The program will launch and show you a screen with a bunch of blank panes.
Windows System Image Manager
In the bottom left pane titled Windows Image, right click and select “New Image”.
Brows to the location where you extracted windows 7 iso (Desktop), and brows to the sources folder and choose the cataloge file (.clg extension) “install_Windows 7 Enterprise.clg”.
Catalog File Location
Now we have the Windows image Loaded into the image manager. The next step will walk through creating an answer file.
Step 5 – Creating the answer file
– TODO — Create the File
Step 6 – Running Sysprep
In another VM instance start a vanilla 7 installation. When you arrive at the welcome screen where it asks you to create a username, hit CTRL+SHIFT+F3, this will reboot your machine and put you in “audit” mode.
- Boot from Windows 7 Disk
- Partition the Drive how you want it
- Install VMware tools
- Copy you unattend.xml to c:Windowssystem32sysprep
What is a PFX Certificate
PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key PFX Certificate?
In practice .pfx is just another file extension for a PKCS#12 or .p12 type certificate.
Convert PFX to PEM
This command will convert a pfx certificate to a X509 pem encoded certificate. The use of the -nodes flag will give the option to password protect the private key in the new pem encoded certificate. For information on converting pem to der encoded certificates.
Export ALL: Public Certificates, Private Keys, and CA Chain as single certificate
Encrypt private key with a password
openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em>
Do not encrypt private key
openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> -nodes
Export Public Certificate from pfx
openssl pkcs12 -in <em>Certificate.pfx</em> -out <em>NewCertificate.pem</em> -nokeys -clcerts
Export Private Key from pfx
openssl pkcs12 -in <em>certificate.pfx</em> -out <em>certificate.key</em> -nocerts -nodes
Export Certificate Authority (CA) Chain from pfx
openssl pkcs12 -in <em>certificate.pfx</em> -out <em>ca-chain.pem</em> -nokeys -cacerts<br /><br />
Convert PFX to JKS ( Java Keystore )
If you do have Keytool application and your PKCS#12 file, launch the one-line command:
keytool -importkeystore -srckeystore <em>source.p12</em> -srcstoretype pkcs12<br /> -srcalias <em>Alias</em> -destkeystore <em>target.jks </em>-deststoretype jks <br /> -deststorepass <em>password</em> -destalias <em>Alias</em>
Name That Sound
Variation on a game by a similar title.
This is one of those cases where a picture is worth a thousand words.
What is the difference between a Nerd, Geek, Dork, or Dweeb?
I was attempting to secure copy a file over a remote server and I encountered the following error:
$ scp file.txt user@ip_address:”/file path/”
scp: ambiguous target
So after some trial and error I discovered the problem was the space ” ” in the path to which I was attempting to copy the file to. I knew you would have to escape the space with a ” ” however I would still get the error.
To solve this problem you need to escape the space AND add the quote around the path
$ scp /file/to/copy user@desthost:”/file path/”