GTOPIA Blog

Ramblings of an idiot.

There are two main methods for encoding certificate data.

  • DER = Binary encoding for certificate data
  • PEM = The base64 encoding of the DER encoded certificate, with a header and footer lines added.

DER

DER: (Distinguished Encoding Rules) is a subset of BER encoding providing for exactly one way to encode an ASN.1 value. DER is intended for situations when a unique encoding is needed, such as in cryptography, and ensures that a data structure that needs to be digitally signed produces a unique serialized representation.

PEM

PEM: (Privacy-enhanced Electronic Mail) Simply a US-ASCII by base64 encoded DER certificate, certificate request, or PKCS#7, enclosed between typical PEM delimiters. ie “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–”. PEM is an abbreviation for Privacy Enhanced Mail (RFC 1421 – RFC 1424), an early standard for securing electronic mail (IRTF, IETF). PEM never has been widely adopted as Internet Mail Standard, but has become a staple standard in x509 pki (also called pkix)

Certificate naming extensions

If you want to learn more about certificate extensions please see my other blog post here: der vs crt vs cer vs pem certificates

Requirements:

  • Have keytool installed (Installed as a part of the jre)
  • Have your certificate local (either pem or der format)
  • Know where your keystore is

 

  1. Add “Pool” Repository
  2. zypper ar -t rpm-md <<URL>>
  3. zypper in -t product sle-sdk
  4. suse-register
  5. zypper refs
  6. zypper lr

Install Java from Oracle

Setup the plugin with this command

sudo /usr/sbin/update-alternatives –install /usr/lib64/browser-plugins/javaplugin.so javaplugin /usr/java/default/lib/amd64/libnpjp2.so 3 –slave /usr/bin/javaws javaws /usr/java/default/bin/javaws

Step 1 – Software Needed

  • Get a Windows 7 SP1 installation media. For this article I’ll be using a Windows 7 SP1 Enterprise 32 bit version of Windows.
  • The Windows® Automated Installation Kit (AIK) for Windows® 7 http://www.microsoft.com/download/en/confirmation.aspx?id=5753 This file downloads as: KB3AIK_EN.iso
  • The Windows Automated Installation Kit (AIK) Supplement for Windows 7 SP1 is an optional update to AIK for Windows 7 that helps you to install, customize, and deploy the Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 family of operating systems. http://www.microsoft.com/download/en/details.aspx?id=5188 The release I’ve downloaded was released on 2/21/2011 and downloads as waik_supplement_en-us.iso
  • 7zip – used to extract files from the iso images.

Step 2

Install Windows 7 using default settings. We will customize this install. I’m using a virtual machine running in VMware Fusion so I can snapshot the progress.

  • User: default
  • Machine Name: BaseImage
  • No Updates
  • No password
  • Enable Administrator Account
  • Work Network
  • Copy All 3 isos to the desktop
  • Install 7zip
  • Install VMware Tools
  • Reboot
  • Login with your newly created account (not Builtin Administrator)
Programs Needed for windows 7 sysprep

All Programs needed for Sysprep.

Step 3 – Installing the wAIK

Extract the contents of the isos to the desktop using: Right click -> 7zip –> Extract to “foldername”. You should now have three folders on your desktop with the contents of the three isos.

From the KB3AIK_EN folder run the wAIKX86.msi (wAIKAMD64.msi if you’re installing a 64bit windows)

choose wAIKX86.msi from the KB3AIK_EN folder

Run the wAIKX86.msi

  • Accept the License Agreement [next]
  • Accept Default folder of C:Program FilesWindows AIK
  • Install for Everyone [next]
  • Click Next to start installation [next]
  • Finish install [Close]

Step 4 – Load image into System Image Manager

This will walk through loading a windows image (in this case the image is the install DVD) into the System Image Manager.

  • Launch the windows system image manager

 

  • The program will launch and show you a screen with a bunch of blank panes.
Windows System Image Manager

Windows System Image Manager

In the bottom left pane titled Windows Image, right click and select “New Image”.

Brows to the location where you extracted windows 7 iso (Desktop), and brows to the sources folder and choose the cataloge file (.clg extension) “install_Windows 7 Enterprise.clg”.

clg file location

Catalog File Location

Now we have the Windows image Loaded into the image manager. The next step will walk through creating an answer file.

Step 5 – Creating the answer file

– TODO — Create the File

Step 6 – Running Sysprep

In another VM instance start a vanilla 7 installation. When you arrive at the welcome screen where it asks you to create a username, hit CTRL+SHIFT+F3, this will reboot your machine and put you in “audit” mode.

  • Boot from Windows 7 Disk
  • Partition the Drive how you want it
  • Install VMware tools
  • reboot
  • Copy you unattend.xml to c:Windowssystem32sysprep

 

20130112-002535.jpg

What is a PFX Certificate

PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key PFX Certificate?

In practice .pfx is just another file extension for a PKCS#12 or .p12 type certificate.

Convert PFX to PEM

This command will convert a pfx certificate to a X509 pem encoded certificate. The use of the -nodes flag will give the option to password protect the private key in the new pem encoded certificate. For information on converting pem to der encoded certificates.

Export ALL: Public Certificates, Private Keys, and CA Chain as single certificate

Encrypt private key with a password

Do not encrypt private key

Export Public Certificate from pfx

Export Private Key from pfx

Export Certificate Authority (CA) Chain from pfx

Convert PFX to JKS ( Java Keystore )

 

 

 

 

 

Name That Sound

 

Variation on a game by a similar title.

This is one of those cases where a picture is worth a thousand words.

What is the difference between a Nerd, Geek, Dork, or Dweeb?

‘nuf said.

I was attempting to secure copy a file over a remote server and I encountered the following error:
$ scp file.txt user@ip_address:”/file path/”
scp: ambiguous target

So after some trial and error I discovered the problem was the space ” ” in the path to which I was attempting to copy the file to. I knew you would have to escape the space with a ” ” however I would still get the error.

To solve this problem you need to escape the space AND add the quote around the path
$ scp /file/to/copy user@desthost:”/file path/”