Personal, Public Key Infrastructure ( PKI ), Tech

PFX (p12) Certificate Conversion

What is a PFX Certificate

PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a file format commonly used to store X.509 private keys with accompanying public key certificates, protected with a password-based symmetric key PFX Certificate?

In practice .pfx is just another file extension for a PKCS#12 or .p12 type certificate.

Convert PFX to PEM

This command will convert a pfx certificate to a X509 pem encoded certificate. The use of the -nodes flag will give the option to password protect the private key in the new pem encoded certificate. For information on converting pem to der encoded certificates.

Export ALL: Public Certificates, Private Keys, and CA Chain as single certificate

Encrypt private key with a password

openssl pkcs12 -in Certificate.pfx -out NewCertificate.pem

Do not encrypt private key

openssl pkcs12 -in Certificate.pfx -out NewCertificate.pem -nodes

Export Public Certificate from pfx

openssl pkcs12 -in Certificate.pfx -out NewCertificate.pem -nokeys -clcerts

Export Private Key from pfx

openssl pkcs12 -in certificate.pfx -out certificate.key -nocerts -nodes

Export Certificate Authority (CA) Chain from pfx

openssl pkcs12 -in certificate.pfx -out ca-chain.pem -nokeys -cacerts

Convert PFX to JKS ( Java Keystore )

If you do have Keytool application and your PKCS#12 file, launch the one-line command:
keytool -importkeystore -srckeystore source.p12 -srcstoretype pkcs12
-srcalias Alias -destkeystore target.jks -deststoretype jks
-deststorepass password -destalias Alias


Personal, Tech

Geek vs Dork vs Nerd vs Dweeb

This is one of those cases where a picture is worth a thousand words.

What is the difference between a Nerd, Geek, Dork, or Dweeb?

‘nuf said.


scp: ambiguous target

I was attempting to secure copy a file over a remote server and I encountered the following error:
$ scp file.txt user@ip_address:”/file path/”
scp: ambiguous target

So after some trial and error I discovered the problem was the space ” ” in the path to which I was attempting to copy the file to. I knew you would have to escape the space with a ” ” however I would still get the error.

To solve this problem you need to escape the space AND add the quote around the path
$ scp /file/to/copy user@desthost:”/file path/”

Personal, Photography

Operation: Love ReUnited

Participating Photographer

My lovely wife Chesnye has found a worthy cause to donate our resources to.  We’ve taken our photography business forever photoz and teamed up with Operation Love ReUnited.


Introduction To The Program:

If you have ever been through a military deployment, there are no words to explain how hard it is to send the father or mother of your children off to some foreign, dangerous land, leaving you all behind…. Alone.  It’s indescribable to watch their faces light up as their mother or father comes up the stairs of the airport after months, possibly a year or more, of not hugging each other.  Emotions fly through the main lobby, it’s so very good to have them home.  Your base’s Family Support Squadron will help you with your deployment.  But the last thing on your mind when your wife or husband arrives home after a 4 to 18 month tour, is capturing all this love– on film.  Most people are so overwhelmed with emotions they forget to simply point and shoot the camera they are grasping of their child’s first hug, or that single tear of relief from a mother being able to hold her twenty year old son again.  With the help of Operation: Love ReUnited and local photographers near your base, you can.

The Operation helps those long months go by a little faster.  It’s designed to capture moments that you will never remember.  It’s art.  It’s love.  And it’s all made possible by artists wanting to give something back to those who make the United States what it is, and ask for nothing in return- but to come home.

If you are a member or family member of the United States Military, and are interested in having very special and touching images with a patriotic edge taken of you and/or your family before a deployment or during, and at your reunion, please contact a photographer in your area now.  You will receive a substantial package as a gift in appreciation for all you have been through as a military member.  The package will always include a 4×6 album of pre-deployment images, such as a child’s hand clasped in his parent’s with the faint glimpse of a BDU sleeve, a marine in dress with his family, a salior with his parents right before departure, or a child playing dress up in combat boots and a helmet.  The album will be sent to the deployed soldier by the photographer, at no cost to you.  Also with your package, all session fees will be waived.  Your photographer may have a designated package or other options for Operation: Love ReUnited participants at their discretion with a signed model release.

About Pre-Deployment & Deployment Sessions:

OpLove Pre-Deployment & Deployment sessions help you say goodbye and cope with being away.  Anyone who has had to see their husband or wife, son, daughter, sister or brother off to war knows how hard it is to watch them walk away from you.  Our photographers are part of the program as volunteers.  They feel your pain, many of them being military spouses or family members themselves, they want to listen, they want to help ease your worries, they want to do what they can to help you through this deployment, and we do that with photography.  Your initial session will be either with your spouse before he or she deploys dressed in their dress uniform or BDUs for most of the session, or if you find OpLove after your loved one has deployed, your session will be done without your loved one keeping a patriotic theme that could include dress, hats, BDUs, boots and other military gear, but they will still experience all the love & benefits that OpLove has to offer.

About Returning Sessions:

When your loved one comes home from a deployment, the last thought on your mind will be your camera.  Most people are so overwhelmed with emotions, they simply forget they are holding it in their hand.  Once you find out about the time your loved one is to return from his or her deployment, please let your photographer know.  They will want to accompany your family to the welcoming home of your spouse or loved one, and capture that first glimpse, that first embrace, and all the love that surrounds every person who walks off that plane, into their families arms.  From this session photographers have the choice of presenting you an album and/or a CD of images.


How to Extract an RPM Without Installing

To extract or “unbuild” and RPM so you can see its files you have to use two programs.  The first is rpm2cpio, the second is cpio.

rpm2cpio: Extract cpio archive from RPM Package Manager (RPM) package.

cpio – allows a user to copy file to and from an archive.

[code lang=”bash” title=”Do this as root”]linux:/tmp/rpmsource# rpm2cpio <>.src.rpm | cpio -idmv [/code]

Explanation: rpm2cpio takes the rpm and runs the extraction that is then piped through cpio to extract the files to a local directory.   FLAGS: -i extract, -d make directories where needed, -m preserve modification time, -v verbose mode will list the names of the files as they are extracted.

I’m not sure if this will work for non-src rpms.


NXServer and Lastlog

On CENTOS 5.5 nxserver would not update the lastlog database.  The USESSION directive was set correctly in the nxserver.conf file.

The solution was the permissions on /var/log/lastlog was set to 644 and the ownership was root:root.   Once it was changed to root:utmp and 664 the lastlog was updated correctly when a user logged into the nxsession.

Novell, Tech

eDirectory Photo Attributes

** This post is pretty incomplete, I gave up on it.   But there is enough info here that may be usefull**

eDirectory has several attributes for photos, here are the raw schema attributes from an eDirectory install from iMonitor.  An interesting note is that ldapPhoto and photo have the same OID.  Because the syntax is Octet String I think that the photos can be stored as either Binary Data or as a Base64 encoded representation of the image.

Attribute Name
Lower Limit
Upper Limit
Used By Class
jpegPhoto Sync. Immediate Octet String 0 4294967295 0.9.2342.19200300.100.1.60 User
ldapPhoto Sync. Immediate Octet String 0 4294967295 0.9.2342.19200300.100.1.7 User
photo Sync. Immediate Octet String 0 4294967295 0.9.2342.19200300.100.1.7 Person

Using and populating these attributes can be tricky.  If you use Identity Manager, the User Application stores pictures in the photo attribute.

rfc2798 defines

2.6.  JPEG Photograph

   Used to store one or more images of a person using the JPEG File
   Interchange Format [JFIF].

    ( 0.9.2342.19200300.100.1.60
      NAME 'jpegPhoto'
      DESC 'a JPEG image'
      SYNTAX )

   Note that the jpegPhoto attribute type was defined for use in the
   Internet X.500 pilots but no referencable definition for it could be

Truly Great Regex Tool

It isn’t very often that you come across a tool that is truly unique in what it does and is so complete that you abandon all other tools you’ve accumulated over time in favor of that one tool that just works.

I came across a regular expression builder that had me deleting all of my bookmarks for other builders. It is amazingly complete for everything I’ve ever needed in the world of regex. it is built using adobe flex and has an amazingly easy to user interface.

Regex Builder
Regular Expression Builder

This tool has a real time view of what your regular expression is doing. It handles both matching and replacing.