How to install godaddy certificate on clib tomcat

Solved the issue by referring to this SO thread, and going back to the page on GoDaddy's HowTo For Tomcat4/5/6.x. Being an amateur to SSL Certificates, I did not realize the meaning of-inand-inkeyflags, and was trying to find a way by flanking them. Please excuse me if part of this appears increasingly matter-of-fact to a more trained eye.

I created a new keystore with

keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore tomcat.keystore

The-aliasvalue oftomcatis important here, and so is thepassword, sayP, which will be used for this keystore. So,tomcat.keystorecontains 1 entry listed as:

$ keytool -list -keystore tomcat.keystore 
tomcat, Jun 17, 2014, PrivateKeyEntry, 
Certificate fingerprint (MD5): XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

This keystore is of typeJKS. Then, I generated a CSR by:

keytool -certreq -v -alias tomcat -file myrequest.csr -keystore tomcat.keystore

gives amyrequest.csrfile, against which GoDaddy issues back azipfile of 3 certificates:

• gd_bundle-g2-g1.crt- Go Daddy Certificate Bundles - G2 With Cross to G1, includes Root
• gdig2.crt- Go Daddy Secure Server Certificate (Intermediate Certificate) - G2
• mydomain.crt- The certificate for my domain

Previously, I was incorrectly importing them back into thetomcat.keystorewhich gave me akeytool error: java.lang.Exception: Failed to establish chain from replyerror.

But instead, for the instructions on GoDaddy's page, by referring to the SO thread linked above, I first combined my certificatemydomain.crtand the certificate bundlegd_bundle-g2-g1.crtfrom GoDaddy as

cat mydomain.crt gd_bundle-g2-g1.crt > combinedcerts

Then make a keyfile by first exporting the private key oftomcat.keystoreas aPKCS12keystore and then extracting the key from thePKCS12keystore as the final keyfile required as specified:

keytool -importkeystore -srckeystore tomcat.keystore -destkeystore tomcatkey.p12 -deststoretype PKCS12

Take care to keep the password of the newPKCS12keystore being created, i.e.tomcatkey.p12to be exactly same as that oftomcat.keystore. The import should complete successfully with the following message:

Entry for alias tomcat successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Then I extracted the key from the newPKCS12keystore as:

openssl pkcs12 -in tomcatkeystore.p12 -out tomcatkey.pem -nodes

At this point, we'll be again prompted for the password set in the step above, upon successful verification of which, the new key should be exported intotomcatkey.pemwith the following message:

MAC verified OK

With thecombinedcertsandtomcatkey.pemready, I now followed instructions on GoDaddy's HowTo Page as:

openssl pkcs12 -export -chain -CAfile gd_bundle-g2-g1.crt -in combinedcerts -inkey tomcatkey.pem -out new.tomcat.keystore -name tomcat -passout pass:yourpasswd

The new keystorenew.tomcat.keystoreis of the typePKCS12instead of the older one which wasJKS. To configure tomcat to use the new keystore, the values of the properties the SSL Connector are changed nominally as

keystoreFile=<path to>\new.tomcat.keystore
keystorePass="yourpasswd"
keystoreType="PKCS12"

After this, on restarting the tomcat, the new certificate worked.

I am sure there is a much more efficient usage of the options to get this done in lesser steps, but if the steps above seem unnecessary or can be optimized it's only due to my limited in my glaring lack of depth in understanding these tools. But hey, this works!

Import https certificate in java

Friday, December 12, 2008

How to solve javax.net.ssl.SSLHandshakeException?

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:441)
at javax.mail.Service.connect(Service.java:233)
at javax.mail.Service.connect(Service.java:134)

--------------------------------------------------------
The problem is that our webapp is now acting as a SSL client, and as a client, it needs to obtain and 'trust' the server's public key.
-----------------------------------------------------

The fix

Obtain the server's public key.

To quote Microsoft; "consult your system administrator". The public/private key pair will live somewhere on the server. The public key should be located and copied to the server hosting JIRA/Confluence. For example:

scp root@mail.yourcompany.com:/etc/ssl/certs/imapd.pem .

If you have openssl installed locally, the key can be retrieved with a command like:

jturner@teacup:~$ openssl s_client -connect imap.atlassian.com:imaps
CONNECTED(00000003)
depth=0 /C=AU/ST=NSW/L=Sydney/O=Atlassian/CN=imap.atlassian.com/emailAddress=info@atlassian.com
.....
.....
Server certificate
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB/MQswCQYDVQQGEwJBVTEM
MAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxEjAQBgNVBAoTCUF0bGFzc2lh
bjEaMBgGA1UEAxMRY3ZzLmF0bGFzc2lhbi5jb20xITAfBgkqhkiG9w0BCQEWEmlu
Zm9AYXRsYXNzaWFuLmNvbTAeFw0wNTA5MjMwNjUyNTNaFw0wNjA5MjMwNjUyNTNa
MH8xCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTES
MBAGA1UEChMJQXRsYXNzaWFuMRowGAYDVQQDExFjdnMuYXRsYXNzaWFuLmNvbTEh
MB8GCSqGSIb3DQEJARYSaW5mb0BhdGxhc3NpYW4uY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDhwAgx/gDgKe9tBjUCj7JtVkwQSzj2Dq0PHiJu1AWUYWFW
ivbBWaWSYbt/w9vIRSL8OlGVOLnlFOH5o7QIpIBZvd3xBMv6DxMijM86/hu8QTPt
KcMuqBTGpu1T846SzNncj883wSE1hXxezCgEFCsqyC7dVX4l0Ay6zgzkt2wc3QID
AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEEBQADgYEAJOgg
O4brCcQa3IgONo8UmLcHo6Rq+Py6ZA3ueUegy/uyQ358JUeL4kktXuYL9gAPCuMc
hsC1iyaOrWY/S9S67w2ZWqc+uYX9ophFHkxK1r3YiaiMpEzMyB12VWSrOITcR0LV
7NTWfxfPLUpkDbj+Mw/66QJkI0lqBvcKn3KXI74=
-----END CERTIFICATE-----

Cut and paste the certificate (including BEGIN and END lines) into a local file (eg. imapd.pem).


******Instead of this we can download the certificate from browser itself.

Import the public key.

To do this, you need to use the keytool program that comes with Java. If you haven't already, add $JAVA_HOME/bin to your PATH, and then run the following:

jturner@teacup:~$ sudo keytool -import -alias mail.yourcompany.com -keystore $JAVA_HOME/jre/lib/security/cacerts -file imapd.pem
Enter keystore password:  changeit
Owner: EMAILADDRESS=info@atlassian.com, CN=atlassian.com, O=Atlassian, L=Sydney, ST=NSW, C=AU
Issuer: EMAILADDRESS=info@atlassian.com, CN=atlassian.com, O=Atlassian, L=Sydney, ST=NSW, C=AU
Serial number: 0
Valid from: Fri Feb 11 14:09:05 EST 2005 until: Sat Feb 11 14:09:05 EST 2006
Certificate fingerprints:
MD5:  CB:AE:7D:5D:1A:08:06:77:93:3B:0F:53:BB:40:C0:D4
SHA1: 7C:02:44:0D:A9:8F:F9:FB:BB:7B:C6:F1:52:DE:CA:00:17:D9:3A:A0
Trust this certificate? [no]:  yes
Certificate was added to keystore

This will import the public key (imapd.pem) into Java's default keystore, and marks it as trusted.
On Windows the command is similar, eg.:

C:\Program Files\Java\jre1.6.0_05>bin\keytool -import -file c:\certs\imapd.pem -alias mail.yourcompany.com -keystore lib\security\cacerts
Enter keystore password:
Owner: CN=*.atlassian.com, OU=IT, O=ATLASSIAN SOFTWARE SYSTEMS PROPRIETARY LIMITED, L=Sydney, ST=NSW, C=au
Issuer: CN=DigiCert Global CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: a2d7047dc5d47ba988c9685e1efb860
Valid from: Thu Jan 10 11:00:00 EST 2008 until: Fri Jan 14 10:59:59 EST 2011
Certificate fingerprints:
        MD5:  9D:B4:9F:3D:0A:DE:6A:BD:BC:3D:95:BE:60:BD:70:02
        SHA1: 67:C6:E9:C8:3F:F1:7A:3C:66:E2:CE:62:78:A1:66:84:35:5E:62:1E
        Signature algorithm name: SHA1withRSA
        Version: 3
.....

Trust this certificate? [no]:  yes
Certificate was added to keystore

C:\Program Files\Java\jre1.6.0_05>

Restart the app server

Alfresco: No live node exists - error halts solr indexing

Error: 

Using 4.0.d on postgresql indexing with Solr, I see this error in alfresco.log

2012-02-15 08:11:50,393  ERROR [extensions.webscripts.AbstractRuntime] [http-8443-4] Exception from executeScript - redirecting to status template error: 01156612 Wrapped Exception (with status template): No live node exists: 

   ID:        520521

   Cache row: NodeEntity[ ID=520521, version=16, store=workspace://SpacesStore, uuid=64b01e12-dfac-4b22-96d0-bfa30ba7d34e, typeQNameId=32, localeId=15, aclId=null, deleted=true, transaction=TransactionEntity[ ID=1064115, server=null, changeTxnId=f4359d12-f144-43c7-8c17-18697c4eb864, commitTimeMs=null], auditProps=AuditablePropertiesEntity[ auditCreator=anbj01, auditCreated=2012-02-07T08:05:37.520+01:00, auditModifier=anbj01, auditModified=2012-02-07T09:20:18.000+01:00]]

   DB row:    NodeEntity[ ID=520521, version=16, store=workspace://SpacesStore, uuid=64b01e12-dfac-4b22-96d0-bfa30ba7d34e, typeQNameId=32, localeId=15, aclId=null, deleted=true, transaction=TransactionEntity[ ID=1064115, server=null, changeTxnId=f4359d12-f144-43c7-8c17-18697c4eb864, commitTimeMs=null], auditProps=AuditablePropertiesEntity[ auditCreator=anbj01, auditCreated=2012-02-07T08:05:37.520+01:00, auditModifier=anbj01, auditModified=2012-02-07T09:20:18.000+01:00]]

 org.springframework.extensions.webscripts.WebScriptException: 01156612 Wrapped Exception (with status template): No live node exists: 

   ID:        520521

   Cache row: NodeEntity[ ID=520521, version=16, store=workspace://SpacesStore, uuid=64b01e12-dfac-4b22-96d0-bfa30ba7d34e, typeQNameId=32, localeId=15, aclId=null, deleted=true, transaction=TransactionEntity[ ID=1064115, server=null, changeTxnId=f4359d12-f144-43c7-8c17-18697c4eb864, commitTimeMs=null], auditProps=AuditablePropertiesEntity[ auditCreator=anbj01, auditCreated=2012-02-07T08:05:37.520+01:00, auditModifier=anbj01, auditModified=2012-02-07T09:20:18.000+01:00]]

   DB row:    NodeEntity[ ID=520521, version=16, store=workspace://SpacesStore, uuid=64b01e12-dfac-4b22-96d0-bfa30ba7d34e, typeQNameId=32, localeId=15, aclId=null, deleted=true, transaction=TransactionEntity[ ID=1064115, server=null, changeTxnId=f4359d12-f144-43c7-8c17-18697c4eb864, commitTimeMs=null], auditProps=AuditablePropertiesEntity[ auditCreator=anbj01, auditCreated=2012-02-07T08:05:37.520+01:00, auditModifier=anbj01, auditModified=2012-02-07T09:20:18.000+01:00]]

This error halts Solr indexing, it cannot get past that. I think Solr should be more fault tolerant, but my primary question here is how can this be fixed?


Solution 1: This will work for all versions of ICP.  If you are using alfresco 4.2+ Solution 2 is the recommended.

I tried this on 4.0.e.

We need to apply it directly on alfresco database.

This was not a cache issue, I had to remove the "no live" node directly from the database.

Solr is definitely exposing underlying issues on the database, I'm not sure if it would be best if Solr (like old lucene) moved past errors, so that indexing can continue, or halt like in this case. It went unnoticed for several days, so there was a very outdated index. But if indexing had moved on, I'm not sure an error in alfresco.log would have been spotted and subsequently fixed.

This is how I fixed it:
I ran these select statements to find out where the node id 520521 is present

select * from alf_child_assoc where child_node_id = 520521;

select * from alf_node_assoc where target_node_id = 520521;

select * from alf_node_assoc where source_node_id = 520521;

select * from alf_node_aspects where node_id = 520521;

select * from alf_node_properties where node_id = 520521;

select * from alf_node where id = 520521;

From there I could see that the node had no properties, it was not a child node to any node, and didn't have any associations.
It did however have a childnode (webpreview). This to me are some remains from a transaction that has gone very wrong, and the post in alf_node can/must be deleted.
So I deleted the rows

delete from alf_node_assoc where source_node_id = 520521;

delete from alf_node where id = 520521

Then for the now orphan webpreview childnode

 update alf_node set NODE_DELETED = true where id = 530544;

From there the indexing kicked in an now works.

*** If you fail to delete the node from alf_node. We need to delete if from other tables which has the foriegn key for alf_node table.


Solution 2:

This may not work for lower versions of alfresco 4.2

Following some steps from the wiki, I ran the SOLR FIX action. As I hadn't used any of the SOLR urls before I first had to set up the certificate on my browser. I copied browser.p12 from (my directory structure, YMMV) /opt/alfresco-4.0.d/tomcat/webapps/alfresco/WEB-INF/classes/keystore/browser.p12 on the server to my desktop, then imported it into Firefox (better instructions on the wiki). I then navigated to https://our.alfresco.url:8443/solr/admin/cores?action=FIX in Firefox, accepted the untrusted certificate exception and waited a few minutes for the page to load. Once it had loaded it displayed:
<response><lst name="responseHeader"><int name="status">0</int><intname="QTime">48942</int></lst></response>
and the error messages in catalina.out stopped.

source : https://forums.alfresco.com/forum/developer-discussions/repository-services/no-live-node-exists-error-halts-solr-indexing

Clone Mac Address in Windows XP

Many ISP providers uses your ethernet card (lan card) mac address to recognize your system and assign  unique Ip address in that lan.

If you have multiple system or to use any guests laptop's it is  very difficult to contact ISP customer care to register the new Mac address.

So we can set the mac id of our system which is already registered with ISP in the guests system. This is called cloning of mac.

First we need to get the mac id of our primary system:

1. Open Cmd prompt
2. Type the command getmac  and then enter will give us the mac address.

3. Copy the physical address(we will call this as mac address) in note pad .
In this screen shot 08-00-27-C0-EB-AA.

Thats it our fist step completed


To change the mac address in target system.
1. Right click on network icon in system tray(near time and date)

2. select status 

3. Click on properties.

4. Local area network properties dialog opens up. 

5. Click on configure button.

6. From the openned dialog box select advanced tab.

7. Select Network address option from the list menu.

8. Click on value radio button.

9. Enter the mac address we have saved from the source system. In this it is.

080027C0EBAA.
***Enter mac address with out '-'.
10. Click on ok button.

11. Restart the system.

12. Check the mac id with the "getmac" command from command prompt. We did this in first phase to collect  the mac id from source.

Thats it we are done.

SmartGitHg Installation in Ubuntu 14.04

sudo add-apt-repository ppa:eugenesan/ppa

sudo apt-get update

sudo apt-get install smartgithg

after install set environment variable in ~/.bashrc

This will only work with java 7 version. 

export SMARTGIT_JAVA_HOME=/home/venky/App/jdk1.7.0_55

done