nullchar networks
Software Notes
Eclipse
- How to enable CTRL+TAB behavior in Eclipse?
-
Change the key mappings for for Next Editor and Previous Editor
Window > Preference > General > Keys > Filter > Next Editor > Change binding from Ctrl+F6 to Ctrl+Tab
Repeat for Shift+Ctrl+Tab for Previous Editor
Firefox Tweaks
- Rid yourself of the annoying tooltips on the URL bar, such as "This website does not supply identity information" that block your ability to drag & drop sites into the bookmarks toolbar:
-
about:config (and agree to any warnings)
browser.chrome.toolbar_tips > false
Unfortunately, this also removes the tooltip that shows the title attribute when hovering over images! Beware.
- Set the search bar to always open a new tab so you don't have to press CTRL+T first:
-
about:config (and agree to any warnings)
browser.search.openintab > true
- Enable visual protection against phishing by highlighting the hostname in blue for SSL sites:
-
about:config (and agree to any warnings)
browser.identity.ssl_domain_display > 2
Now all SSL sites, even those without EV Certs will be obvious.
OpenSSL / Apache / Java Keystore
These are a bunch of steps for creating Keys, CSRs, and SSL Certs. It also covers adding keys and certs to a Java Keystore (which is a pain in the ass). A Java Keystore can be used with Tomcat, Openfire, etc. These steps cover self-signed certs, but the process is the same for [trusted] CA-signed certs (you just send the CA your CSR, and then use the cert they give you).
- First, change to root and make yourself a subdir under /etc/ssl to keep track of these files:
-
sudo su -
cd /etc/ssl/
mkdir nullchar.net
chmod go-rwx nullchar.net # for security
cp openssl.cnf nullchar.net/openssl.cnf.nullchar
cd nullchar.net/
- Next, edit YOUR conf file and change the following attributes:
-
default_days = 3650 (10 years for a self-signed cert)
default_md = sha256 (or sha512, also pass to openssl command below)
default_bits = 2048 (or more)
countryName_default
stateOrProvinceName_default
localityName_default
0.organizationName_default
organizationalUnitName_default (optional)
commonName_default = your-hostname.domain-name.tld (e.g. www.nullchar.net)
nsComment = "NULLCHAR.NET Generated Certificate" (optional)
- Generate the private key; make a backup; remove the passphrase:
-
openssl genrsa -aes256 -out www.nullchar.net.key 2048
cp -a www.nullchar.net.key www.nullchar.net.key.encpass
openssl rsa -in www.nullchar.net.key.encpass -out www.nullchar.net.key
- Generate the CSR using your config:
-
openssl req -config openssl.cnf.nullchar -sha256 -new -key www.nullchar.net.key -out www.nullchar.net.csr
- Generate a self-signed certificate: Or, if using a 3rd party signed cert, save the one you received to a plain text file. Be sure and view it using OpenSSL [see below] to ensure it is valid.
- openssl x509 -req -days 3650 -in www.nullchar.net.csr -signkey www.nullchar.net.key -out www.nullchar.net.cert
- View info about the private key, CSR and final cert:
-
openssl rsa -noout -text -in www.nullchar.net.key
openssl req -noout -text -in www.nullchar.net.csr
openssl x509 -noout -text -in www.nullchar.net.cert
- Create a .pem file, which is just your final cert and private key. This file can be used with Apache httpd webserver, Postfix mail server (TLS/SSL for sending mail), Dovecot IMAPS server, etc.
-
cat www.nullchar.net.key >> www.nullchar.net.pem
cat www.nullchar.net.cert >> www.nullchar.net.pem
chown go-rwx www.nullchar.net.pem # Apps will read this as root before dropping privs
The following steps are for getting your key and cert inside a Java Keystore
- Convert both the key and cert into binary DER format:
-
openssl pkcs8 -topk8 -nocrypt -in www.nullchar.net.key -inform PEM -out www.nullchar.net.key.der -outform DER
openssl x509 -in www.nullchar.net.cert -inform PEM -out www.nullchar.net.cert.der -outform DER
- Compile a Java source file [source: agentbob.info], then use it to stick your key and cert in a Java keystore:
-
wget 'http://www.agentbob.info/agentbob/80/version/default/part/AttachmentData/data/ImportKey.java'
javac ImportKey.java
java ImportKey www.nullchar.net.key.der www.nullchar.net.cert.der nullchar.net # This key is now aliased as 'nullchar.net'
mv ~/keystore.ImportKey tomcat.keystore # The program puts the keystore in your homedir
chown root:tomcat6 tomcat.keystore # Tomcat needs to read, but not write
chmod go-rwx tomcat.keystore
chmod g+r tomcat.keystore
ln -s tomcat.keystore /etc/tomcat6/tomcat.keystore # optional
- By default, the keystore has a password, and the key has a password; change them both to a new, same password:
-
keytool -keystore tomcat.keystore -keypasswd -alias nullchar.net -keypass importkey -new changeit
keytool -storepasswd -new changeit -keystore tomcat.keystore
- Finally, view info about the keystore. It can now be used inside Tomcat, but be sure to specify the keyAlias in server.xml.
-
keytool -keystore tomcat.keystore -list -v
# password: changeit or whatever you set above. This also needs to be specified in server.xml