Certificate Notes

Every so often I have to do something with certificates. It’s infrequently enough that I always have to re-lookup all the commands because I don’t remember the exact syntax. Also, for a long time, I simply used self-signed certificates because they did the job for me. However, now that there are very inexpensive certificates, I sometimes use them. Anyway, here are my notes:

To read a certificate file:

$ openssl x509 -noout -text -in certificate.pem

To read a key file:

$ openssl rsa -noout -text -in certificate.key

To read a certificate request

$ openssl req -noout -text -in certificate.csr

To make a new 2048 bit rsa key

$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out 2048.pem

(genpkey supercedes the old genrsa parameter)

With old keys, you had to put a password on it. This caused problems because some programs would not start without then entering the password. So to take a password off of a private key

$ openssl rsa -in file_with_passphrase.key -out file_without_passphrase.key

To make a certificate request using the previously made key

$ openssl req -new -nodes -key certificate.key -out certificate.csr

To make a certificate request and key in one line

$ openssl req -new -nodes -newkey rsa:2048 -keyout certificate.key -out certificate.csr

If you already have a key

$ openssl req -new -key certificate.key -out certificate.csr

To make a self-signed certificate that's good for 10 years
$ openssl req -new -x509 -nodes -days 3650 -key certificate.key -out certificate.pem

If you want a legit certificate, you need to send your certificate request (.csr) to whoever you're requesting the certificate from. You will then probably get two files back. One will be the certificate file and the other will be the intermediate certificate file. Then in the apache config file, SSLCertificateFile is the certificate and SSLCertificateChainFile is the intermediate certificate. Don't forget SSLCertficiateKeyFile is your key.

The credentials are correct…

I had a problem where one user could not login to our windows server 2012 computer. The error message that I got was:

The credentials are correct, but the host cannot log you on for another reason. Please check if your password has expired or contact your system administrator for assistance.

This was weird because I didn’t have a problem with other users. And this user was able to ssh into our linux computers and was able to login to the windows 7 computers we had in the lab.

After doing an ldapsearch on both this problem user and a working user, I found that the issue was that the problem user didn’t have a tag “sambaPwdLastSet”. I have no idea how this got deleted, but once I added it, everything was fine.

Here’s the file that I used to add this field.

[~] $ more add_passwd_set.ldif 
dn: uid=problemuser,ou=people,dc=accounting,dc=example,dc=com
changetype: modify
add: sambaPwdLastSet
sambaPwdLastSet: 1394631807

Then I just made the change with:

[~] $ ldapmodify -x -D "cn=root,dc=accounting,dc=example,dc=com" -W -Z -f add_passwd_set.ldif 


I thought that I would take today and try to finish the curtains that I’m making for my bedroom doors. My mom gave me a new iron, which works fantastically well. I also got an ironing board, which also makes ironing so much easier. So I was making great progress with ironing and sewing the side seams. Then, I ran out of thread on my bobbin. No problem, I thought. I learned how to thread the bobbin a while back and even made a youtube video of it. So I thread the bobbin and get back to work. But I don’t get back to work. For reasons I cannot determine, the machine is not moving the material forward. If I press the reverse button, it goes back with no problem. But it won’t go forward. So I screw around with it for a while. What did I do? No idea, but the material starts to move forward slowly. (Reverse goes backwards much quicker than the material is going forward.) So I try again, but things still aren’t right, as the thread is bunching on the bottom. I remember the rule that thread problems on the top of the seam are usually due to the bobbin and problems on the bottom are usually due to the needle. So I rethread the needle and it’s just not working correctly. By and large, I have a decent amount of patience, but this drained ALL of it. I can guarantee by neighbors heard the slew of obscenties I spewed. I then decided to buy a new sewing machine and started researching them online. This gave me some time for my blood pressure to drop and to calm down.

I hate it when my tools don’t work properly. The bad thing about this sewing machine is that it was given to me and I have no manuals. But the good thing about this sewing machine is that it was given to me, so I paid nothing for it. I had thought when I spent all that time making the movie about how to thread it and practicing using it, that I had the operation down. However, now it seems like that isn’t the case. I’ve also googled all about this model and can’t really find any information on it. So I’m very much leaning toward getting a new one that I can learn how to use properly and get repaired if needed. But since I don’t really have the money right now, I’ll probably struggle along with this one for now.

RHEL7 Kickstart Problem

I’ve been trying to set up an RHEL7 kickstart script for our computers and was getting a bunch of errors about PackageKit.

PackageKit-1.0.7-5.el7.i686 requires PackageKit-glib(x86-32) = 1.0.7-5.el7
PackageKit-1.0.7-5.el7.i686 requires libpackagekit-glib2.so.18
PackageKit-1.0.7-5.el7.i686 requires libsystemd.so.0
PackageKit-1.0.7-5.el7.i686 requires libsystemd.so.0(LIBSYSTEMD_209)
gnome-packagekit-3.8.2-10.el7.x86_64 requires gnome-settings-daemon-updates

After much messing around, I found that this could be fixed by making sure no child channels were selected when setting up the kickstart file.


Here is a picture of the original error message that I got.


The Spice Rack

My brother-in-law requested a spice rack for his kitchen. And my brother sent me this link (https://www.amazon.com/Seville-Classics-3-Tier-Expandable-Organizer/dp/B001E2864K) to see if I could copy it. I knew that the rack had to hold 31 jars of spices and that each jar was basically 2 1/4″ in diameter and 3″ tall. So I figured four shelves were needed and the overall width of it should be 20 inches. I also had some maple boards in my garage that were old shelves from my condo. I figured I could split them on my table saw (which turned out to be difficult) and then cut out the pieces I needed. I’m very happy that I could use wood I already had for this, since I wasted a lot of the board when I couldn’t split it easily or evenly. I just used glue to hold everything together because the wood was pretty thin and I thought screws or nails would split it.

The first thing I did was cut out the sides, which were like a set of stairs.

The next step was to basically connect the sides.

Then I just cut pieces to be the “treads” and “risers” of the stairs. However, I don’t really have great cutting skills and I think my table saw blade wasa a bit dull AND my fence wasn’t quite square. Due to all of these, the places where the boards all met didn’t fit tightly together, as shown below.

I also screwed up by cutting the front piece on the bottom stair on the inside of the two sides, instead of covering the sides. This just looked bad.

I “fixed” all of these problems by cutting some small pieces and gluing them over the bad parts. And then because I still wasn’t sure they’d like it, I made another one out of some leftover recycled boards.

Here are the final products.



And here’s the final one my brother-in-law picked with all of his spices on it.