Menu

What is JBoss? What is JBoss Domain Management ? Install JBOSS-EAP 6.4 Start & Stop JBOSS script. Application Deployment Methods - 1. Application Deployment Methods - 2. Application Deployment Methods - 3. Multiple Instance of JBoss EAP. SSL on JBOSS EAP. WINDOWS service for JBOSS EAP. JBoss EAP 7 - DOMAIN Installation. DOMAIN DEPLOYMENT - GUI MODE. SSL on JBOSS 7.1 Admin console & Application. Apache mod_jk HTTP Connector - JBOSS AS 7.1 Apache Configure mod_proxy as load balancer (LB)- JBoss 7.1 Issue SocketTimeoutException JBoss-Remote JMX Connection (jvisualvm) Apache Mod Cluster as load balancer (LB) - JBoss 6.4 Out of space in CodeCache java.sql.SQLRecoverableException: Closed Connection sun.security.provider.certpath.SunCertPathBuilderException JBOSS EAP 6 TO 7 Migration Host Header injection on JBOSS EAP 7.2 Encrypting Datasource Passwords using Vault in JBOSS
Some useful links of IBM. WAS Installation using command line. Installing Suppliments (IHS/Plugins/WCT) command line. Uninstalling Suppliments (IHS/Plugins/WCT) command line. Installing fix-pack using command line. Profiles in WebSphere® Application Server ND. WebSphere Profiles list & Basics Commands Commands for Custom / Application server / Dmgr Profiles Creating WAS-ND Cluster using GUI MODE. Application Deployment on WAS-ND - Cluster Env. Analyze - JVM logs. What is MustGather script ? PsList to troubleshoot high CPU usage in Windows WebSphere App Server - Updating ports in existing profiles Installation Manager (IM) on non-default location Websphere Base or ND Installation using Command Install or Update FIXPACK on WebSphere 8.5.+ Install SDK 8.0 on Websphere 8.5.5.9+ using Command method. How to Create a Clone of any profiles on WAS. Installation Manager (IM) on non-Administrator user. WebSphere Application Server 7.0.0.X & FIXPACK install / Update on the non-default location. WebSphere ND Migration 7.0 to 8.0 / 9.0 IBM WebSphere 9.0.0.0 and IHS (IBM HTTP SERVR) Installation with Fixapck using Command Line (non-root) user
Configure IHS (IBM HTTP Server) with WAS 8.5.X.X. Multiple IHS in front of WAS (On Single Install). Monitor IBM HTTP Server connections. Self-signed Cert using ikeyman tool. Self-Signed Cert using command line. Decrypt Stash File.
Apache HTTP Server HTTP STATUS CODES Apache Rewrite Rules How to configure Apache MPM. Install Apache HTTP Server 2.4.27 ver. on LINUX Apache Tomcat - 9.0.0.M21 Installation on WIN Apache mod_jk HTTP Connector - JBOSS AS 7.1 Apache Configure mod_proxy as load balancer (LB)- JBoss 7.1 Apache error : Server ran out of threads to serve requests (Windows) Apache Mod Cluster as load balancer (LB) - JBoss 6.4 Redirect traffic during maintenance httpd (Apache) Error: systemd-tty-ask-password-agent tool! SSL certificate supports Weak Ciphers How to install opensource mod_security on Apache 2.4 How to upgrade opensource apache from 2.4.39 to 2.4.46 (Minor Version Upgrade).
What is Nginx & How to install on RHEL Install Nginx plus on RHEL 7.4 / UNIX
Tomcat ghostcat vulnerability (JBoss /Tomcat) SSL certificate supports Weak Ciphers/Encoding (3DES) (Apache 2.4) SSL Medium Strength Cipher Suites Supported (SWEET32) [Tomcat Server] ETag vulnerability & X-Powered-By : jsp/2.2 Missing Security Header(x-xss-protection) & Clickjacking Disable HTTP TRACE / TRACK / OPTIONS/DELETE Method. Information disclosure through server response headers Apache-Coyote & X-Powered-By (JBoss). Local File Inclusion Vulnerabilities OR Directory traversal attack HTTP Host Header Injection (Apache 2.4) Restrict application Accessible by IP Address & HTTP Host Header Injection (Apache 2.4) Disable/Remove Server: Apache header info version (Apache2.4) TLS1.2 Protocol enable for IBM WebSphere with SSL Handshake Debug
how-to-manually-install-new-java-path SunCertPathBuilderException out of space in CodeCache for adapters What is GC , Heap Memory & Metaspace ? Types of GC , analyze GC logging and REDHAT JVM Tool. How to make datasource test-connection to Oracle / PostgreSql / MSSQL DB Instance.. How to make datasource test-connection to MSSQL DB Instance. How to make datasource test-connection to Postgresql DB Instance. How to make datasource test-connection to Oracle DB Instance. How to Check DB latency using Datasource Test-Connection.
Openssl Commands for Wildcard & SAN certificates. What is SSL, What is One-Way SSL & Two-Way SSL? Openssl Self-Signed SAN's certificate SSL certificate supports Weak Ciphers Some SSL issues (Client TLS1.2 , Truststore & SSL debug) with Solutions
Monitor Apache httpd process/thread status Monitor Apache httpd ModJK status Monitor Apache httpd Proxy balancer-manager status Monitoring of JBoss servers through Nagios.
IBM Bluemix - Free 30 Days‎ Create a IBM Bluemix Account IBM WebSphere® Application Server on IBM Bluemix Cloud.
Create a Red Hat Login Account ‎ Create a Oracle Account Download Redhat 7.3 .iso DVD file. Intallation of Linux 7.3 on (VM). Install a new java path to the alternatives. Xmanager and Set Display. Install LAMP on SUSE Linux with example
MiddlewareBox‎

Saturday 14 October 2017

Steps to Configure IHS (IBM HTTP Server ) with WAS 8.5.X.X



Step 1: Create Web server  : http://www.middlewarebox.com/how-to-create-web-server



Step 2: Generate and  propagate plug ins via console :
                              http://www.middlewarebox.com/how-to-generate-and-propagate-plug-ins



Step 3: Configure IHS (httpd.conf ) for Port 80 :
                                                           http://www.middlewarebox.com/how-to-configure-ihs



Step 4: Create New Self - Sign Certificates using ikeyman :
                                              http://www.middlewarebox.com/how-to-create-self-sign-certificate



Step 5: Configure IHS (httpd.conf ) for Port 443 and install certificates. :
                                                                  http://www.middlewarebox.com/how-to-configure


Refrence Doc : https://www-01.ibm.com/




Thanks..:-) !


Read more posts »
Posted by: at No comments:
Tags: , ,

Thursday 7 September 2017

How to create CSR using openssl with SAN details. / How to create SAN certificate using openssl.


SAN stands for Subject Alternative Name certificates and allows you to secure multiple domain names with a single SSL certificate.
SAN is used where a single server can access with multiple domain address.


Step 1: Make sure that you have openssl rpm installed in unix machine.

Command  >>  rpm -qa | grep openssl

Screenshot 1:



Step 2: If you does not have openssl tool.

Command >>   yum  install  openssl

Screenshot 2:



Since i already installed the latest version its showing nothing to do.


Step 3: Create a directory open_ssl

Command >>    mkdir   open_ssl

Screenshot 3:




Step 4: Make one file newsan.cnf and paste below commands and save.

Command >>  vi   newsan.cnf


----------------------------------------------------------------------------------------------

[req]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = IN
stateOrProvinceName = MAHA
organizationName = MiddlewareBox
commonName = www.openssltest.com
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.middbox.com
DNS.2 = www.mb.com

----------------------------------------------------------------------------------------------


Screenshot 4:




Step 5: Use below openssl command.

Command  >>   openssl req   -new -out opensslSan.csr -newkey rsa:2048 -nodes -keyout private.key -config newsan.cnf

Screenshot 5:




Step 6: Open the created xxxxx.csr

Command >>  cat  opensslSan.csr


-------------------------------------------------------------------------------------------------------

-----BEGIN CERTIFICATE REQUEST-----
MIIC0DCCAbgCAQAwUjELMAkGA1UEBhMCSU4xDTALBgNVBAgMBE1BSEExFjAUBgNV
BAoMDU1pZGRsZXdhcmVCb3gxHDAaBgNVBAMME3d3dy5vcGVuc3NsdGVzdC5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8s3Qf2d3pYrqrZc5X45ls
o7gEHKf5lY6fKkL3Q58Emg5RK6dQd+9fDwRot0KstYYPKvh2CdVQ+3kUzjGsv5Sh
VMWhocxiiHtzwD794GIl+TnvJyvp6HGuWbjEuwLvs3X6bliUgDwRtV++aIF+023G
Pt+VkVHPZYOYcYJtCg3+GS/aYvXzTFvbC9wUgLEE+/sN4M9fAR+tf7zv6zvxK1l5
KPc7tyJDZUuKc9jpSGKl8WZnJlSpRI8tFTNDmwBOe92WGPrRHEkk0SuBLRJL05G3
Eec8ZTk+Q0YRhZmkQC6C4LynkkLlaE5dvcxy+OKWgZRiWz1ercw0HJgDW5s2/wUF
AgMBAAGgOTA3BgkqhkiG9w0BCQ4xKjAoMCYGA1UdEQQfMB2CD3d3dy5taWRkYm94
LmNvbYIKd3d3Lm1iLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAeOA3KbDjHytpEKUC
SvFkbnMEEz/aeAIc6HuxM7w5t3BofQYOxua0x2sROT9chuNPp02ENG5NrMVA62ue
5IrG1Yz//i/wP+YtHdy6svu1Z2tbQkPGvppJqCuzCH5de7wGJW/04VqkHP7GAWRe
PH5wxN+6PkDSGbI7+MlLqhX3O8rCSeXQ7oqj08S3GFZ4C9gAGEjreUNQ4lOFOXev
ncvp6AU9USa9vY+SJLrtnlA4Jysnv71sxJ9/C/3g489fHrEoTxY6wx7b1c2sLwwN
8LJA76COYAhyko1eF4E6OH6bfyO3YVV4nWwCRUny8tGy5ygykFDKjPt3LgT7KjKd
ggswEQ==
-----END CERTIFICATE REQUEST-----


-------------------------------------------------------------------------------------------------------


Screenshot 6:




Step 7: Copy the above cerificate content and paste on CSR decoder website

CSR decoder link : Https://certlogik.com/decoder/

Screenshot 7-1:



Screenshot 7-2:




Step 8: Reading a CSR to determine what information it contains.


Command >>   openssl req -text -noout -in <filename for csr>

Screenshot 8:



Reference link : https://www.ibm.com/support/

Reference link : https://www.phildev.net/ssl/opensslconf.html

Reference link : Most-common-openssl-commands.html

Reference link : https://www.websecurity.symantec.com/




Thanks :-)


Read more posts »
Posted by: at No comments:
Tags: ,

Saturday 2 September 2017

How to Monitor IBM HTTP Server connections. & Get Apache Server info.


For unix user.

Step 1: Locate to /conf folder of IHS (IBM HTTP SERVER).

Screenshot 1:




Step 2: Edit the httpd.conf file.

Command >>  vi   httpd.conf


Step 3: Uncomment the mod_status.so module line

LoadModule status_module modules/mod_status.so

Screenshot 2:



Step 4: Uncomment the server-status location section and change the "allow from" to the localhost client ipaddress or domain

Screenshot 3:




Step 5: Go to the browser and check server-status.

Open URL : http://domain-name/server-status

Screenshot 4:


Step 6: For server info edit httpd.conf file  and uncoment module mod_info.so line

LoadModule info_module modules/mod_info.so

Screenshot :5





Step 7: Uncomment the server-info location section and change the "allow from" to the localhost client ipaddress or domain

Screenshot 6:




Step 8: Go to the browser and check Apache server-info

open URL : http://domain-name/server-info

Screenshot : 7




Reference Link : http://www-01.ibm.com/support/docview.wss?uid=swg21008489

Reference Link : http://www-01.ibm.com/support/docview.wss?uid=swg27035996&aid=1



Thanks :-)

Read more posts »
Posted by: at No comments:
Tags: , , ,

Tuesday 29 August 2017

How to configure SSL on JBOSS EAP 6.4 with SAN certificate.


Step 1: Locate to JBOSS /configuration folder.

 Screenshot 1:

Step 2: open standalone.xml file.  NOTE : Always take backup before doing any config. changes.

 Command >> vi  standalone.xml 


Step 3: Add below parameters for ssl configuration below connector http.

 ----------------------------------------------------------------------------------------------------------

 <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl key-alias="ssl" password="142536" certificate-key-file="/JBOSS/JBOSS1/jboss-eap-6.4/standalone/configuration/keystore.jks" verify-client="false" />
</connector>

 ----------------------------------------------------------------------------------------------------------
Where,
key-alias >> alias name of keystore.
certificate-key-file >> Pathname of the keystore file where you have stored the server certificate to be loaded.
password >> Password of a file.
verify-client >> Set to true if you want the SSL stack to require a valid certificate chain from the client before accepting a connection. (default is false).

Screenshot 3-1:

Screenshot 3-2:

Step 4 : Locate jboss /bin folder and start the jboss.

   I have made a startjboss.sh script and bind my machine IP address.

 Screenshot 4-1:

Screenshot 4-2:



Step 5: Check the application on port 8443 with IP (Default port is 8443).

 Screenshot 5 :



Step 6: Check the application on port 8443 with CN (CommanName) and SAN (Subject Alternative Name) DNS in certificate.

 Before this make entries in hosts file of machine.

 Command >> vi    /etc/hosts
Screenshot 6-1:

Step 7 : Check the application using Common Name (CN).

 Screenshot 7-1:

Check the application using SAN-DNS.

 Screenshot 7-2:

 Screenshot 7-3:

 Step 8 : To hide port 8443 , change the Port  from 8443  to  443  in standalone.xml  and restart the jboss.

 Screenshot 8-1 :



Step 9: Check the application using Common Name (CN).

 Screenshot 9 :


Refrence link :  https://docs.jboss.org/jbossweb/7.0.x/config/ssl.html
Refrence link :  https://access.redhat.com/solutions/209023
Refrence link :  https://access.redhat.com/solutions/172203


Link to create self-signed  certificate  http://www.middlewarebox.com


Thanks :-)


Read more posts »
Posted by: at No comments:
Tags:

How to create Self-signed certificate and CSR using java keytool with SAN details. OR How to create SAN certificate with java keytool.



SAN stands for Subject Alternative Name certificates and allows you to secure multiple domain names with a single SSL certificate.

SAN is used where a single server can access with multiple domain address.

SAN : Through san you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate.


Step 1: Make sure you have installed java in our machine.

Command >> java -version

Screenshot 1:



Step 2: Find installed java location.

Command >>  find  / -name java

Screenshot 2:




Step 3: Locate to /bin folder of java.

Screenshot 3:




Step 4: Use below command to generate java keystore and self-signed certificate.

Command >>  ./keytool -genkey -alias ssl -keyalg RSA -keystore keystore.jks -keysize 2048 -ext SAN=dns:uat.middbox.com,dns:uat.MB.com

Where,  keytool >> Java Keytool is a key and certificate management utility.
       -genkey  >> Generate SSL certificates and certificate requests
  -alias   >> Name given to the certifiacte.
  -keyalg  >> Algorithm to be used in certificate.
  -keystore >> SSL cert to be store in file.
  -keysize  >> RSA key size 2048 ( Certificate authorities will not sign csrs less than 2048 bits in size so you should generate your csr to be 2048 bits. )
  -ext      >> Extension attribute to provide dns and email details its optional to the certificate .


Screenshot 4:




Step 5: Use below command into keytool to create a CSR using existng keystore.jks.

Command >>  ./keytool -certreq -alias ssl -keystore keystore.jks -file MiddBox.csr -ext SAN=dns:uat.middbox.com,dns:uat.MB.com


       -certreq  >> Generates a certificate request
       -file     >> CSR to be store in file.

Screenshot 5:


 

Step 6: Check which certificates are in a Java keystore available.

Commmand >> ./keytool -list -v -keystore keystore.jks

Screenshot 6:




Step 7: Check generated CSR using online CSE decoder website https://certlogik.com/decoder/ .
           

Command >>  cat MiddBox.csr

Output :

-------------------------------------------------------------------------------------------------

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIDEDCCAfgCAQAwczELMAkGA1UEBhMCSW4xDDAKBgNVBAgTA01haDEMMAoGA1UE
BxMDTXVtMRAwDgYDVQQKEwdNaWRkYm94MRYwFAYDVQQLEw1NaWRkbGV3YXJlQm94
MR4wHAYDVQQDExV1YXQubWlkZGxld2FyZWJveC5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCu1mxQDADQvRxBFYPkJ7GxcYTPIATqElOXgxX8E03A
FNUzPROplCr4UgcCUXo6LUMJGr/oPTlIzSyizMSYt4YSlti8Uw0AjLcai/EcgHOI
9Nu6Xm7A8KSd1gZJZuIdAj9HfoNbGmQvjATvYwYgdSdtkMpxwwk46tcALnDJwTIB
IWYY3eQC660BwrOOvjq8fqTLYrDhRlzhBMjFuqAd7sqQO2W5tMwrlYUZ6NoLVYHH
Uu5kej+axdQb4Q7kl7ULwaCtImrfGqJq8zM0/i/Qu/xPAydO8vopscI+fjJvJ3ix
a5ExHu0jKGJOcvlcizFxbYJiqy0502g+gAd+38bMr6HRAgMBAAGgWDBWBgkqhkiG
9w0BCQ4xSTBHMCYGA1UdEQQfMB2CD3VhdC5taWRkYm94LmNvbYIKdWF0Lk1CLmNv
bTAdBgNVHQ4EFgQUsW0GTWPc1w+S8oE9JPSUVV3eH4kwDQYJKoZIhvcNAQELBQAD
ggEBAGnRc3lshhh0zjkEmJdFJTEZx/XYc8ZMhLhpGAnGjCZVxWMnPJzd0O0Ayzyy
dyMM+C0rWefMEsZKUE4kQufycUigVVfohhze9XyL0+eCFznqUpBkF4eFKh4qetOr
ww9KpjA0vMCmhEFtwfd5BfS6+a/sMKLypVQDEGnAH1dMEfjUdkvNo72OwX25dIOC
oDTyzuX+BqDk99j52JQESmd7AIV2FbeszmURCCFHmds8bcopvtS3y1fsnwztS0OQ
mas/zbX3vgmR7Cx5Ac9QxreDx34G+9UM5Wo1vykc98R6uSbDPJOe0gyPDsa9Nt3C
A3UyYiiLX45YLq8LqLQtf2XH6t8=
-----END NEW CERTIFICATE REQUEST-----


-------------------------------------------------------------------------------------------------

Copy above encrypted code and paste into https://certlogik.com/decoder/


Screenshot 7-1:




Screenshot 7-2:



Screenshot 7-3:





Reference link : https://www.sslsupportdesk.com/java-keytool-commands/
Reference link : https://www.sslshopper.com/what-is-ssl.html
Reference link : https://www.digicert.com/ssl/
Reference link : https://www.websecurity.symantec.com/



Thanks :-)




Read more posts »
Posted by: at No comments:
Tags:

Monday 21 August 2017

How to Install Apache HTTP Server 2.4.27 Latest Version on LINUX machine



Step 1: make one directory APACHEWEB [in my case].

Command >> mkdir APACHEWEB



Step 2: Locate to APACHEWEB directory use below command to downlaod Apache HTTP Server 2.4.27.

Command >> wget http://redrockdigimark.com/apachemirror//httpd/httpd-2.4.27.tar.gz

Screenshot 2-1 :
 

OR

Download from this link  https://httpd.apache.org/download.cgi#apache24

Screenshot 2-2:





Step 3 : Change the permission to this directory

Command >> chmod -R 755 /APACHEWEB

Screenshot 3:




Step 4: Following requirements you need to be complete.

Refrence link : https://httpd.apache.org/docs/2.4/install.html

Screenshot 4:




Step 5: Extract this httpd-2.4.27.tar.gz

Command >> tar -xvzf httpd-2.4.27.tar.gz

Screenshot 5:




Step 6: locate to /APACHEWEB/httpd-2.4.27/srclib  , since no pre-libraries are there ,so we have to downlaod libraries.

Screenshot 6:



Step 7: Let's complete this requirements execute below commands on lcation /APACHEWEB/httpd-2.4.27/srclib directory :

      7-1 : Download  Apache Portable Runtime (APR) and Apache Portable Runtime (APR-Util) Utility 1.6.0 :

  Command for APR >> wget http://redrockdigimark.com/apachemirror//apr/apr-1.6.2.tar.gz

  OR

  Download Link : http://apr.apache.org/download.cgi

  Screenshot 7-1:




  7-2: Download Apache Portable Runtime (APR-Util) Utility 1.6.0 :

  Command >> wget http://redrockdigimark.com/apachemirror//apr/apr-util-1.6.0.tar.gz

  OR

  Download Link :  http://apr.apache.org/download.cgi

  Screenshot 7-2:




Step 8 : Extract this APR and APR Util.


8-1: Extract  apr-1.6.2.tar.gz

Command >>  tar -xvzf apr-1.6.2.tar.gz

Screenshot 8-1:




8-2: Extract apr-util-1.6.0.tar.gz

Command >>  tar -xvzf apr-util-1.6.0.tar.gz

Screenshot 8-2:




Step 9: Rename  apr-util-1.6.0 and apr-1.6.2 version info.

Command >> mv apr-util-1.6.0   apr-util

Command >>  mv  apr-1.6.2    apr

IMP NOTE : After rename please move "apr-util"  & "apr" to "/APACHEWEB/httpd-2.4.27/srclib"


Screenshot 9:




Step 10 : Also make sure this rpm are intsalled on LINUX machine before installation.

Command >>  yum install pcre-devel

 Screenshot 10-1:



Command >>  yum install openssl-devel

 Screenshot 10-2:



Command >>  yum install expat-devel

 Screenshot 10-3:



Command >>  yum install gcc 

 Screenshot 10-4:




Step 11 : Once again change the permission.

Command >>  chmod -R 755 /APACHEWEB

Step 12: locate  to /APACHEWEB/httpd-2.4.27 and use below commands.

Command >>  ./configure --with-included-apr   --prefix=/APACHEWEB/HTTPDWEB2.4 --enable-ssl --enable-so

Where,


--with-included-apr=Apache Portable Runtime (APR) and Apache Portable Runtime libraries on location srclib
–prefix=Provide location where you need to install apache ,  /APACHEWEB/HTTPDWEB2.4 in my case
–enable-ssl this will compile apache with SSL enabled so can secure apache web server with SSL cert.
–enable-so

others sonfiguration options :-
   
"./configure" \
"--enable-so" \
"--enable-proxy" \
"--enable-proxy-http" \
"--enable-proxy-balancer" \
"--enable-rewrite" \
"--enable-proxy-ajp" \
"--prefix=" 

 Screenshot :




Step 13 : on same location /APACHEWEB/httpd-2.4.27 use  below commands.

Command >> make 

Screenshot 13:




Step 14 :  on same location /APACHEWEB/httpd-2.4.27 use  below commands.

Command >> make install

Screenshot 14 :





Step 15 : locate to /APACHEWEB/HTTPDWEB2.4  where  new installation of   httpd server  has done. [--prefix=/APACHEWEB/HTTPDWEB2.4 ]

Screenshot 15:




Step 16: locate to bin directory of installed httpd server 2.4  and start the server .

Command >> ./apachectl  -k start

Screenshot 16:




Step 17: Now, check through browser.

Screenshot 17 :




Step 18 : For  Reference doc use below link

                https://httpd.apache.org/docs/2.4/    
                https://httpd.apache.org/docs/2.4/install.html
                http://httpd.apache.org/docs/trunk/programs/configure.html





Thanks..! :-)








Posted by: at No comments:
Tags: , ,
Subscribe to: Posts (Atom)