Menu

What is JBoss? What is JBoss Domain Management ? Install JBOSS-EAP 6.4 Start & Stop JBOSS script. Application Deployment Methods - 1. Application Deployment Methods - 2. Application Deployment Methods - 3. Multiple Instance of JBoss EAP. SSL on JBOSS EAP. WINDOWS service for JBOSS EAP. JBoss EAP 7 - DOMAIN Installation. DOMAIN DEPLOYMENT - GUI MODE. SSL on JBOSS 7.1 Admin console & Application. Apache mod_jk HTTP Connector - JBOSS AS 7.1 Apache Configure mod_proxy as load balancer (LB)- JBoss 7.1 Issue SocketTimeoutException JBoss-Remote JMX Connection (jvisualvm) Apache Mod Cluster as load balancer (LB) - JBoss 6.4 Out of space in CodeCache java.sql.SQLRecoverableException: Closed Connection sun.security.provider.certpath.SunCertPathBuilderException JBOSS EAP 6 TO 7 Migration Host Header injection on JBOSS EAP 7.2 Encrypting Datasource Passwords using Vault in JBOSS
Some useful links of IBM. WAS Installation using command line. Installing Suppliments (IHS/Plugins/WCT) command line. Uninstalling Suppliments (IHS/Plugins/WCT) command line. Installing fix-pack using command line. Profiles in WebSphere® Application Server ND. WebSphere Profiles list & Basics Commands Commands for Custom / Application server / Dmgr Profiles Creating WAS-ND Cluster using GUI MODE. Application Deployment on WAS-ND - Cluster Env. Analyze - JVM logs. What is MustGather script ? PsList to troubleshoot high CPU usage in Windows WebSphere App Server - Updating ports in existing profiles Installation Manager (IM) on non-default location Websphere Base or ND Installation using Command Install or Update FIXPACK on WebSphere 8.5.+ Install SDK 8.0 on Websphere 8.5.5.9+ using Command method. How to Create a Clone of any profiles on WAS. Installation Manager (IM) on non-Administrator user. WebSphere Application Server 7.0.0.X & FIXPACK install / Update on the non-default location. WebSphere ND Migration 7.0 to 8.0 / 9.0 IBM WebSphere 9.0.0.0 and IHS (IBM HTTP SERVR) Installation with Fixapck using Command Line (non-root) user
Configure IHS (IBM HTTP Server) with WAS 8.5.X.X. Multiple IHS in front of WAS (On Single Install). Monitor IBM HTTP Server connections. Self-signed Cert using ikeyman tool. Self-Signed Cert using command line. Decrypt Stash File.
Apache HTTP Server HTTP STATUS CODES Apache Rewrite Rules How to configure Apache MPM. Install Apache HTTP Server 2.4.27 ver. on LINUX Apache Tomcat - 9.0.0.M21 Installation on WIN Apache mod_jk HTTP Connector - JBOSS AS 7.1 Apache Configure mod_proxy as load balancer (LB)- JBoss 7.1 Apache error : Server ran out of threads to serve requests (Windows) Apache Mod Cluster as load balancer (LB) - JBoss 6.4 Redirect traffic during maintenance httpd (Apache) Error: systemd-tty-ask-password-agent tool! SSL certificate supports Weak Ciphers How to install opensource mod_security on Apache 2.4 How to upgrade opensource apache from 2.4.39 to 2.4.46 (Minor Version Upgrade).
What is Nginx & How to install on RHEL Install Nginx plus on RHEL 7.4 / UNIX
Tomcat ghostcat vulnerability (JBoss /Tomcat) SSL certificate supports Weak Ciphers/Encoding (3DES) (Apache 2.4) SSL Medium Strength Cipher Suites Supported (SWEET32) [Tomcat Server] ETag vulnerability & X-Powered-By : jsp/2.2 Missing Security Header(x-xss-protection) & Clickjacking Disable HTTP TRACE / TRACK / OPTIONS/DELETE Method. Information disclosure through server response headers Apache-Coyote & X-Powered-By (JBoss). Local File Inclusion Vulnerabilities OR Directory traversal attack HTTP Host Header Injection (Apache 2.4) Restrict application Accessible by IP Address & HTTP Host Header Injection (Apache 2.4) Disable/Remove Server: Apache header info version (Apache2.4) TLS1.2 Protocol enable for IBM WebSphere with SSL Handshake Debug
how-to-manually-install-new-java-path SunCertPathBuilderException out of space in CodeCache for adapters What is GC , Heap Memory & Metaspace ? Types of GC , analyze GC logging and REDHAT JVM Tool. How to make datasource test-connection to Oracle / PostgreSql / MSSQL DB Instance.. How to make datasource test-connection to MSSQL DB Instance. How to make datasource test-connection to Postgresql DB Instance. How to make datasource test-connection to Oracle DB Instance. How to Check DB latency using Datasource Test-Connection.
Openssl Commands for Wildcard & SAN certificates. What is SSL, What is One-Way SSL & Two-Way SSL? Openssl Self-Signed SAN's certificate SSL certificate supports Weak Ciphers Some SSL issues (Client TLS1.2 , Truststore & SSL debug) with Solutions
Monitor Apache httpd process/thread status Monitor Apache httpd ModJK status Monitor Apache httpd Proxy balancer-manager status Monitoring of JBoss servers through Nagios.
IBM Bluemix - Free 30 Days‎ Create a IBM Bluemix Account IBM WebSphere® Application Server on IBM Bluemix Cloud.
Create a Red Hat Login Account ‎ Create a Oracle Account Download Redhat 7.3 .iso DVD file. Intallation of Linux 7.3 on (VM). Install a new java path to the alternatives. Xmanager and Set Display. Install LAMP on SUSE Linux with example
MiddlewareBox‎

Thursday 19 July 2018

Openssl Commands for Wildcard & SAN certificates.

OpenSSL is a general purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

    Required Software
  • ·         Openssl  rpm/software (Unix/Windows)
  • ·         Keytool  rpm/software (Unix/Windows)

Step 1: Create a configuration file (san.cnf) , consists certificates  details.

#########################################################

[ req ]
default_bits = 4096
prompt = no
encrypt_key = no
default_md = sha256
distinguished_name = dn
req_extensions = req_ext

[ dn ]
CN = *.MB.com
O = Advanced Travel Partners
OU = I.T.
L = Lowestoft
ST = Suffolk
C = GB

[ req_ext ]
subjectAltName = DNS: *.MB.com, DNS: MBox.com

#########################################################

where,
          default_bits         : means private key size.
          prompt                : means i will not ask for any input from user.
          encrypt_key        : means  private key will be unencrypted format.
          default_md          : means signature Algorithm (sha256RSA).

          subjectAltName   : means SAN dns. 

Screenshot:





Step 2: Generate a CSR & Private key using above configuration (san.cnf) file.

Command:
openssl  req   -new  -config san.cnf   -nodes   -keyout  MB.key   -out  MB.csr


Where,
          -config : created (san.cnf) configuration file location.
          -nodes  :  for no password prompt
          -keyout : output file name.

Screenshot:





Step 3: Now these CSR is to be share for CA certs.

You will receive thesecertificates:
  • .       Server certificate.
  • .       Intermediate certificate. 
  • .       Root Certificate.

**I have received ca-bundle & server certificate.

Where,
ca-bundle           : Contains (Root + Intermediate).
Server certificate: Is also called as main certificate or personal certificate.


**If you were using on Apache server:
Location:  $APACHE_HOME\conf\extra
File Name: httpd-ssl.conf

Below Changes done :
SSLCertificateFile   "C:\Apache2.4.33_Final\conf\ MB_com.crt "
SSLCertificateKeyFile   "C:\Apache2.4.33_Final\conf\ MB.key "
SSLCertificateChainFile   "C:\Apache2.4.33_Final\conf\MB_com.ca-bundle "


  

Step 4: Import or export  All the certificates in  .p12 format.

Command:
NOTE: Please provide new PASSWORD for a p12 file for future uses.

openssl pkcs12  -export  -chain  -CAfile  MB_com.ca-bundle   -inkey  MB.key   -in MB_com.crt  -out  MB.p12   -name  Cert_MB.com

where,
         -chain & -CA file : Ca- bundle certificate location.
         -inkey                   : key file location
         -in                         : server certificate location.
         -out                       : output  file name.
         -name                    : alias for server certificates.

Screenshot:




Step 5: Convert .p12 to JKS (keystore) format.

Command:
NOTE: Only, Add the server certificate and private key from the .p12 file to  JKS keystore.
Use same password used for p12 file.

keytool   -importkeystore    -srckeystore  MB.p12   -srcstoretype pkcs12   -destkeystore MB.jks  -deststoretype jks

Where,
          Keytool                : java utility.
         -importkeystore    : import key store file.
         -Srckeystore         : source key store file.
         -Srcstoretype        : source file type .
         -destkeystore        : output file  name.
         -deststoretype       : output file type.  


Screenshot:





Step 6: Convert JKS  to  .p12  (keystore) format.

Command:
NOTE: Only, Add the server certificate and private key from the .p12 file to  JKS keystore.
Use same password used for p12 file.

keytool   -importkeystore    -srckeystore  MB.jks    -destkeystore   MB.p12     -deststoretype pkcs12

Where,
          Keytool                : java utility.
         -importkeystore    : import key store file.
         -Srckeystore         : source key store file.
         -Srcstoretype        : source file type .
         -destkeystore        : output file  name.
         -deststoretype       : output file type.  





Step 7: Import a root or intermediate CA certificate to an existing (JKS).

 Command:
keytool  -import  -trustcacerts  -alias  root_inter   -file   MB_com.ca-bundle   -keystore   MB.jks

Where,
           -trustcacerts  : ca-bundle or intermediate file location.
           -alias             : name for certificate.
Screenshot:




Step 8: Export Private key (.pem) format from .p12  format file.

 Command:
openssl  pkcs12   -nocerts   -nodes  -in   MB.p12    -out    MB.key

Where,
          -nocerts : means only private key will be exported from file.


Screenshot:


Step 9: Export Certificates (.pem) format  from .p12  format file.

 Command:
openssl  pkcs12   -nokeys    -nodes  -in   MB.p12    -out MB.pem

 Where,
          -nokeys: : means only certificates will be exported from file.
Screenshot:

Step 10: Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key

Commands:
  • openssl req -noout -modulus -in MB.csr | openssl md5
  •  openssl rsa -noout -modulus -in MB.key | openssl md5
  • openssl x509 -noout -modulus -in  MB_com.crt | openssl md5


Screenshot:



Reference link:-
https://www.sslshopper.com/article-most-common-openssl-commands.html
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

Thanks :-)

Read more posts »
Posted by: at No comments:
Tags: , , , , ,

Monday 9 July 2018

WebSphere App Server - Updating ports in existing profiles


Step 1: Make sure your profile "Servers" and "Nodeagent" is stopped.


Step 2: Remove the federated node from the "dmgr" (deployment manager ) console.
                Command:  ./removeNode.sh

Step 3: Create a two files on /temp directive,
               
  •  appserver.props
  •  portdefs.AppSrv02.props

Where,
           appserver.props contains profiles details.
           portdefs.AppSrv02.props contains the new ports, which needs to be update.


Step 4: Take backup of existing “portdef.props” file OR backup entire profile.


Step 5: Edit file “portdefs.AppSrv02.props” and paste the existing “portdef.props with updated  ports properties

Screenshot: previous ports $WAS_HOME/profiles/AppSrv02/properties/"portdef.props"





Screenshot: updated ports on new file "portdefs.AppSrv02.props".






Step 6: Edit file "appserver.props", provide the existing profile details & "location of  new ports file".

Screenshot: "appserver.props"





Step 7: Navigate to $WAS_HOME/bin & use below command.

./ws_ant.sh  -propertyfile  /tmp/was_props/appserver.props 
-file  /IBMWAS/IBM/profileTemplates/default/actions/updatePorts.ant

Where,
           ./ws_ant.sh is for WebSphere ant script.
           - propertyfile is a location of newly  created appserver.props  file.
            -file is a location for the existing type of profiles you were using.



  Screenshot : Command




  Screenshot : Updated ports on $WAS_HOME/profiles/AppSrv02/properties/"portdef.props"




Now you have updated the new ports successfully.









Read more posts »
Posted by: at No comments:
Tags: , , ,

Saturday 7 July 2018

Apache error : Server ran out of threads to serve requests (Windows)


File name : error.log

***********************************************************************
[Wed Jul 04 13:47:24.134888 2018] [mpm_winnt:error] [pid 7676:tid 2184] AH00326: Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
****************************************************************************

Description: This above error indicates, requests from users are not getting any thread to process further.


Solution: we have to increase a worker threads on “httpd-mpm.conf” file.

#######################################
<IfModule mpm_winnt_module>
                ThreadLimit         600
                ThreadsPerChild     600
                MaxRequestsPerChild 0
</IfModule>
#######################################

  
Means,1 parent process, exactly 1 child process with many threads, threads handle requests.

The MaxClients is optimal at 200 * the count of CPU cores for the prefork mpm  &  300 * the count of CPU cores for the workermpm.





NOTE :-
If you were not using this “httpd-mpm.conf “file on apache server.
By, default it will start with its, 64 worker threads.

***********************************************************************
mpm_winnt:notice] [pid 8296:tid 372] AH00354: Child: Starting 64 worker threads.
***********************************************************************
For more info Ref link :
https://httpd.apache.org/docs/2.4/mod/mpm_common.html
https://httpd.apache.org/docs/2.4/mod/worker.html

Thanks :


Posted by: at No comments:
Tags: , , ,
Subscribe to: Posts (Atom)