Command Line Utilities {#commandline}

Linux {#linux}

Java

Containers, K8s, Cloud

Liferay

SSL, TLS, OpenSSL security

Creating a self signed certificate in one line

Creat a new certificate for 'example.com' which is valid for 365 days. The key is in server.key and the cert is in server.crt

openssl req -nodes -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -subj '/CN=example.com'

Working with PKCS12 (.pfx, .p12) certificate store

Export to PKCS12 file, certificate and key in X509 (pem) format

openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12

Import from PKCS12 to X509 (pem) format

openssl pkcs12 -in server.p12 -nocerts -nodes -out server.key
openssl pkcs12 -in server.p12 -clcerts -nokeys -out server.crt

-nodes will remove the password from the key, if you'd like to keep the password remove -nodes from the command line

Showing certificate, key information

Certificate key and CA (certificate authority) verification

openssl verify -verbose -CAfile ca.crt server.crt

If server.crt has been signed by ca.crt the output would be a simple OK

Miscellaneous

Check SMTP STARTTLS

Checking whether an smtp server support STARTTLS and dump certificate information

openssl s_client -showcerts -connect smtp.server:25 -starttls smtp

Replace ^M (0x0D) in file

sed -i 's/\r//' tomcat/conf/server.xml

HTTP readiness check with curl. This one is for Elasticsearch availability

#!/bin/bash

while [ true ]; do
  ES_STATUS="$(curl -s -w '%{http_code}' --insecure --connect-timeout 5 --max-time 10 -o /dev/null --noproxy '*' 'http://10.10.11.1:9200/_cluster/health?wait_for_status=green&timeout=5s')";
  if [ $ES_STATUS -eq "200" ]
  then
      break;
  fi

  echo 'waiting for elasticsearch';
  sleep 5;
done;

Password generation with simple shell commands

< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-16};echo;

Copy disk

dd if=/dev/sdx of=/dev/nvme0n9 bs=4096

gdisk /dev/nvme0n1

r v b