Dealing with Cheap SSL Certificates

I lost too much of a day to this.  You should not!

We have a wild card CSR generated using openssl.  I needed it to be used within Java, so hoops needed to be jumped through.

The service we used was namecheap.com who uses comodo.com as their certificate service.

I received 4 files.  The private key, my wildcard certificate, an intermediary trust store and the root trust store.

Here was the saving grace for how to use openssl to combine the public and private key so keystore will create a acceptable cert.

http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i

Here is the recipe:

• cat my_public_key.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt  > all.crt
• openssl pkcs12  -export -in all.crt -inkey my_private.key  -out server.p12 -name fisheye -CAfile PositiveSSLCA2.crt -caname immed
• /usr/java/latest/bin/keytool -importkeystore -deststorepass PASS -destkeypass PASS -destkeystore server -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass PASS -alias fisheye

When you concatenate the certs, go from most site specific to most general. Order does matter.

I use the same password for everything.  I know different passwords can be used for some of the parameters. comment below with info on this.  It will be appreciated.

Once I installed my certificate I use the following tool to validate my certificate: Digicret SSL Installation Diagnostics – Check SSL Certificate – http://www.digicert.com/help/

This tool makes it obvious of your installed something wrong, or the trust chain is wrong, or if something is expired. It is a great tool.  This tool itself is worth supporting these guys and getting your certs from them. The one I used was out of my hands.

One more things, a wildcard is really only for one level. If the cert *.example.com. Then http://www.example.com works, but  this.that.example.com will not be correctly validated.   You need a cert for this.that.example.com or *.that.example.com

I hope I save you some fustration over this issue.

 

 

 

 

 

Mission 13 – Pacificon, October 13

QST   QST   QST…

Parachute Mobile Skydiving QSO jump!

Parachute Mobile is a unique way of combining two great hobbies; skydiving and amateur radio.  Our skydivers will jump from 13,000 feet and once they have deployed their parachutes they will make contacts (QSOs) with as many hams as possible.  The Drop Zone will be at Byron Airport where we have had great success in the past. 

Date: October 13, 2012.  This will be our 13th mission and we are proud to be a scheduled event during Pacificon.  Conventioneers are encourage to make a QSO with the skydiver and to come by our display table to learn more about our projects.  Forgot your HT?  No problem, go to the San Ramon Comm Van to make a QSO.

Jump Times:  The first jump is scheduled to occur around 1200 hrs and approximately each hour thereafter.  We don’t have control over the aircraft or weather so times may change.  We hope to make 4 jumps.

QSOs with the Jumpers will be on 146.430 simplex with an alternate of 147.570 simplex

“Jumper 1” and “Jumper 2” will be fitted with APRS that will transmit location and altitude as well as biotelemetry data, which includes SpO2 (blood oxygen saturation) and heart rate.  Look for AF6IM for Jumper 1, and KF6WRW for Jumper 2 on your favorite APRS web site.  No SSID required.

We will also be streaming live video from the Drop Zone (DZ).  Log into justin.tv/mfwright or come by the display table to watch the action unfold.

QSTs and updates will be made on:

W6CX Repeater (Mount Diablo), 147.060+ 100

N6NFI Repeater (Stanford), 145.230- 100

SARA Repeater (Mt Oso), 145.390- 136.5 (Central Valley)

LPRC Repeater (Loma Prieta), 146.640- 162.2 (Coastal Region)

Special Event QSL cards will be available.

Hear the action, make a QSO!

Note: This event is subject to weather conditions and there is always the possibility the event could be canceled.  But you can still visit with us at our display table at Pacificon.

Time for a Change

I was one of the lucky ones at OnLive. I was laid off yesterday. A few of us have been talking for a while that it was time to look for new opportunities. But the rumors of an “event” had been around for quite a while. Many of us were fully vested in our options. Dreams of Teslas were dancing in our heads. In July that went away and Mohogany row closed up like nothing I’ve ever seen before. We got one or two business as usual talks. Although I knew licenses for tool were not being renewed. Then the 2×4 upside our heads yesterday.

In one announcement it all went away. Jobs gone. Options and common stock gone. The company still intact according to the PR machine. According to dozens of us who where packed up and downing bottles of tequila at The Patio, it was gone. Two days pay and our PTO balance. I guess legal figured out how to get around or ignore the California WARN act.

I got the kick in the ass I needed. I had updated my resume on linkedin a week ago. So I was partially prepared. I sent out messages to friends and contacts. Posted status on Linkedin, G+, facebook and twitter.

So now I need a routine. Can’t spend the day in PJ’s watching star trek. I could, but I won’t. Gotta love netflix. Deep Space 9, I’m at the end of season three.

I’ll start selling the crap on ebay I have not made time to do. If you collect pre-2004 schrade knives, morse code keys or slides rules, keep an eye out.

Finally have the time to dig into AWS API’s. Considering in build and release I know Atlassian has it’s hooks in to many places. Their APIs suck unless you learn groovy. Re-polish those JAVA skills again. Learn puppet and get a handle in GIT from an admin point of view.

Finally get to rework the python script I wrote to turn APRS DATA into a KML file to display in Google Earth a little TLC.

This should keep me busy. The advantage this time is that I can let people see code. Guthub is a good thing. I can spin up instances to demo what I’ve been playing with.

I know I prefer build & release or automation and tools. Either causes you to have the big picture in engineering. Which leads to finding more interesting wide scope projects.

Moving Hosting Services

After years of using jumpline, I’m moving into the cloud.
I host 3 domains and I’ll be moving from the standard cpanel stuff to a raw machine. I setup ipTables and apache.

The cost is the same. But the convenience is greater.

The advantage of this scheme is I can easily bring up a copy play, make changes and delete the VM when I’m done.

Plus I might even earn back my sysadmin merit badge again.

Crash – boom – totaled

My last post was how bad Palo Alto drivers are.  Well now I have physical proof.  I was on my way to work, Monday June 13 at about 11:15AM, stopped  on University south bound, 1 1/2 blocks north of Middlefield. I looked up and had just enough time to think “OH SHIT!!!”

A kid in her step mom’s Volvo SUV hit me at about 20MPH.  I felt  like a I was in a pinball machine.  Bang! she hit me. Bang! I was knocked into the truck in front of me. Bang! I bounced back into the Volvo.

I got out of the car and and saw her air bags deployed. She was fine.  Airbags makes it smell like the car is on fire. Especially with the smoke coming from them.  I told her to get out of the car since I did not realized the airbags caused the smell.  The truck in front, he seemed fine.  I did not realize there was another car in front of him.

 

These days the first thing you do is pull out the cell phone to call police, insurance, AAA…  Well, my iphone died that night before. I was without a means of communications. AAAAAAAAH.  Felt a bit helpless.   I was going to stop at the apple store to get a new phone before I went to work.

She admitted she was at fault.  She lent me her phone.  From  the text messages on the screen, I know what she was doing.  So, yeah, don’t text and drive.

The guy in front said “he thinks he blacked out for a moment”. His bumper was not hit that hard.  So, good luck collecting.

Cops showed up. Collected everyone’s info to file the report.

The tow truck comes and wants to take me to Redwood City.  I said no. Since I had no phone I had to get him to call my mechanic to get a local body shop.

I get it over there, then get a cab home. It is almost $5 per mile in traffic.  Between waiting at traffic lights and $3/mi.

I definitely did not feel myself for a couple of hours. I little shaky. I little shock never hurt anyone?

I relaxed for an hour, called insurance, work and arranged a rental.

Then I drove back to the auto body place, pulled most of my crap out of it.  Jumped over to parrot cellular and got the new phone. Talked to the insurance company .

Now, you would think that since both myself and the girl that hit me are both with State Farm things would be simple.  NOOOOO.  For privacy and protection, they had to have a team assigned to her and another assigned to me.

So to get things to running, I opened a case knowing I’d have to get the car rental and my deductible from them, possibly even having to go to small claims to get it.  They are supposed to be adversarial.

I open the case off my insurance Tuesday to get things rolling.

A Thursday I find out I have $12,000 in damage.  They won’t say it, but I think totaled after seeing kelly blue book pegs my car at $12k-$15k.

I do some searching on line.  It has been over 6 years since I’ve looked at cars.  To replace my highlander with a new one is about $38,000.  OY. Not ready for those payments.

I look for a used car for the first time in over 30 years.   I find that the price range for cars with up to 70k miles are 2006-2009 is mid-20s.  I look at  certified preowned cars and look at their carfax report online.  Found a couple one owner cars with the full maintenance record at Sunnyvale Toyota.

I went over Saturday afternoon and looked. Explained the situation. Mostly making sure he understood I was just kicking tires since I did not yet know if the car was totaled. He had no issue.  One Highlander was sold, but the other was on the lot.  I liked it, great shape, clean and 50k miles.  I told the salesman, Socrates, that I was willing to look at tacomas and 4runners as well.  I also gave him my ceiling price out the door. We looked at a couple.  I don’t like leather.  I don’t need 4wd.  He showed me a 2008 4runner with 20k miles.  I liked it.  We went inside and I saw what certified pre-owned means.

It means a 3rd party checked the car and filled out a form.  Then the sales manager and service manager sign off on the form.  And, I get a 12k mi/12 month warranty as well and any outstanding warranty from the vehicle.

An hour later I all but own the car.  They will hold it for me until Tuesday.

Now trying to get a final word from State farm on the fate of the car.  I called Friday to get a status update.  No one calls me back.  I call Monday, 6/20,  and find they are waiting for a salvage estimate.  Tuesday I call again. we talk and they say they will total the vehicle.  Even though I did not want car payments, I was afraid the car would come back and not drive the same.

So, I tell my boss I’m taking the day to get the car. I go pickup the car, ‘borrowing’ from my self until the insurance check comes in.  I’m out of there an hour later.  I go to work. 8 days later and the vehicle is replaced.

Fedex package comes Wednesday from state farm. Check is received Tuesday 28th.

I don’t pick up the check until and deposit it until  Saturday 7/2.  On Tuesday my neck goes out like it hasn’t in years.  I get to the chiropractor on Tuesday the 28th and get an adjustment.  Does not help. But I can’t move my head enough to go back until Thursday morning.  For 2 days I could move my head yes, but not much other motion.  Friday I’m fine, but don’t want to drive since you really do move your head around a lot when driving.

The question, can a soft injury like this really be connected to the accident 2 weeks before?  I kinda don’t think so.  I’m sure there are some schiester ambulance chasers that might be reading this and salivating.

In the meanwhile, 3 weeks, 4 vacation days, a new loan, a newish truck and a stiff neck and I think it is all done.

I hope it is done.  The last time I was in an accident, the person in front of me sued everyone, even though a cop showed up on scene before me moved our cars and did not cite me. That freaked me out. I had never been sued, I was served on a Friday evening when I got home. I had no one to call to find out what was supposed to happen.  End result, state farm hired a lawyer. After a few months, then lawyers got her to settle for 8K from each party.  I was reading monthly report from the lawyer.  I got a letter from state farm stating they treated as a nuisance case and would not raise my rates.

So I hope in 2 years I don’t get served again for this one and have to deal with bullshit when I was not at fault.

So, interesting life experience over.    Not one I recommend to anyone.

I hope life lets me do with this one I was planing to do with the highlander, drive for 10 years.

Palo Alto, CA – Must be “Bad Driver Day”

Today from my exit at 101 onto university Ave until I parked at the garage off University I saw numerous  bad driver actions. Much more than  usual.

University is a one(1) lane road.  While waiting at a light, 2 motorcycles and 1 car drove down the shoulder and  bike lane for almost a full block in because they were inpatient.

One person almost hit a couple of people walking in a cross walk.

In the garage someone just had to park in a space on the left.  Just had to back up to get to that space.  To the right there were a dozen open spaces.  Maybe the car can only make left hand turns?

When I parked I noticed someone with no depth perception only pulled halfway into the parking space.  I guess a wall 5 foot away was looking like it was getting realllly close.

Maybe chalk it up to Cinco de Mayo hangovers?

I do not understand the Rails Gems GIT Philosophy

In this train wreck of rails gems, there is plenty of confusion.   I blew off enum-columns not realizing I was not supposed to blow off enum_columns. Package naming conventions would be nice.  You guys ever hear about CPAN, or linux RPMs?

What about this crap where someone creates a package. Gets bored, or finds a job and drops the package. Then someone branches the package, fixes a few bugs, then all of a sudden, we have the joeblow-package.  If we are lucky, the original author of package adds a note about joeblow-package, or god forbid, takes the fixes and we don’t have to care about joeblow-package anymore. Or even better, finds a new maintainer.

But that does not seem to happen. It’s a fucking free for all where people don’t have to play nice.  Just create your own branch off a package. The bored or fully employed original gem owner never tries to suck in your branch. Then you can have your own version of a gem that works for you.  We are the users trying to get a job done without reinventing the hammer wasting a day figuring out which branch of which gem we should be using.

If you don’t care anymore, change the readme and make it clear that the project is dead. Or see if one of the people who created branches has the wherewithal to take over as maintainer of the gem.  I know old school. Nobody maintains shit anymore. Dump and go.

I’ve been paid to write code in Java, Perl, Python, PHP and not RAILS. I have seen my share of well maintained and poorly maintained libraries. Ruby is tipping the scales in the wrong direction.

People bitch about Perl.  RAILs, isn’t it just object oriented Perl? Lots of opportunity for unmaintainable  obtuse code.  But it is object oriented

Why is it I find I only blog when I have to let off some steam. Yes today was spend getting a solid package for dealing with database enum fields and foreign keys in my migrate scripts under Rails 3.