Archive
Whats up with me
If it gets to travelling by train/air, I always seem to have an adventure.
Couple of years earlier, I had to catch a train and I ran 3 floors in an indian railway station with untied-loose shoes, which were coming off and I just got on the train…a running train. How I drove to the train station? I drove like a maniac.. hapahazardly… It was just unbelievable…
The other time, I was travelling from New jersey to California. That was an absolute joke. The adventure included…me throwing the tickets into garbage, taxi driver driving ultra slowly and liking me very much. He was insisting on how he loved india…and stuff.. and me calling my HR to move my car the same day and pissing him off..and then calling my friend to check my mail to gimme my ticket number…and then at the airport the driver wudnt let me go…he still was singing praises of indian-american love. and then I am like 40 mins into checkin…cool me, I keep shampoos and toothpaste in my carry baggage… how stupid can one get? I am then scanned and I was sure..my flight is gone.. But somehow…panting and emotionally drained, I do make it ..phew..
Then, from SFO to Vegas.. Same thing, I almost miss my flight… I assume 101 at 5am will be empty….Nooo..it never sleeps.
and what takkes the cake??
My trip back to india.. this is just begining for sure. Everything is calm..I dont seem to miss anything…blah blah… but, this was just the calm before the storm….
I have my luggage weight checked.. oh before that..let me explain the ticket thingy… My first itieneray is to start at SFO on 27th 2pm and land in Singapore at 1:05am and then flight to hyderabad at 900pm!! and land in hyd at 1100pm..thats whole 20hours. I ask my agent to get it changed and the best medicine for whiners is to give a worse itinery and thats precisely what I get. I get 8 hours wait in singapore and 8 hours wait in chennai. chennai? what the hell was I gonna do in chennai? I just asked my agent to revert back to the first plan. and so we are at the airport at 1100am sharp.. and I am begining to sound impressed with myself. I show my travel sheet I get and bang.. I am not on record. The ticket number I gave was void! I start to sweat. He asks me a ticket number, which I dont have. Thankfully, I have a friend with me to help me out. I call out my boss, just to inform him that I am missing my flight. His piece of suggestion : Dude, you are screwed. My I94 expires on 30th june. I am like…Gee, thx mate, That was of real help. I get back in line to check if I can persuade the airlines to help me out. Meanwhile, my friend call an emergency number of the american express travel agent. (btw, my agent doesnt work on weekends). And fortunately, she gives ur the ticket number! Phew! You would think so.. but it doesnt end. The ticket is invalid too, and back to sweating. My friend then calls the agent to tell her this, and then she talks to the manager and they resolve the issue. Air india didnt update my chnaged ticket info. I mean, what was void was SFO to singapore. I did have a ticket from Singapore to hyderabad.
I had to buy a daypass.. so thought lets just write an adventure story. This time it was almost real!! almost missed the flight again.
But again, whats the fun in have a normal boarding? eh?? đŸ˜‰
How to run multiple instances for jboss
Multiple instance for JBoss
1. Do IP Aliasing..
Check it out..
2. Use Service Binding Manager
http://www.jboss.org/community/wiki/ServiceBindingManager
When you create multiple server configurations of JBOSS, the way to stop any one of them would be :
first step is to modify the server/xxx/conf/props/jmx-console-users.properties file to add one or more user/password entries. Then, after restarting the app server, you can stop it by running:
./shutdown.sh -S -s hostname:1099 -u user -p password
JBOSS classloader thing for WAR’s
WAR Loader : The WAR Loader is a servlet container specific classloader that delegates to the Web ENCLoader as its parent class loader. The default behavior is to load from its parent class loader and then the WAR WEB-INF classes and lib directories. If the servlet 2.3 class loading model is enabled it will first load from the its WEB-INF directories and then the parent class loader.
SSL on JBOSS
Steps to set up SSL on JBOSS
1. Create new keystore
keytool -genkey -alias JBossAAAServer -keyalg RSA -keystore .keystore
Enter keystore password: XXXYY
What is your first and last name?
[Unknown]: AAAServer
What is the name of your organizational unit?
[Unknown]: YY
What is the name of your organization?
[Unknown]: XXX
What is the name of your City or Locality?
[Unknown]: SSSS
What is the name of your State or Province?
[Unknown]: SSSS
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=AAAServer, OU=YY, O=XXX, L=SSSS, ST=SSSS, C=US correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):
2. Generate CSR and send it to Verisign.
keytool -certreq -keystore .keystore -alias JBossAAAServer -file jbossAAAserver-csr.csr
Enter keystore password: XXXYY
@abc>cat jbossAAAserver-csr.csr
—–BEGIN NEW CERTIFICATE REQUEST—–
—–END NEW CERTIFICATE REQUEST—–
3. Import root and intermediate into keystore(You get this from verisign)
/Users/abc/keystorejboss@abc>keytool -import -alias root -keystore .keystore -trustcacerts -file trialrootcer.cer
Enter keystore password: XXXYY
Owner: CN=VeriSign Trial Secure Server Test Root CA, OU=”For Test PurYYes Only. No assurances.”, O=”VeriSign, Inc.”, C=US
Issuer: CN=VeriSign Trial Secure Server Test Root CA, OU=”For Test PurYYes Only. No assurances.”, O=”VeriSign, Inc.”, C=US
Serial number: —
Valid from: Tue Feb 08 16:00:00 PST 2005 until: Sat Feb 08 15:59:59 PST 2025
Certificate fingerprints:
MD5: —
SHA1: —
Trust this certificate? [no]: yes
Certificate was added to keystore
/Users/abc/keystorejboss@abc>keytool -import -alias intermediateca -keystore .keystore -trustcacerts -file trialintercer.cer
Enter keystore password: XXXYY
Certificate was added to keystore
/Users/abc/keystorejboss@abc>keytool -import -alias AAAServerMain -keystore .keystore -file
.keystore jbossAAAserver-csr.csr trialcertificate.cer trialintercer.cer trialrootcer.cer
/Users/abc/keystorejboss@abc>keytool -import -alias AAAServerMain -keystore .keystore -file trialcertificate.cer
Enter keystore password: XXXYY
Certificate was added to keystore
4. Add the trial certificate to the keystore too.
@abc>keytool -import -trustcacerts -alias JBossAAAServer -keystore .keystore -file trialcertificate.cer
Enter keystore password: XXXYY
Certificate reply was installed in keystore
/Users/abc/keystorejboss@abc>keytool -list -keystore .keystore
Enter keystore password: XXXYY
Keystore type: jks
Keystore provider: SUN
Your keystore contains 4 entries
intermediateca, Feb 3, 2009, trustedCertEntry,
Certificate fingerprint (MD5): —
AAAservermain, Feb 3, 2009, trustedCertEntry,
Certificate fingerprint (MD5): —
root, Feb 3, 2009, trustedCertEntry,
Certificate fingerprint (MD5): —
jbossAAAserver, Feb 3, 2009, keyEntry,
Certificate fingerprint (MD5): —
5. Copy it to JBOSS Config folder.
@abc>cp .keystore /jboss-4.2.2.GA/server/default/conf/
6. Pray to god it works.
Back to certificates
Geez, Its so confusing. Everything here is copied from the sun sites. I just picked up the needed info.
Digital Certificate: A certificate is signed by one entity, the issuer, to vouch for the fact that the enclosed public key is the actual public key of another entity, the owner. The issuers primary key (I believe)
Self-signed certificates: signed using the private key corresponding to the public key in the certificate; the issuer is the same as the subject. It is reasonable to self-sign a certificate if the recipient already trusts the sender.
CA Signing: The sender needs to obtain a certificate from a trusted third party, referred to as a certification authority (CA). To do so, you send a self-signed certificate signing request (CSR) to the CA. The CA verifies the signature on the CSR and your identity, perhaps by checking your driver’s license or other information. The CA then vouches for your being the owner of the public key by issuing a certificate and signing it with its own (the CA’s) private key. Anybody who trusts the issuing CA’s public key can now verify the signature on the certificate. In many cases the issuing CA itself may have a certificate from a CA higher up in the CA hierarchy, leading to certificate chains.
Trusted certificates:Certificates of entities you trust are typically imported into your keystore as “trusted certificates.” The public key in each such certificate may then be used to verify signatures generated using the corresponding private key.
keytool:It creates a keystore entry containing a private key and a self-signed certificate for the public key. That is, the certificate is signed using the corresponding private key. This may be adequate if the people receiving your signed files already know and trust your identity.
Importing the Response from the CA:If you submitted a certificate signing request (CSR) to a certification authority (CA), you need to replace the original self-signed certificate in your keystore with a certificate chain by importing the certificate (or chain of certificates) returned to you by the CA.
But first you need a “trusted certificate” entry in your keystore that authenticates the CA’s public key. With such an entry the CA’s signature can be verified. That is, the CA’s signature on the certificate, or on the final certificate in the chain the CA sends to you in response to your CSR, can be verified.
In case of JBoss, you need this:
Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false"
strategy="ms" address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/.keystore"
keystorePass="xxxx"
truststoreFile="${jboss.server.home.dir}/conf/.keystore"
truststorePass="xxxx" keyAlias="JBossLavaServer"
sslProtocol="TLS"
Self signed SSL
xxxxxx/self@boo>openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 3650 -config ./openssl.cnf
Generating a 1024 bit RSA private key
………………++++++
..++++++
writing new private key to ‘private/cakey.pem’
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Organization Name (company) [The Sample Company]:XYZ Inc
Organizational Unit Name (department, division) []:XXX
Email Address []:
Locality Name (city, district) [Metropolis]:XXX
State or Province Name (full name) [New York]:XXX
Country Name (2 letter code) [US]:US
Common Name (hostname, IP, or your name) []:IPAddress
What just happened?
req: The req command primarily creates and processes certificate requests in PKCS10 format. We create self signed certificates for use as root CAs.
x509: This option outputs a self signed certificate instead of a certificate request.
xxxxxx/self@boo>l
total 24
drwxr-xr-x 4 boo boo 136 Feb 18 10:56 ..
drwxr-xr-x 2 boo boo 68 Feb 18 10:56 newcerts
-rw-r–r– 1 boo boo 3 Feb 18 11:00 serial
-rw-r–r– 1 boo boo 0 Feb 18 11:01 index.txt
-rw-r–r–@ 1 boo boo 1908 Feb 18 11:13 openssl.cnf
drwxr-xr-x 3 boo boo 102 Feb 18 11:13 private
-rw-r–r– 1 boo boo 1172 Feb 18 11:14 cacert.pem
drwxr-xr-x 8 boo boo 272 Feb 18 11:14 .
xxxxxx/self@boo>openssl req -new -nodes -out req.pem -config ./openssl.cnf
Generating a 1024 bit RSA private key
…………++++++
..++++++
writing new private key to ‘key.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Organization Name (company) [The Sample Company]:XXX Inc
Organizational Unit Name (department, division) []:XX
Email Address []:
Locality Name (city, district) [Metropolis]:XXX
State or Province Name (full name) [New York]:XXX
Country Name (2 letter code) [US]:US
Common Name (hostname, IP, or your name) []:IPAddress
xxxxxx/self@boo>openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem
Using configuration from ./openssl.cnf
Enter pass phrase for ./private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
organizationName :PRINTABLE:’XXX’
organizationalUnitName:PRINTABLE:’XX’
localityName :PRINTABLE:’XXX’
stateOrProvinceName :PRINTABLE:’XXX’
countryName :PRINTABLE:’US’
commonName :PRINTABLE:IPAddress
Certificate is to be certified until Feb 18 19:49:13 2010 GMT (365 days)
Sign the certificate? [y/n]:yes
1 out of 1 certificate requests certified, commit? [y/n]yes
Write out database with 1 new entries
Data Base Updated.
xxxxxx/jbossca@boo>keytool -genkey -alias JBossServer -keyalg RSA -keystore .keystore
Enter keystore password: SECRET
What is your first and last name?
[Unknown]: IPADDRESS
What is the name of your organizational unit?
[Unknown]: XXX
What is the name of your organization?
[Unknown]: XXX Inc.
What is the name of your City or Locality?
[Unknown]: XXX
What is the name of your State or Province?
[Unknown]: XXX
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=IPADDRESS, OU=XXX, O=XXX Inc., L=XXX, ST=XXX, C=US correct?
[no]: yes
Enter key password for <JBossXXXServer>
(RETURN if same as keystore password):
xxxxxx/jbossca@boo>keytool -certreq -keystore .keystore -alias JBossXXXServer -file jbossXXXserver-csr.csr
Enter keystore password: XXXXXX
xxxxxx/jbossca@boo>l
total 16
drwxr-xr-x 5 boo boo 170 Feb 18 12:05 ..
-rw-r–r– 1 boo boo 1378 Feb 18 12:13 .keystore
-rw-r–r– 1 boo boo 670 Feb 18 12:14 jbossXXXserver-csr.csr
drwxr-xr-x 4 boo boo 136 Feb 18 12:14 .
xxxxxx/self@boo>cp cacert.pem ../jbossca/
xxxxxx/self@boo>cp -R private/ ../jbossca/
xxxxxx/self@boo>cd ../jbossca/
xxxxxx/jbossca@boo>openssl x509 -req -in jbossXXXserver-csr.csr -out jbossXXXserver.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -days 3650 -outform PEM
Signature ok
subject=/C=US/ST=XXX/L=XXX/O=XXX Inc./OU=XXX/CN=IPADDRESS
Getting CA Private Key
Enter pass phrase for cakey.pem:
xxxxxx/jbossca@boo>openssl x509 -inform pem -outform der < cacert.pem > cacert.cer
xxxxxx/jbossca@boo>keytool -import -alias JBossXXXServer -file cacert.der -keystore ./.keystore
Enter keystore password: XXXXXX
keytool error: java.io.FileNotFoundException: cacert.der (No such file or directory)
xxxxxx/jbossca@boo>keytool -import -alias JBossXXXServer -file cacert.cer -keystore ./.keystore
Enter keystore password: XXXXXX
keytool error: java.lang.Exception: Public keys in reply and keystore don’t match
xxxxxx/jbossca@boo>keytool -import -alias root -trustcacerts -file cacert.cer -keystore ./.keystore
Enter keystore password: XXXXXX
Owner: CN=IPADDRESS, C=US, ST=XXX, L=XXX, OU=XXX, O=XXX Inc
Issuer: CN=IPADDRESS, C=US, ST=XXX, L=XXX, OU=XXX, O=XXX Inc
Serial number: —
Valid from: Wed Feb 18 11:14:58 PST 2009 until: Sat Feb 16 11:14:58 PST 2019
Certificate fingerprints:
MD5: —
SHA1: —
Trust this certificate? [no]: yes
Certificate was added to keystore
xxxxxx/jbossca@boo>keytool -import -trustcacerts -alias JBossXXXServer -keystore .keystore -file jbossXXXserver.pem
Enter keystore password: XXXXXX
Certificate reply was installed in keystore
xxxxxx/jbossca@boo>keytool -list -keystore .keystore
Enter keystore password: XXXXXX
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
root, Feb 18, 2009, trustedCertEntry,
Certificate fingerprint (MD5):–
jbossXXXserver, Feb 18, 2009, keyEntry,
Certificate fingerprint (MD5): —
Check out the openssl.cnf you wud be using.
#
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/serial
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
#———————- ———————————-
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
#—————————— ——————————
0.organizationName_default = The Sample Company
localityName_default = Metropolis
stateOrProvinceName_default = New York
countryName_default = US
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
Entity resolvers
I couldnt get to parse log4j.xml. and I found this!
http://www.ibm.com/developerworks/library/x-tipent.html
Entity resolvers work in cases where you have a DTD or a XML schema.
These entity resolvers are used to add up content in your XML. For eg. the lt; During resolution, the parser locates the referenced content and inserts it into the XML. This means that when you manipulate the parsed document (in Java, C, Perl, PHP, Python, or whatever other language you are using), the referenced content appears just as any other content would.
Praveen's Blog 