Importing SSL Certificates to your Keystore

Hi all,

I've been fighting for three days to get my SSL certificate to work with Tomcat 7. First I'm going to give you some advice. Important advice. You must have a Private Key and a Certificate, in order to make everything work. And, both have to be in the same keystore.
What happende to me:

I installed the Certificate I received from Thawte in my keystore. That was very easy, just a simple import file and it was done. But, when I launched my Tomcat, and looked at the logs for the HTTPS [port: 443] connector intialization, I saw that something was going wrong: No Private Key found for my certificate. Then my battle started. Where the hell was my Private Key?, I had only received an email with this content:

Your certificate is:
----- BEGIN CERTIFICATE -----
....
----- END CERTIFICATE ------

So I started browsing the web and found the process of requesting a Signed Certificate from a Certification Authority.
1 ) You generate your keystore plus your private key
2 ) Create the Certificate Signing Request (CSR)
3) Submit the CSR and wait for your Certificate

I wasn't the person who did the whole process, I was just supposed to install it. I knew nothing about that private key. So today, after three days, I received the .pfx file from the people in charge of the process. When I try to open it in Windows I read the following: You have the private key that corresponds to this certificate. Eureca! It must be inside that .pfx file. So I dived into the internet and found that a .pfx file could be imported straight away into a keystore.

Here are the steps you need to follow to do a correct import:
1) Get the .pfx file with your private key inside. Double click the .pfx file and install it to your machine. Select any certificate keystore from your computer. Open Run > certmgr.msc and look for your recently installed .pfx file. Open it and look for the golden key icon followed by You have the private key that corresponds to this certificate.
2) Import the .pfx file to your keystore with the following command:
keytool -importkeystore -srckeystore file.pfx -alias keyALIAS -srcstoretype pkcs12 -destkeystore /path/to/keystore
3) If the import was correct, you must have the private key with the same password that the keystore has. You can change it with the following command:
keytool -keypasswd -alias keyALIAS -keystore ssl-keystore

Note: If you don't do this last step you will get a: java.io.IOException: Cannot recover key error.
I hope this was helpful to you. At least it was for me, and since I've been struggling with these for days, I thought I'd share it.

Cheers!

Get out of the 'Comfort Zone'

Os dejo un vídeo motivacional para que os lancéis y salgáis fuera de la zona de confort.



Quive it, get Quived!
www.quived.com

Generating an API

Afternoon mates. Today I'm starting to develop Quived's API. It's going to be used by smartphones or tablets which have the app installed. It's very important to bare in mind the different HTTP methods when doing this. These codes are the base in which the API sits. In order to know when a request has been successfull or not, you exchange different HTTP status codes.
As always, wikipedia is a perfect place to find information about this: link
More specifically speaking, when doing this in a grails application. Is very important to set up the path that the URL mapping is going to follow. We set this in the URLMappings.groovy file. Inserting the following code for each new route you want to define:

"/rest/url/**" (controller:"YourRestController", action:"method") {
            action = [GET: "method"];
        }

One thing I found out while doing this, is that you are not supposed to put the entire: controllerNameController class name, just the name itself: controllerName.

Once the route to our API method is set, we can define the logic we want it to deliver. Regarding HTTP statuses, in grails we do as follow (at least I do):

• response.status = 200; // 200 OK. Just to set the status.
• render(status:204, text:'Extra information about the status') // 204 NO CONTENT. Status + information

I hope this helps.

Cheers!

Cádiz

Mañana a la hora de comer estaré, espero, rumbo a Cádiz con estas dos:

Estoy haciendo un poco de investigación para ver los sitios más molones de la zona. Pretendo hacer un poquito de surf también, así que espero poder mostraros muchas cosas nuevas del sur. Cheers!

Listening to: Ben Howard – Three Tree Town

Perfect Holiday

Right now, I'd love to be in any sunny beach where I could surf some waves. I'm no good, but improvement is always needed.

I hope you like this video. Very inspiring.

Quive it, get Quived!
www.quived.com

Setting SSL in Tomcat with Java apps

Good afternoon, at least in Spain. Today we are going to learn how to set up SSL security on a Apache Tomcat server running our Java, or similar, app.
First of all, we must create a Keystore file using Java. Go to your JDK folder: cd $JAVA_HOME/bin. Now, create the keystore file: keytool -genkey -alias tomcat -keyalg RSA -keystore. Bare in mind that the password for the keystore must be the same as the key password. This is a tomcat limitation that I didn’t find anywhere. Took me a whole morning to find out. If everything is correct, you should have the .keystore file in the folder you where in (JDK/bin). The next step is to copy this .keystore file wherever you want it to be.
There is a possibility to change the password for the key file using the following command: keystore -keypasswd -alias tomcat -keystore
Now, let’s move on. Open your server.xml file. Inside the conf folder, in $CATALINA_HOME. You have to declare a new Connector:

Our last step to follow is  to configure the web.xml file for our app. Then we will be able to run SSL. It should be inside your webapps/appFolder folder. Insert the following lines after declaration.

 
  securedapp
  /*
 

 
  CONFIDENTIAL
 
If you want to quit SSL, just change CONFIDENTIAL to NONE, so you don’t have to delete all the code written. Hope you found it interesting.

Resources:
Resource 1
Resource 2

Startup script in Ubuntu

Today I learned how to make a script run on sytem startup. This way you can run your script after rebooting automatically. Let’s take a look at the steps:

1. Open /etc/init.d/rc.local file.

2. Add the script you want to run on boot process there. For example:

    sh /usr/share/apache-tomcat-7.0.27/bin/startup.sh
    echo ‘Apache Tomcat Running’

3. Save the file. Your script will run on boot process.