Retrieving your private SSL key with IIS 7

Open the MMC window ( start -> run -> mmc) and go to file -> add/remove snap-in, choose certificates from this list. Click on Add and choose Computer account in the list.

Click Next and select Local computer, and click Finish and then Ok.

Go to Certificates (local computer) -> personal -> certificates.

On the existing SSL certificate, right mouse click -> all tasks -> export. Enable Export the private key and follow the next steps. (to check, is dit niet voor import?)

So now we have an encrypted pfx file, to retrieve our private SSL key use these commands.

openssl pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem

This outputs the private key, but this still has a password.

openssl rsa -in privateKey.pem -out private.pem

Now we have our private key in a clear text file.

Posted by Bram

Renewed your SSL certificate and importing it into IIS 7

Copy your certificate you receive and save it on your windows machine.

Now open the MMC window ( start -> run -> mmc) and go to file -> add/remove snap-in, choose certificates from this list. Click on Add and choose Computer account in the list.

Click Next and select Local computer, and click Finish and then Ok.

Go to Certificates (local computer) -> personal -> certificates.

In the certificates box, right mouse click -> all tasks -> import.

Choose your certificate file and finish the import process.

Now you’ll see that the certificate misses its private key.

Double click on your certificate, go to the details tab and choose thumbprint.

Copy this and open a command prompt:

certutils –repairstory my “thumbprint” (of iets gelijk dat)

When you refresh your certificates you should see that the key has an extra symbol attached, and your certificate should be valid again.

Posted by Bram

Exim blacklist on directadmin

One of the interesting things in exim is blacklisting, unfortunately this is not enabled by default.

To enable blacklisting you need to execute these 3 commands as root on your server:

cd /etc/virtual
rm use_rbl_domains
ln -s domains use_rbl_domains

Posted by Bram in directadmin

Using a huawei E1750 as a sms gateway

First we need to install some debian packages we need:

apt-get install build-essential libhid-dev bzip2 tcl8.5-dev

Because the huawei E1750 has a card reader integrated we need to disable this to use the modem, to do this we need to download Usb-modeswitch.

cd /usr/src
wget http://www.draisberghof.de/usb_modeswitch/usb-modeswitch-1.1.4.tar.bz2
wget http://www.draisberghof.de/usb_modeswitch/usb-modeswitch-data-20100826.tar.bz2
tar xvjf usb-modeswitch-1.1.4.tar.bz2
tar xvjf usb-modeswitch-data-20100826.tar.bz2
cd usb-modeswitch-1.1.4

make install

cd usb-modeswitch-data-20100826
make install
cp 40-usb_modeswitch.rules /etc/udev/rules.d/
udevadm control –reload_rules

Edit the file /etc/usb_modeswitch.conf en paste this below the other options.

# Configuration for the usb_modeswitch package, a mode switching tool for
# USB devices providing multiple states or modes
#
# This file is evaluated by the wrapper script “usb_modeswitch_dispatcher”
# in /usr/sbin
# To enable an option, set it to “1”, “yes” or “true” (case doesn’t matter)
# Everything else counts as “disable”

# Disable automatic mode switching globally (e.g. to access the original
# install storage)

DisableSwitching=0

# Enable logging (results in a extensive report file in /var/log, named
# “usb_modeswitch_

EnableLogging=0

########################################################
;DefaultVendor= 0x12d1
;DefaultProduct= 0x1446

MessageEndpoint = 0x01
MessageContent = “55534243000000000000000000000011060000000000000000000000000000”
########################################################

Lets execute usb_modeswitch to disable the card reader

usb_modeswitch -v 0x12d1 -p 0x1446 -H -s 5 -c /etc/usb_modeswitch.conf

You should get some output like this:

Looking for target devices …
No devices in target mode or class found
Looking for default devices …
Found devices in default mode or class (1)
Accessing device 003 on bus 005 …
Using endpoints 0x01 (out) and 0x81 (in)
Inquiring device details; driver will be detached …
Looking for active driver …
No driver found. Either detached before or never attached

SCSI inquiry data (for identification)
————————-
Vendor String: HUAWEI
Model String: Mass Storage
Revision String: 2.31
————————-

USB description data (for identification)
————————-
Manufacturer: HUAWEI Technology
Product: HUAWEI Mobile
Serial No.: not provided
————————-
Setting up communication with interface 0 …
Using endpoint 0x01 for message sending …
Trying to send message 1 to endpoint 0x01 …
OK, message successfully sent
Resetting response endpoint 0x81
Error resetting endpoint: -71
Resetting message endpoint 0x01
Error resetting endpoint: -19
Device is gone, skipping any further commands

Checking for mode switch (max. 20 times, once per second) …
Original device is gone already, not checking
Searching for target devices …
Searching for target devices …
Searching for target devices …
Searching for target devices …
Searching for target devices …
Searching for target devices …
Found correct target device

Mode switch succeeded. Bye.

The part where it says: “Mode switch succeeded. Bye.” is important, if it doesn’t say succeeded you’ll have to look for the right vendor and product id. You can find this by using lsusb.

I’ll assume it said succeeded and we are going to install everything we need to use gnokii, as i’m a great fan of MySQL i want to put all my data in mysql so we need a mysql server and the mysql version of gnokii.

apt-get install gnokii-smsd-mysql mysql-server-5.0 gnokii-cli

Setup the mysql database, create a database + user.

echo “create database smsd” | mysql -u root -p

echo “grant all on smsd.* to gnokii@’localhost’ identified by ‘password'” | mysql -u root -p

Import the gnokii sql file

mysql smsd < /usr/share/doc/gnokii-smsd-mysql/sms.tables.mysql.sql

Now our database is ready for use, the next thing we need to do is configure our gnokii.

edit /etc/gnokiirc

(this is what mine looks like)

# This is a sample ~/.gnokiirc file. Copy it into your
# home directory and name it .gnokiirc.
# See http://wiki.gnokii.org/index.php/Config for working examples.
#

[global]
port = /dev/ttyUSB0
model = AT-HW
initlength = default
connection = serial
use_locking = yes
serial_baudrate = 9600
handshake = hardware
smsc_timeout = 30

[xgnokii]
allow_breakage = 0

[gnokiid]
bindir = /usr/sbin/

[connect_script]
TELEPHONE = 12345678
[disconnect_script]

[logging]
debug = off
rlpdebug = off
xdebug = off

We should be able to see some data of our modem, lets see if gnokii can identify our huawei:

gnokii –identify

GNOKII Version 0.6.26
Couldn’t read /root/.gnokiirc config file.
Couldn’t read /root/.gnokiirc config file.
IMEI : 351910046446428
Manufacturer : huawei
Model : E1750
Product name : E1750
Revision : 11.126.00.00.00

If you see this everything should work fine.

Now we can test if we can send a sms manually.

echo “testing if we can send sms” | gnokii –sendsms +32477……

A couple of seconds later you should receive the sms on your phone.

Now lets start the smsd daemon.

/usr/sbin/smsd -u gnokii -p password -d smsd -m mysql -f /var/log/smsd/smsd.log &

And fill in some data in our outbox.

mysql smsd
insert into outbox(number,text,dreport) values (‘+32477……’,’testing if we can send from gnokii-smsd’,1);

You should receive a text message shortly

Posted by Bram in nagios

Faster way to install directadmin

Sometimes I need to install directadmin on our vds servers, as we don’t use templates for this I was looking for an easy and faster way to install new servers.
A couple of weeks ago I found the solution and i thought I’d share it.

apt-get install gcc g++ debianutils binutils make autoconf automake vim pwgen
wget http://www.directadmin.com/setup.sh
chmod +x setup.sh
mkdir -p /usr/local/directadmin/custombuild
wget https://bugoff.be/wp-content/uploads/2010/04/options.conf -O /usr/local/directadmin/custombuild/options.conf
echo 1.2 > /root/.custombuild
./setup.sh <User ID> <License id> <servername> <eth>

This will install your directadmin server with my options.conf file, correct the options to what you want. I always install my servers using php-cgi.

Posted by Bram in directadmin