howto

cool places / howto / java / linux / software / technology / tutorials / ubuntu5 Comments
11
Sep 08

Install Sun Application Server on Ubuntu

Sun Microsystems

On the client site when working on Java (or should I say JEE) projects, the application servers are most of the time “rotate” between these four: JBoss, Websphere, Weblogic, and someties Geronimo. However there are some clients who have pretty tight contracts with Sun, and in these cases the Sun Application Server is used.

I think now days in development world in general, well except maybe .NET part of it, Ubuntu and/or Mac OS slowly become OSs of choice for developers. Sun app server however is not the most used app server out there, and since its installation could be a bit non-straightforward, here are four simple steps on how to install it on Ubuntu box:

Step 1. Download the “.bin” form sun:

“Sun Java System Application Server”

http://java.sun.com/j2ee/1.4/download.html (I needed 8.2, but there are more recent ones)

Step 2. Change permissions, to make it runnable:

chmod 744 sjsas_pe-8_2-linux.bin

Step 3. If you just run it:

./sjsas_pe-8_2-linux.bin

It is going to complaint that it is missing a standard c++ library:

./sjsas_pe-8_2-linux.bin: error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory

Having done some “apt-cache” searches ( apt-cache search libstdc++ ), found that Ubuntu has “libstdc++.so.6″ in /usr/lib.
From /usr/lib run:

 sudo ln -s libstdc++.so.6 libstdc++-libc6.2-2.so.3

Step 4. Run it now, it will install Sun App Server successfully! * **


* Do not run installation as root – it will fail (for most sun app servers versions)

** If you use any form of Beryl (or some Compiz’es), disable it, or reload window manager as a “Gnome Manager”. This is due to the fact the the installer is written in Swing, and Swing does not get along too well with some display managers.

hardware / howto / linux / software / technology / ubuntu29 Comments
6
Aug 08

Speed Up Ubuntu Boot Time by Starting Networking on The Background

Ubuntu Boot Up TimeIt is quite a simple change but it makes an Ubuntu laptop to boot 2-3 times faster! What takes the most time during boot in Ubuntu (and many other Linux distros) are DHCP discovery and DHCP timeout that are run by networking startup scripts. This of course can be solved with tweaking the timeout or just configuring a static IP, however this solution is not all that elegant, just because “What if the system needs this particular timeout?” or “What if it is a laptop, and it’s IP cannot be static?”

The idea to solve this is simply to take an advantage of concurrency. So instead of all other boot scripts to wait on the networking script(s) to finish its discovering and “timeouting” during a system boot, these network script(s) could be started in parallel, as separate child processes. This will speed up boot time, since the system should no longer wait on the “networking” to finish.

One thing to understand here, is that networking is not taken out of the boot process – it stills belongs to it (it is its child), and it would still run, and would do its important job – the difference is it would do it in parallel.

Here are two easy steps on howto archive this in Ubuntu (it can be applied to pretty much any Linux/Unix distribution, however the scrips/locations will/might be different) :

Step 1. Find network startup scripts:

cd /etc
 
user@host:/etc$ sudo find . | grep network
./rcS.d/S40networking
./init.d/networking
./network
./network/.interfaces.swp
./network/if-post-down.d
./network/if-post-down.d/avahi-daemon
./network/if-post-down.d/wireless-tools
./network/if-post-down.d/wpasupplicant
./network/interfaces
./network/if-up.d
./network/if-up.d/ntp
./network/if-up.d/clamav-freshclam-ifupdown
./network/if-up.d/ntpdate
./network/if-up.d/avahi-daemon
./network/if-up.d/sendmail
./network/if-up.d/avahi-autoipd
./network/if-up.d/wpasupplicant
./network/if-up.d/mountnfs
./network/if-pre-up.d
./network/if-pre-up.d/wireless-tools
./network/if-pre-up.d/wpasupplicant
./network/if-down.d
./network/if-down.d/clamav-freshclam-ifupdown
./network/if-down.d/sendmail
./network/if-down.d/avahi-autoipd
./network/if-down.d/wpasupplicant
./networks
user@host:/etc$ ll ./rcS.d/S40networking
lrwxrwxrwx 1 root root 20 2007-05-20 18:48 ./rcS.d/S40networking -> ../init.d/networking

FOUND IT: In this case the netwoking script that runs on startup is “../init.d/networking”

Step 2. Extract “start” case into a separate method:

user@host:/etc$ sudo vi ../init.d/networking

here is a “start case” in the original file:

case "$1" in
start)
	log_action_begin_msg "Configuring network interfaces"
        type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 120" || true
	if [ "$VERBOSE" != no ]; then
	    if ifup -a; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	else
	    if ifup -a >/dev/null 2>&1; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	fi
        type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 15" || true
	;;

let’s modify it by extracting the “start case” into a separate method so it can be run as a background process on the start up:

here is a “start case” in the modified file:

# adding this method so it can be run as a background process on the start up
start_on_boot () {
 
	log_action_begin_msg "Configuring network interfaces"
        type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 120" || true
	if [ "$VERBOSE" != no ]; then
	    if ifup -a; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	else
	    if ifup -a >/dev/null 2>&1; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	fi
        type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 15" || true
}
 
case "$1" in
 
start)
 
	# start networking on the background, so it does not slow down the boot time
	start_on_boot &
 
	;;

Save the file, reboot and enjoy

DONE :)

Interesting related articles:

making ubuntu boot in 19 seconds
understanding bash fork bomb

howto / linux / rails / ruby / software / technology / tutorials / ubuntu12 Comments
2
Aug 08

Make rails.vim Work: Compile VIM From Sources

rails.vimEver heard about rails.vim project? “Accept no imitations: rails.vim is the one true Vim plugin for syntax highlighing, easy navigation, and script invocation for all your Ruby on Rails applications, transparently and unobtrusively” says creator Tim Pope.

The very good “rails.vim” guide can be found here or just by reading project’s vimdoc here.

PROBLEM:

There is however one gotcha for Ubuntu Hardy Heron lovers (or other modern Linux distros). Using rails.vim would result in VIM “segmentation fault”crashes similar to:

Vim: Caught deadly signal ABRT
Vim: Finished.
Aborted

REASON:

This is due to the fact that a packaged VIM that comes from some Linux distros repositories has old patches.

SOLUTION:

One of possible solutions would be to download most current VIM sources from http://www.vim.org/sources.php and compile/install it manually. Below is how it is done on Ubuntu (but should be pretty similar on any Linux distro):

1. Get vim sources:

wget ftp://ftp.vim.org/pub/vim/unix/vim-7.1.tar.bz2

(where ’7.1′ is the current VIM version at the moment of writing)

2. Unpack it

tar -xvjf vim-7.1.tar.bz2

3. Install terminal libraries (vim needs them to compile correctly)

sudo apt-get install libncurses5-dev

4. Configure / Compile / Install

./configure --with-features=huge
make
sudo make install

5. Point your system to newly compiled VIM:

sudo rm /etc/alternatives/vi
sudo rm /etc/alternatives/vim
sudo rm /etc/alternatives/vimdiff
 
sudo ln -s /usr/local/bin/vim /etc/alternatives/vi
sudo ln -s /usr/local/bin/vim /etc/alternatives/vim
sudo ln -s /usr/local/bin/vimdiff /etc/alternatives/vimdiff

DONE

hardware / howto / interesting / linux / linuxmce / software / technology / tutorials / ubuntu5 Comments
15
Jul 08

Forward VNC through SSH

linuxmce screenshotFrequently I need to access my LinuxMCE machine over VNC, due to different reasons (when I am not home, when my Wii Remote batteries died, etc..). Usually SSH solves most of my needs, but sometimes it is very nice to control my linuxMCE box over VNC.

Here I will show you several very easy steps on how to configure your server/client to be able to tunnel VNC traffic through SSH, and be able to control your server in the GUI way :) This approach will work on most systems (not LinuxMCE specific) although here I chose Ubuntu as an “example OS”.

Before we begin, I would assume that:

  • The server already has ssh server installed, if not: 
    sudo apt-get install openssh-server
  • If connecting from the outside (like from work to home box), your router’s firewall forwards port 22 to your server’s IP

Here is how it is done:

Server Side Configuration

1. Installing VNC server, here I chose to install x11vnc, but it could be pretty much any VNC server of your choice (TightVNC, etc..):

sudo apt-get install x11vnc

2. Now let’s finish :) our server configuration by running the VNC server:

x11vnc

by default it is going to run without a password, and on port 5900

Client Side Configuration

1. In order to connect to the VNC server, we need to have a VNC viewer installed:

sudo apt-get install xvncviewer

* again, it can be pretty much any VNC viewer of your choice

2. Now the most interesting part of this whole process – enter this command:

ssh -L 5900:127.0.0.1:5900 yourusername@yourserver.com

this tells your system to tunnel all the traffic from the port 5900 on “yourserver.com” to the local (client’s) port 5900 via SSH. Simple, and yet very powerful – a “magic one-liner” :)

3. Fire up another shell on the client side and enter:

xvncviewer 127.0.0.1

do you see a cute colorful square screen? Do you recognize your server’s Desktop?

Done :)

P.S. For LinuxMCE specifically, you should also add a couple firewall rules:

- Go to the LinuxMCE web admin
- From the upper menu, go to “Advanced -> Network -> Firewall rules”

add this three rules:

tcp  	5900 to 5900  	5900  	192.168.80.1             port_forward
tcp 	5900 to 5900 	0 	0                        core_input
tcp  	22 to 22  	0  	0                        core_input

- The first rule allows external network (Internet) to access the VNC server on the Core (LinuxMCE server)
- The second rule allows anybody inside the home network ( since it is not wise to open 5900 port on your router to the whole world ) to have their 5900 port to be forwarded to the Core.
- The third rule (I think you already have it) allows anybody to access LinuxMCE server via port 22 (SSH)

Be careful about the rules above, as I assume that your LinuxMCE server is behind another firewall, cause you really do not want to open 5900 port to the public

howto / linux / software / technology / tutorials / ubuntu / xml12 Comments
12
Jul 08

Install rtGui on Ubuntu

rtorrent project logortGui is a web based front end for rTorrent - the Linux command line BitTorrent client. It’s written in PHP and uses XML-RPC to communicate with the rTorrent client.

There are several guides on how to install rtGui on Ubuntu or just POL (Plain Old Linux), but all of them seem to be missing one or two things to make them complete.

Here I went from scratch, step by step to install rtGui on Ubuntu (actually KUbuntu, and to be more specific linuxMCE but it would not matter in this case, since this guide is for any more or less recent Ubuntu distro). I tried to make this guide as complete as possible so it does not miss any installation steps, and if you have any questions/comments, you are welcome to post them in comments section. Now sit back, relax and… let’s get to work! :)

Step 1.  Install PHP with XML-RPC and a SCGI apache module:

sudo apt-get install php5 php5-xmlrpc libapache2-mod-scgi

Step 2. Edit Apache default server config:

sudo vi /etc/apache2/sites-enabled/000-default

(If you are using linuxMCE, edit /etc/apache2/sites-enabled/pluto file instead)
Add the following lines, above the last “</VirtualHost>” (or download example from http://rtgui.googlecode.com/files/000-default ):

LoadModule scgi_module /usr/lib/apache2/modules/mod_scgi.so
SCGIMount /RPC2 127.0.0.1:5000

Restart apache:

sudo apache2ctl restart

Step 3. Create .rtorrent.rc file – see http://libtorrent.rakshasa.no/browser/trunk/rtorrent/doc/rtorrent.rc?rev=latest or download example from http://rtgui.googlecode.com/files/.rtorrent.rc and save to your home directory – ~/.rtorrent.rc

* make sure .rtorrent.rc has this line:

scgi_port = 127.0.0.1:5000

Step 4. Create directories for rtorrent to use, and change the ownership to the user that runs rtorrent:

mkdir /Torrents /Torrents/Downloading /Torrents/Downloading/rtorrent.session
/Torrents/Complete /Torrents/TorrentFiles /Torrents/TorrentFiles/Auto
chown username /Torrents /Torrents/Downloading /Torrents/Downloading/rtorrent.session
/Torrents/Complete /Torrents/TorrentFiles /Torrents/TorrentFiles/Auto

* here “username” is the user who will run rtorrent 

Step 5. Instal XML-RPC library:

sudo apt-get install libxmlrpc-c3-dev
sudo apt-get install libxmlrpc-c3

Step 6. Install latest version of both – libtorrent & rtorrent:

NOTE: Depending on packages installed on the system, you might need these dependencies:

sudo apt-get install libncurses5-dev libsigc++-2.0-dev libcurl4-openssl-dev build-essential

Download latest version (X.Y.Z) of libtorrent from http://libtorrent.rakshasa.no/downloads/ into /usr/local/ directory:

wget http://libtorrent.rakshasa.no/downloads/libtorrent-X.Y.Z.tar.gz
sudo tar xvf libtorrent-X.Y.Z.tar.gz
cd libtorrent-0.11.1
 
sudo ./configure
sudo make
sudo make install

Download rtorrent latest version (X.Y.Z) from http://libtorrent.rakshasa.no/downloads/ in /usr/local/ directory.

wget http://libtorrent.rakshasa.no/downloads/rtorrent-X.Y.Z.tar.gz
sudo tar xvf rtorrent-X.Y.Z.tar.gz
cd rtorrent-X.Y.Z
 
sudo ./configure --with-xmlrpc-c
sudo make
sudo make install

* make sure  you configure rtorrent with “–with-xmlrpc-c” option

After the above 6 steps we are ready to install rtGui (and other GUIs for rtorrent: wTorrent, etc..)

Step 7. Install rtGui:

Download rtgui from http://code.google.com/p/rtgui/downloads/list
Extract files to webserver directory:

sudo tar xvzf ~/rtgui-0.2.3.tgz -C /var/www

* 0.2.3 is the current version at the moment of writing

You can edit “/var/www/rtgui/config.php” if you’d like to change rtGui default settings. Most of the time you don’t have to.

*** Step 8. Start rtorrent:

rtorrent

Step 9. Done! :) Open your browser, and go to http://localhost/rtgui/

*** (!) Since rtGui talks to rtorrent via XML-RPC gateway, rtorrent has to be started – otherwise rtGui has nobody to talk to :) In case rtorrent is not started when you accessing rtGui via web browser, you would get:

Warning: file_get_contents(http://localhost/RPC2) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in /var/www/rtgui/functions.php on line 10

This is because there is nobody listening on port 5000 – remember the line “scgi_port = 127.0.0.1:5000″ in .rtorrent.rc? We have configured rtorrent with ” –with-xmlrpc-c” option, hence when rtorrent is up and running it will listen on “scgi_port” (in this case 5000) and will be able to handle XML-RPC requests/responses.

Happy rTorrenting!

art / hardware / howto / linux / music / software / technology / ubuntu3 Comments
3
Jun 08

Install Floola on Ubuntu

iPod on UbuntuFloola is a freeware application to efficiently manage your iPod or your Motorola mobile phone (any model supporting iTunes). It’s a standalone application that can be run directly from your iPod and needs no installation under Linux, Mac OS X and Windows (Windows Vista is supported).

Step 1. Get it from:

http://www.floola.com/modules/wiwimod/index.php?page=download_linux

Step 2. Before running make sure to install c++ standard library:

sudo apt-get install libstdc++5

Step 3. DONE!

howto / linux / software / technology / ubuntu1 Comment
3
Jun 08

Install Opera in Ubuntu Hardy Heron

1. Add “deb http://archive.canonical.com/ubuntu feisty-commercial main” to /etc/apt/source.list

2. sudo apt-get update

3. sudo apt-get install opera

howto / linux / network / ubuntuNo Comments
3
Jun 08

Connect to Wireless Network on Startup

Make sure to have only one “auto” interface, as it will be the main one
If you have “auto eth0″ as well, then once “eth0″ is unplugged “eth1″ will be also unreachable

edit network interfaces configuration:

vi /etc/network/interfaces

here is what to put in:

auto eth1
iface eth1 inet dhcp
wireless-essid YourESSIDName
wireless-channel 10
wireless-key ##########################

to make it get a static IP, do this instead of the above:

 
# The primary network interface
# connect to wirless network on startup
auto eth1
 
# eth1 Interface
iface eth1 inet static
address  10.7.1.99
netmask  255.255.255.0
network  10.7.1.0
broadcast 10.7.1.255
gateway  10.7.1.1
wireless-essid YourESSIDName
wireless-channel 10
wireless-key ##########################
howto / java / software / technology / tutorials / web 2.0 / xml69 Comments
28
May 08

Generate XSD from XML

There are several tools out there to create (or to infer) an XSD schema from XML document. I liked trang command line tool the most. Found it first when reading about Spring web services in Spring in Action book (very good book btw).

Here are four simple steps how to create XSD from XML* using trang:

Step 1. Get trang

Download trang.zip from here (at the moment of writing “trang-20030619.zip”)

Step 2. Extract it

Use “unzip trang-version.zip”, or just winzip/winrar/7z etc.. if on windows

Step 3. Make an alias

This step is optional, but makes it extremely easy to run the tool with a single command. Make an alias to the “trang.jar” by (in my case Ubuntu/Linux) editing “~/.bashrc” and adding the following:

# execute trang.jar (create XSD from XMLs)
alias xml2xsd='java -jar ~/soft/utils/trang/trang-20030619/trang.jar'

above “~/soft/utils/trang” is the directory where “trang” was unzipped to.

Step 4. Create XSD from XML

Let’s look at the XML file we need an XSD for:

$ ls -l
total 4
-rw-r--r-- 1 user group 357 2008-05-28 15:38 holiday-request.xml
 
$ cat holiday-request.xml
<?xml version="1.0" encoding="UTF-8"?>
<holidayRequest xmlns="http://mycompany.com/hr/schemas">
    <holiday>
        <startDate>2006-07-03</startDate>
        <endDate>2006-07-07</endDate>
    </holiday>
    <employee>
        <number>42</number>
        <firstName>Ultimate</firstName>
        <lastName>Answer</lastName>
    </employee>
</holidayRequest>

now run the tool against it:

$ xml2xsd holiday-request.xml hr.xsd
$ cat hr.xsd
<?xml version=”1.0″ encoding=”UTF-8″?>
<xs:schema xmlns:xs=”http://www.w3.org/2001/XMLSchema” elementFormDefault=”qualified” targetNamespace=”http://mycompany.com/hr/schemas” xmlns:schemas=”http://mycompany.com/hr/schemas”>
  <xs:element name=”HolidayRequest”>
    <xs:complexType>
      <xs:sequence>
        <xs:element ref=”schemas:Holiday”/>
        <xs:element ref=”schemas:Employee”/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:element name=”Holiday”>
    <xs:complexType>
      <xs:sequence>
        <xs:element ref=”schemas:StartDate”/>
        <xs:element ref=”schemas:EndDate”/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:element name=”StartDate” type=”xs:NMTOKEN”/>
  <xs:element name=”EndDate” type=”xs:NMTOKEN”/>
  <xs:element name=”Employee”>
    <xs:complexType>
      <xs:sequence>
        <xs:element ref=”schemas:Number”/>
        <xs:element ref=”schemas:FirstName”/>
        <xs:element ref=”schemas:LastName”/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:element name=”Number” type=”xs:integer”/>
  <xs:element name=”FirstName” type=”xs:NCName”/>
  <xs:element name=”LastName” type=”xs:NCName”/>
</xs:schema>

done!

$

* – NOTE: “trang” can create an XSD from multiple XML documents, not just one.


List of other tools to use as an alternative to trang:

XSD away, Good Luck!

howto / java / linux / software / technology / tutorials8 Comments
22
Apr 08

Creating Public and Private Certificates/Keys

Public and Private Key PairHave you ever tried to communicate with somebody/something through any kind of technology? Most of the time “those” people/systems like privacy, in a way that they like their communication with everybody including you to be private. Hence once you want to communicate with them they give you something called a “public key” ( or “public-key certificate” ) and ask you to give them yours. Usually when you talk to different sources, nobody would guide you through on how to create that “public key” of yours, “they” would just want it, but you would be left alone to figure out how you should generate it.

Hence this little guide will show you one of many ways on how to generate a pair of X.509 public/private keys, and how to access this magic pair to get that “public key”, so it can be given to anyone who needs it.

First, let us throw a couple of sentences on how these keys are used. It is actually very simple – there is “YOU” and “THEY”:

  • YOU: generate a pair of public/private keys (where whatever is encrypted with your public key can only be decrypted with your private key)
  • YOU: hide your private key from everybody
  • YOU: give your public key to anybody who wants to communicate with you
  • THEY: generate a pair of public/private keys
  • THEY: hide their private key from everybody including YOU
  • THEY: give their public key to anybody who wants to communicate with them

Now when YOU and THEY have each others public keys and their own private keys communication may begin:

  • YOU: write your secret message, encrypt it with THEIR public key and send to them
  • THEY: receive your top secret message and using THEIR private key decrypt it
  • THEY: write you an answer, encrypt it with YOUR public key, and send to you
  • YOU: receive their top secret response and using YOUR private key decrypt it

Told you it is very simple!

Now let’s see how to do the magic – how to generate a pair of YOUR public and private keys.

There are number of ways – tools/libraries/code snippets/etc.. I would show you one of the simplest ways how this can be archived using a tool called… any guess? Yes – a “keytool” – make sense, right?

“keytool” is a java tool that has a great manual, and since its java – it’ll work on any OS that has JVM. In order to get/download a keytool, you just have to install Java (JRE) on your system (95% that you already have it installed, hence you can go ahead and use “keytool” without needing to install/download anything else).

Examples here are run on Linux (Ubuntu), but as long as you have Java installed, it does not really matter what OS you have to get the job done.

So, fire up the terminal (Windows’ “cmd”) and let’s generate a pair of public/private keys now:

$ keytool -genkey -alias otherguy -keypass p@ssw0rd -keystore our.keystore
Enter key store password: ksp@ssw0rd
 
You are about to enter information that will be incorporated into
your certificate request.  This information is what is called a
Distinguished Name or DN.  There are quite a few fields but you
can use supplied default values, displayed between brackets, by just
hitting &lt;Enter&gt;, or blank the field by entering the &lt;.&gt; character
before hitting &lt;Enter&gt;.
 
Common Name (hostname, IP, or your name): myname
Organization Name (company) [The Sample Company]: my company
Organizational Unit Name (department, division): department of departments
Locality Name (city, district) [Sydney]: gorodok
State or Province Name (full name) [NSW]: state of new noisy
Country Name (2 letter code) [AU]: zz

As you might figured already, a keystore is a small database, that we just created, that would hold all the keys (private/public) for many systems – right now we only have one pair, but later we can add more keys to the keystore. So let’s look at this keystore that we just generated:

$ ls -l
total 4
-rw-r--r-- 1 user group 1641 2008-04-22 20:46 our.keystore

But now you need to be able to access this “database” to get a public key, so you can share it with others. It is done by exporting this public key – again, very simple:

$ keytool -export -rfc -alias otherguy -file us-to-otherguy.cer -keystore our.keystore
Enter key store password: ksp@ssw0rd

let’s see what files we have now:

$ ls -l
 
total 8
-rw-r--r-- 1 user group 1641 2008-04-22 20:46 our.keystore
-rw-r--r-- 1 user group 1189 2008-04-22 20:48 us-to-otherguy.cer

And here it is (!) your public key certificate – “us-to-otherguy.cer”. Let’s see what’s inside:

$ cat us-to-otherguy.cer
-----BEGIN CERTIFICATE-----
MIIDQjCCAwGgAwIBAAIBATAJBgcqhkjOOAQDMIGGMQ8wDQYDVQQDDAZteW5hbWUxEzARBgNVBAoM
Cm15IGNvbXBhbnkxIjAgBgNVBAsMGWRlcGFydG1lbnQgb2YgZGVwYXJ0bWVudHMxEDAOBgNVBAcM
B2dvcm9kb2sxGzAZBgNVBAgMEnN0YXRlIG9mIG5ldyBub2lzeTELMAkGA1UEBgwCenowHhcNMDgw
NDIzMDA0NjM4WhcNMDgwNzIyMDA0NjM4WjCBhjEPMA0GA1UEAwwGbXluYW1lMRMwEQYDVQQKDApt
eSBjb21wYW55MSIwIAYDVQQLDBlkZXBhcnRtZW50IG9mIGRlcGFydG1lbnRzMRAwDgYDVQQHDAdn
b3JvZG9rMRswGQYDVQQIDBJzdGF0ZSBvZiBuZXcgbm9pc3kxCzAJBgNVBAYMAnp6MIIBuDCCASwG
ByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2N
WPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P2
08UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA
9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
Zl6Ae1UlZAFMO/7PSSoDgYUAAoGBAPDA5E5GVGzMBw3IWldpyGBs8Dwr7ArYdNRIPH7veELcENhO
7jNdBinJ/JUCcY0XoIhNVXVNkyABpGsBISfGPwgv1meyLcs0DK6ndEDBYGH0Cwoahhtb7EBhcqWQ
kqojyVtPRdNTPd8cyPDjbOOapv65+8Xe0FQoCtJXWiwF8Z17MAkGByqGSM44BAMDMAAwLQIVAJHL
9Syzc8LIEp6uNjVI+f/ox4dhAhQOug96d7B5V/rGytlAJiml9f8Qqg==
-----END CERTIFICATE-----

that is exactly what you send to everybody else to encrypt their secret messages!

The last thing that I want to show you is how to see what’s inside the keytore database:

$ keytool -list -v -keystore our.keystore
Enter key store password: ksp@ssw0rd
Key store type: gkr
Key store provider: GNU-CRYPTO
 
Key store contains 1 entry(ies)
 
Alias name: otherguy
Creation timestamp: Tuesday April 22, 2008 AD - 8:46:38;616 o`clock PM EDT
Entry type: key-entry
Certificate chain length: 1
Certificate[1]:
Owner: CN=myname,O=my company,OU=department of departments,L=gorodok,ST=state of new noisy,C=zz
Issuer: CN=myname,O=my company,OU=department of departments,L=gorodok,ST=state of new noisy,C=zz
Serial number: 1
Valid from: Wednesday April 23, 2008 AD - 1:46:59;989 o`clock AM EDT
until: Tuesday July 22, 2008 AD - 1:46:59;990 o`clock AM EDT
Certificate fingerprints
MD5: BB:35:C0:6B:D0:B2:67:26:BF:AB:AD:5A:87:51:AA:32
SHA-160: 19:67:F9:8B:DF:52:24:4A:61:4D:76:1C:79:2E:4B:5B:8E:A8:AA:E1
 
*******************************************

Here you can see that a public certificate that we exported is ” Valid from: Wednesday April 23, 2008 until: Tuesday July 22, 2008″, hence 90 days. That means it will need to be changed in 90 days, which would also, of course mean you would have to issue a new certificate to all your contacts in 90 days. In order to change this time frame, when generating a keystore, just add a “-validity <number of days>”when generating keys:

$ keytool -genkey -alias otherguy -keypass p@ssw0rd -keystore our.keystore -validity 3600

that would create a pair valid for 3600 days from the current date.

What if somebody wants to share secret with you? Well, now you are ready! :)

← Older Entries
Newer Entries →