Download and store a website’s public cert into a Java keystore

The other day I had to download a public cert from a web service’s host and store it in my java keystore so that it can be trusted. Here’s what I did:

The first line downloads the public cert from www.manthanhd.com and stores it in /tmp/www-manthanhd-com.cert.

Next, we’re using keytool to import that certificate into the Java cacert keystore. I am only using sudo here because Java is installed as root. If in your case its not, you can just use the keytool command without the sudo prefix.

Also, on my test box, the java keystore has the default java keystore password which is changeit. Make sure this matches whatever your keystore password is.

Last but not least, the alias that the cert is imported against is important because this is what you will have to use to later find it. In this case I’m just using the hostname without any punctuations. This way, I can easily find any cert I want for any host if I need it.

Thanks to Jamie Tanna (jvt.me) and Jack Gough (testingsyndicate.com) for their help on this.

Minimal Express server setup for API development

Initialise npm with defaults.

Create your main index.js entrypoint.

Install express, body-parser, morgan and winston packages.

Make your index.js look like this.

This is probably one of the most light weight node.js configuration that I have ever written for building simple REST web services.

In my opinion, this is a good starting point as it makes minimal assumptions about what you might need, letting you add whatever you need minimally on top.

Appending to crontab using a single shell command

Usually to edit crontab for a user, you login as that user and then run:

This usually opens up a text editor which then lets you edit the crontab. Once you are done, you save and quit, and this magically updates your crontab.

Today I was writing a script that needed to update crontab without any user interaction. After doing some digging, I found this neat way of updating my crontab;

The above example is straight out of my shell script which renews my letsencrypt certificate and then restarts the nginx server.

Setting up an OAuth2 provider

In this post, we’re going to talk about installing and setting up your very own OAuth2 provider. If you have used Facebook or Twitter logins, you’d know that they have their own OAuth2 providers. In reality, those are more than just OAuth2 providers as they also have OpenID Connect on them, however, that will be a post for another day.

Why would I want an OAuth2 provider?

Well, there are many reasons why you’d want an OAuth2 provider.

  1. Because its cool.
  2. Because its hip.
  3. Because, why not?

On a more serious note, if you have a bunch of applications running in your house, you can use your own OAuth2 provider to provide identity and custom authorisations to every app in a way that if one of those apps gets compromised, it won’t take your whole house down. This lets you operate all of your apps in a standard way.

Also, who in your family doesn’t want “Sign in via <insert_family_name>” button? 😛

For this post, we’re going to use Forgerock’s OpenAM version 13.

Continue reading

Fixing docker service startup after using an alternative graph driver

So I was playing around with devicemapper docker storage driver the other day. It was quite nice but when I stopped the modified docker daemon and tried to start the docker service in “normal” way, I received the following error:

Clearly something had gone wrong. Upon running:

I found the following line most helpful in fixing the error:

So I ran the following command in order to remove my devicemapper driver:

Boom it worked!

Alternatively, I could’ve backed it up to tmp instead by running:

But I didn’t need any of my images anyway so I removed it.

Hope this helps.