The other day I had to download a public cert from a web service’s host and store it in my java keystore so that it can be trusted. Here’s what I did:
openssl s_client -showcerts -connect www.manthanhd.com:443 < /dev/null 2>/dev/null| sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > /tmp/www-manthanhd-com.cert
sudo keytool -import -file /tmp/www-manthanhd-com.cert -alias wwwmanthanhdcom -keystore /opt/java/jre/lib/security/cacerts -storepass changeit
The first line downloads the public cert from www.manthanhd.com and stores it in
Next, we’re using keytool to import that certificate into the Java cacert keystore. I am only using sudo here because Java is installed as root. If in your case its not, you can just use the keytool command without the sudo prefix.
Also, on my test box, the java keystore has the default java keystore password which is changeit. Make sure this matches whatever your keystore password is.
Last but not least, the alias that the cert is imported against is important because this is what you will have to use to later find it. In this case I’m just using the hostname without any punctuations. This way, I can easily find any cert I want for any host if I need it.
Thanks to Jamie Tanna (jvt.me) and Jack Gough (testingsyndicate.com) for their help on this.
Managing production passwords isn’t a trivial task. I was trying to deploy a containerized app the other day that had a database deployed with it. During the deployment, I was trying to find an easy way to set a secure password. I didn’t want anyone to know the password because I wanted only the application to know it and no one else. Also, the container was setup in a way that the database cannot be accessed from the outside world.
So instead of hard-coding the password, after doing some research, I used the following command: Continue reading
Creating Serverless Projects
In a server less environment, Amazon Lambda can be used in conjunction with Amazon API Gateway for HTTP interfacing, Amazon S3 for storage, Amazon ElastiCache for caching and DynamoDB/RDS for database storage. Checkout the Servless Application Framework at serverless.com for more info.
Securing data in AWS
Infrastructure should be treated as code, I.e. Version control systems. Automate security and increase testing frequency via CI/CD. Fail early and fast. Test at production scale. No need to keep the test servers alive. Spin up the entire production environment in test, deploy the code, run the tests and then tear down the environment. Continue reading