Mozilla's Firefox Invalid, Yet Valid Certificate

In my line of work I get to work with a lot of security devices which run self-signed certificates. Those certificates are most of the time generated when the device / appliance is installed, or configured for the very first time. When you connect to one of those devices with a web browser, you tend to see the warnings displayed by the browser that the connection is not to be trusted.

In Firefox, you can add an exception in the browser. When you've done that, the next time you go to the website, the browsers treats the website as trusted.

Posted on April 1, 2012 by Willem and filed under Annoying, Browsers, Tips'n Tricks and tagged PKI certificates firefox.

Courier IMAPd and Mail.app warnings

After installing an ISPConfig deployment, everything seemed to work properly, but every now-and-then I got this weird error that there was something wrong with the mail server configuration. The Apple Mail.app showed a exclamation mark with the following message:

The server returned the error: The attempt to read data from the server server.domain.ext failed.

Some research showed that the Apple mail clients tend to open several connections for IMAP, and the default setting of the Courier IMAPd server is to allow (only) 4 connections from the same IP address.

Modifying the Courier config file (/usr/lib/courier-imap/etc/imapd) and allowing e.g. 20 connections from 1 IP address solved this problem.

<ORIGINAL CONFIG>
##NAME: MAXPERIP:0
#
# Maximum number of connections to accept from the same IP address

MAXPERIP=4

<MODIFIED CONFIG>
##NAME: MAXPERIP:0
#
# Maximum number of connections to accept from the same IP address

MAXPERIP=20

If your company / household holds several imap mail clients you may need to increase the counter even more (65536 is the maximum amount of connections for ANY IP address).

If you have SSL enabled on the Courier IMAPd server you also need to add the MAXPERIP variable to the imap-ssl config file (/usr/lib/courier-imap/etc/imapd-ssl).

Finally, you need to restart the Courier IMAPd services (/etc/init.d/courier-imap restart)

Posted on January 23, 2012 by Willem and filed under Apple, Linux, Tips'n Tricks and tagged CentOS Courier IMAPd ISPConfig MAXPERIP.

Changing SSL Certificates in a ISPConfig v3 Configuration

When you install a Perfect Server based on Centos and ISPConfig v3.x, the system / 'installer' creates for the components self-signed certificates. All these certificates will generate different warnings in your browser, mail clients etc. So time to eliminate those warnings.

First I needed to find out where all those certificates are located, and what there formats are. In my case, there are three services that use SSL/TLS in some form;

Postfix SMTP service
Courier IMAP service
http / Apache2 webservice

Checking the configuration files will reveal their locations.

Posted on January 7, 2012 by Willem and filed under Linux, Operating Systems, Security, Software, Tips'n Tricks and tagged CentOS ISPConfig certificates ssl xca PKI.

Getting ISPConfig to Work on Centos

This is not a manual describing the installation (pre-requisites) of ISPConfig software on a Centos platform. An excellent manual can be found online. It's just that I ran into a problem when I tried to connect an e-mail client to the (IMAP) mailserver (controled by ISPConfig). All the appropriate ports / listeners were up and running, so it had to be a configuration issue.

Googling around didn't solve my problem. My collegue, Xander (@xmoments / xmoments.nl), cam eto the rescue with the solution;

yum install cyrus-sasl-plain-2.1.23-13.el6.x86_64

Software that handles cleartext passwords between mail processes. After the installation, the mail went flying across the Interwebs.

Posted on January 5, 2012 by Willem and filed under Linux, Software, Tips'n Tricks and tagged CentOS Cyrus SASL ISPConfig.

Screen Capture Can't Be Saved

After upgrading my iMac to OS X Lion (10.7) everything works (or at least seems to work), until I tried to do a screen capture with the built-in tools.

Things that worked:

Capturing the entire desktop to file
Capturing a selection (using the cross-hair) to file
Capturing the entire desktop to the clipboard
Capturing a selection (using the cross-hair) to the clipboard

Things that didn't work:

Capturing entire windows to file or the clipboard (SHIFT-COMMAND-4 + SPACE / SHIFT-COMMAND-3 + SPACE)

All I got was a weird notification box with the message:

Screen capture can't be saved

The console application also showed an error message:

12/16/11 1:40:08.762 com.apple.SystemUIServer.agent: screencapture could not capture window 3c

Lurking around the Interwebs, I found this seem to occur after an upgrade of the OS, but real solutions are hard to come by.

This is what I did to solve my problem:

Remove the screencapture PLIST (preferences) file (~/Library/Preferences/com.apple.screencapture.plist)
Copy a com.apple.screencapture.plist file from a working OS X Lion environment and place it in the correct location on the troubled OS X installation.

That seemed to result in two com.apple.screencapture.plist files (one with an additional extension of .locked). I removed the .locked file, rebooted the iMac, and screen capture worked again.

I must mention that I didn't see the .locked file initially. Could be that it existed before. In which case I probably did more than was required to get things fixed....

Posted on December 16, 2011 by Willem and filed under Annoying, Apple, Operating Systems, Tips'n Tricks and tagged Screencapture locked save.

Upgrading Splunk on Ubuntu Linux

Just a small post with the instructions on upgrading Splunk on Ubuntu Linux.

First download the Splunk update. The Splunk website also gives you the wget command, which you can use directly on the Linux commandline.

Posted on November 10, 2011 by Willem and filed under Linux, Software, Tips'n Tricks and tagged Linux Splunk ubuntu upgrade.

Unofficial iOS5 upgrade

After reading the iOS5 upgrade on the Lifehacker website, I decided to upgrade my iPad2 to iOS5. It's unofficial, because iOS5 hasn't been released yet. The version mentioned on the Lifehacker websites is considered to be the Gold-Master version. Meaning that it's the final version, waiting to be released somewhere this month.

First I installed the iTunes beta version as mentioned and downloaded the appropriate iOS versions for my iPad and iPhone. The upgrade went extremely well. Just remember to backup your device before the 'upgrade' proceding.
After the iPad upgrade, I decided to upgrade my iPhone3gs. This went as smooth as the iPad upgrade.

The biggest new feature for me so far is the possibility to use custom text/notification tones. The iPhone3gs also feels more responsive.

There was one annoyance with the initial configuration of the iPad;
My Apple ID was a basic username, and not an e-mail address. This is NOT accepted by the initial iOS5 configuration wizard. Your Apple account NEEDS TO BE an e-mail address. It took me a while to set that up properly in my online account settings.

Posted on October 9, 2011 by Willem and filed under Apple, Operating Systems, Software, Tips'n Tricks, iPhone and tagged iOS5, upgrade, iPad, iPhone.

Configuring Syslog-ng on Ubuntu

Syslog-ng is a replacement for the default syslog daemons you get with most Linux distributions. The advantage of syslog-ng is that the configuration is easier to understand, and it gives the sys-admin numerous advantages. Especially in complex environments.

Let's say we have a RADIUS environment which is able to send authentication and accounting information through syslog to external devices. And let's assume that a relevant part of this syslog information is needed by a department within a large cooperation.

Installing syslog-ng (on Ubuntu) is done by the following command:

# sudo apt-get install syslog-ng

Through the use of syslog-ng we can store, and/or forward syslog information based on the following (but not limited to):

source IP address
destination IP address
syslog level
content in the original syslog message by using regular expressions.

All this can be configured in the /etc/syslog-ng/syslog-ng.conf file.

Posted on August 26, 2011 by Willem and filed under Linux, Tips'n Tricks and tagged syslog syslog-ng.

Unable to Upgrade Firefox on OS X

Today I tried to upgrade Firefox 5.0.1 on my iMac to version Firefox 6, but it failed with some 'weird' error;

The operation can't be completed because the item libsmime3.dylib" is in use.

Weird because I didn't have FireFox running at the time. Removing Firefox didn't work either, since I couldn't remove it from the Trash (same error).

Turned out that I had the Cisco AnyConnect VPN installed on my system (process name: vpnagentd). To 'unload' this process enter the following in Terminal:

sudo launchctl unload /Library/LaunchDaemons/com.cisco.anyconnect.vpnagentd.plist

Install Firefox, and enable the vpnagent again by entering the following in Terminal:

sudo launchctl load /Library/LaunchDaemons/com.cisco.anyconnect.vpnagentd.plist

And all should be well.

Posted on August 15, 2011 by Willem and filed under Annoying, Browsers, Software, Tips'n Tricks and tagged Installation libsmime3.dylib vpnagentd firefox.

Burn OS X Lion Installation Package to DVD

The moment you download OS X Lion, you'd better have a copy of OS X Snow Leopard, because by default the new Apple OS can only be installed on a previous installed Operating System (upgrade). So if you need to reinstall your Mac in the future, you need to install OS X Snow Leopard first, and then upgrade to OS X Lion. Also, there's no way of ordering an OS X Lion copy on DVD..... Well, that sucks.

Fortunately, there's a way of creating the installation DVD by extracting the actual disk image from the downloaded OS X Lion installation package.

Posted on July 20, 2011 by Willem and filed under Apple, Operating Systems, Software, Tips'n Tricks and tagged Bootable Burn Clean Install DVD Lion OSX.