Home tmade.de

Home Wiki



Erstellen von Zertifikaten

Selbstsigniertes Zertifikat

Erstellung eines selbstsignierten Zertifikats mit einer Schlüssellänge von 2048 Bit und sha256

openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout ssl.key -out ssl.crt

Prüfung des Zertifikats

openssl x509 -noout -text -in ssl.crt


Erstellung eines Zertifikatsrequest mit einer Schlüssellänge von 2048 Bit und sha256

openssl req -nodes -sha256 -newkey rsa:2048 -keyout ssl.key -out ssl.csr

Prüfung des Zertifikatsrequests

openssl req -noout -text -in ssl.csr


Create a local Certificate

keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore tomcatSSL

The CSR is then created with

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcatSSL

Import the Chain Certificate into you keystore

keytool -import -alias root -keystore tomcatSSL -trustcacerts -file <filename_of_the_chain_certificate>

And finally import your new Certificate

keytool -import -alias tomcat -keystore tomcatSSL -trustcacerts -file <your_certificate_filename>

Konvertieren von Zertifikaten

Convert pfx nach key, crt

openssl pkcs12 -in mybackup.pfx -nocerts -out mykey.key 
openssl pkcs12 -in mybackup.pfx -nokeys -out mycert.crt 

Convert encrypted.key to decrypted.key/ Remove Passphrase from Key

openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

Convert key, crt nach pem

cat server.crt server.key > server.pem

Passwort entfernen

openssl rsa -in sslcert.key -out sslcert.key

Convert key, crt nach pfx

openssl pkcs12 -export -inkey mykey.key -in mycert.crt -out mybackup.pfx 

Convert pfx nach jks

keytool -importkeystore -srckeystore mypfxfile.pxf -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

Extracting a certificate/key pair from a Java keystore

# Save the file you received from UMLS as $NAME.jks
# Uncomment the 3 lines below on the first run
# wget 'http://www.source-code.biz/snippets/java/Base64Coder.java.txt' -O 'Base64Coder.java'
# wget 'http://mark.foster.cc/pub/java/ExportPriv.old.java' -O 'ExportPriv.java' # the new version doesn't wrap lines at 64 characters
# javac Base64Coder.java ExportPriv.java
# list certificates in the keystore:
# keytool -list -v -keystore $NAME.jks -storepass $PASS
# export certificate as DER:
keytool -export -alias $NAME -keystore $NAME.jks -storepass $PASS -file $NAME.crt.der
# convert DER certificate to PEM:
openssl x509 -in $NAME.crt.der -inform DER -out $NAME.crt.pem -outform PEM
# export key as PKCS8:
java ExportPriv $NAME.jks $NAME $PASS > $NAME.pkcs8
# convert binary PKCS8 key to ASCII RSA:
openssl pkcs8 -nocrypt -in $NAME.pkcs8 -inform PEM -out $NAME.rsa -outform PEM
# combine DER certificate and RSA key into PEM :
cat $NAME.crt.pem $NAME.rsa > $NAME.pem
echo "Saved key/certificate pair as $NAME.pem"
# clean up:
# rm $NAME.crt.der
# rm $NAME.crt.pem
# rm $NAME.pkcs8
# rm $NAME.rsa



sshfs ssh-konto@ssh-server:[Pfad] mount-point 
sshfs ssh-stream@linuxtest:/home/scripte d:/home
sshfs user@meinserver.com:/var/www /pfad/zu/meinem/lokalen/serverdir -o allow_other
fusermount -u mount-point

dbus, messagebus

dbus or messagebus check with:

/etc/init.d/dbus status
/etc/init.d/haldaemon status
/etc/init.d/dbus stop, same for haldaemon
kcontrol //started controll center
cat /etc/sysconfig/displaymanager | grep DISPLAYMANAGER_AUTOLOGIN=  //gibt aus welcher default user für autologin


update-alternatives --config java
update-alternatives --config javac


soundcard: http://alsa.opensrc.org/index.php/TroubleShooting

Check the ALSA driver version:

cat /proc/asound/version 

Check the ALSA library version:

grep VERSION_STR /usr/include/alsa/version.h  #driver and lib should match!

Check the sound drivers for your card are active:

cat /proc/asound/oss/sndstat

zypper probleme (yast package probleme):

rm /var/cache/zypp/zypp.db


zypper refresh

startup services:

harddisk encryption:

custom partitioning durning os install:


disallow access to programms/systemcommand: http://en.opensuse.org/Apparmor


user access and security:

pam authentication: if theres a file “/etc/nologin” no user except root can login! file /etc/pam.d/login looks if there´s /etc/nologin edit “auth required pam_nologin_so” and uncomment it (#) and login is again possible or delete /etc/nologin

Multipath / SAN

1. Install device-mapper-multipath rpm.
2. Edit the multipath.conf configuration file:
* comment out the default blacklist
* change any of the existing defaults as needed
* save the configuration file
3. Start the multipath daemons.
4. Create the multipath device with the multipath command.

SUSE: The /etc/multipath.conf file does not exist unless you create it. The /usr/share/doc/packages/multipath-tools/multipath.conf.synthetic file contains a sample /etc/multipath.conf file that you can use as a guide for multipath settings. See /usr/share/doc/packages/multipath-tools/multipath.conf.annotated for a template with extensive comments for each of the attributes and their options.

modprobe dm-multipath
service multipathd start
multipath -v2			#The multipath -v2 command prints out multipathed paths that 
			#show which devices are multipathed. If the command does not print anything out, 
			#ensure that all SAN connections are setup properly and the system is multipathed.
multipath -l			#show multipath topology (sysfs and DM info)
multipath -ll			#show multipath topology (maximum info)
chkconfig multipathd on
blacklist {
wwid SIBM-ESXSST336732LC____F3ET0EP0Q000072428BX1  		//name SBIM*** wird über den Befehl "multipath -v2" ausgelesen. Durch hinzufügen in die Blacklist wird das Divice nicht mehr gelistet


blacklist {
device {
vendor "IBM"
product "3S42" #DS4200 Product 10
device {
vendor "HP"
product "*"


service multipathd reload

Example multipath section:

multipaths {
multipath {
wwid 3600508b4000156d70001200000b0000
alias yellow
path_grouping_policy multibus
path_checker readsector0
path_selector "round-robin 0"
failback manual
rr_weight priorities
no_path_retry 5
multipath {
wwid 1DEC_____321816758474
alias red
rr_weight priorities


multipath -F		//flush all multipath device maps
multipath -v2		//show vervose mit level 2

Identify devices:

cat /sys/block/sda/device/vendor
cat /sys/block/sda/device/model

Important (redhat/centos):


—>show device info for /etc/multipath.conf

example devices:

devices {
device {
vendor "HP"
product "OPEN-V."
getuid_callout "/sbin/scsi_id -g -u -p0x80 -s /block/%n"

The multipathd interactive console can be used to troubleshoot problems you may be having with your system. For example, the following command sequence displays the multipath configuration, including the defaults, before exiting the console.

multipathd -k		//multipath konsole 
show config		//For example, the following command sequence displays the multipath configuration, including the defaults
multipathd -k
reconfigure		//The following command sequence ensures that multipath has picked up any changes to the multipath.conf,
multipathd -k		//Use the following command sequence to ensure that the path checker is working properly.

devices mounten:

1. filesystem erstellen mit mkfs**
2. mounten (e.g) siehe "ll /dev/mpath" und auf gelinktes device mounten
mount /dev/dm-2 /mnt/tmp
             	vendor                  "COMPAQ"
              	product                 "HSV111 (C)COMPAQ"
		getuid_callout          "/sbin/scsi_id -g -u -s"
              	prio_callout            "/sbin/mpath_prio_alua %d"    
             	features                "0"
            	hardware_handler        "0"
              	path_grouping_policy    multibus
		failback                immediate
              	prio_callout            "/sbin/mpath_prio_alua %d"      
               	path_checker            tur
               	no_path_retry           60 

For each path group:

\_ scheduling_policy [path_group_priority_if_known][path_group_status_if_known]

For each path:

 \_ host:channel:id:lun devnode major:minor [path_status][dm_status_if_known]



cat /etc/sysconfig/kernel 
cd /lib/modules/`uname -r`/
find /lib/modules/`uname -r`/ -name "qla*"
lsmod | grep qla

cat /proc/modules

lsmod				//this command lists all loaded kernel modules
modprobe			//loads kernel moduls
modprobe usb-storage
insmod module			//loads the indicated module into the kernel
rmmod 				//removes loaded kernel modules
rmmod module


modprobe -r 

try modprobe <modulename> on newer kernels to load the module and modprobe -r <modulename> to unload it


cd /usr/src/linux

make dep

make mrprop
make clean
make menuconfig
make modules 
make modules_install
make install
make oldconfig; 

Create an initrd image Type the following command at a shell prompt: # cd /boot # mkinitrd -o initrd.img-2.6.25 2.6.25

read content initrd:

gzip -dc /boot/initrd-2.6.xx.img| cpio -i –list

gzip -dc /boot/initrd- | cpio -i –list

in (aktuelles!!!)verzeichniss extrahieren:

gzip -dc /boot/initrd- | cpio -i –make-directories



yum install paket


yum repolist

to_do/temp.txt · Last modified: 2019/10/17 09:02 by tmade
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki