OpenSSL how to decode SSL certificate file

OpenSSL

To decode SSL certificate the following command can be used:

# openssl x509 -in shkodenko.crt -noout -text

Example command output:

# openssl x509 -in COMODORSADomainValidationSecureServerCA.crt -noout -text |more

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:2e:6e:ea:d9:75:36:6c:14:8a:6e:db:a3:7c:8c:07
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Validity
Not Before: Feb 12 00:00:00 2014 GMT
Not After : Feb 11 23:59:59 2029 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8e:c2:02:19:e1:a0:59:a4:eb:38:35:8d:2c:fd:
01:d0:d3:49:c0:64:c7:0b:62:05:45:16:3a:a8:a0:
c0:0c:02:7f:1d:cc:db:c4:a1:6d:77:03:a3:0f:86:
f9:e3:06:9c:3e:0b:81:8a:9b:49:1b:ad:03:be:fa:
4b:db:8c:20:ed:d5:ce:5e:65:8e:3e:0d:af:4c:c2:
b0:b7:45:5e:52:2f:34:de:48:24:64:b4:41:ae:00:
97:f7:be:67:de:9e:d0:7a:a7:53:80:3b:7c:ad:f5:
96:55:6f:97:47:0a:7c:85:8b:22:97:8d:b3:84:e0:
96:57:d0:70:18:60:96:8f:ee:2d:07:93:9d:a1:ba:
ca:d1:cd:7b:e9:c4:2a:9a:28:21:91:4d:6f:92:4f:
25:a5:f2:7a:35:dd:26:dc:46:a5:d0:ac:59:35:8c:
ff:4e:91:43:50:3f:59:93:1e:6c:51:21:ee:58:14:
ab:fe:75:50:78:3e:4c:b0:1c:86:13:fa:6b:98:bc:
e0:3b:94:1e:85:52:dc:03:93:24:18:6e:cb:27:51:
45:e6:70:de:25:43:a4:0d:e1:4a:a5:ed:b6:7e:c8:
cd:6d:ee:2e:1d:27:73:5d:dc:45:30:80:aa:e3:b2:
41:0b:af:bd:44:87:da:b9:e5:1b:9d:7f:ae:e5:85:
82:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4

X509v3 Subject Key Identifier:
90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
Policy: 2.23.140.1.2.1

X509v3 CRL Distribution Points:

Full Name:
URI:http://crl.comodoca.com/COMODORSACertificationAuthority.crl

Authority Information Access:
CA Issuers – URI:http://crt.comodoca.com/COMODORSAAddTrustCA.crt
OCSP – URI:http://ocsp.comodoca.com

Signature Algorithm: sha384WithRSAEncryption
4e:2b:76:4f:92:1c:62:36:89:ba:77:c1:27:05:f4:1c:d6:44:
9d:a9:9a:3e:aa:d5:66:66:01:3e:ea:49:e6:a2:35:bc:fa:f6:
dd:95:8e:99:35:98:0e:36:18:75:b1:dd:dd:50:72:7c:ae:dc:
77:88:ce:0f:f7:90:20:ca:a3:67:2e:1f:56:7f:7b:e1:44:ea:
42:95:c4:5d:0d:01:50:46:15:f2:81:89:59:6c:8a:dd:8c:f1:
12:a1:8d:3a:42:8a:98:f8:4b:34:7b:27:3b:08:b4:6f:24:3b:
72:9d:63:74:58:3c:1a:6c:3f:4f:c7:11:9a:c8:a8:f5:b5:37:
ef:10:45:c6:6c:d9:e0:5e:95:26:b3:eb:ad:a3:b9:ee:7f:0c:
9a:66:35:73:32:60:4e:e5:dd:8a:61:2c:6e:52:11:77:68:96:
d3:18:75:51:15:00:1b:74:88:dd:e1:c7:38:04:43:28:e9:16:
fd:d9:05:d4:5d:47:27:60:d6:fb:38:3b:6c:72:a2:94:f8:42:
1a:df:ed:6f:06:8c:45:c2:06:00:aa:e4:e8:dc:d9:b5:e1:73:
78:ec:f6:23:dc:d1:dd:6c:8e:1a:8f:a5:ea:54:7c:96:b7:c3:
fe:55:8e:8d:49:5e:fc:64:bb:cf:3e:bd:96:eb:69:cd:bf:e0:
48:f1:62:82:10:e5:0c:46:57:f2:33:da:d0:c8:63:ed:c6:1f:
94:05:96:4a:1a:91:d1:f7:eb:cf:8f:52:ae:0d:08:d9:3e:a8:
a0:51:e9:c1:87:74:d5:c9:f7:74:ab:2e:53:fb:bb:7a:fb:97:
e2:f8:1f:26:8f:b3:d2:a0:e0:37:5b:28:3b:31:e5:0e:57:2d:
5a:b8:ad:79:ac:5e:20:66:1a:a5:b9:a6:b5:39:c1:f5:98:43:
ff:ee:f9:a7:a7:fd:ee:ca:24:3d:80:16:c4:17:8f:8a:c1:60:
a1:0c:ae:5b:43:47:91:4b:d5:9a:17:5f:f9:d4:87:c1:c2:8c:
b7:e7:e2:0f:30:19:37:86:ac:e0:dc:42:03:e6:94:a8:9d:ae:
fd:0f:24:51:94:ce:92:08:d1:fc:50:f0:03:40:7b:88:59:ed:
0e:dd:ac:d2:77:82:34:dc:06:95:02:d8:90:f9:2d:ea:37:d5:
1a:60:d0:67:20:d7:d8:42:0b:45:af:82:68:de:dd:66:24:37:
90:29:94:19:46:19:25:b8:80:d7:cb:d4:86:28:6a:44:70:26:
23:62:a9:9f:86:6f:bf:ba:90:70:d2:56:77:85:78:ef:ea:25:
a9:17:ce:50:72:8c:00:3a:aa:e3:db:63:34:9f:f8:06:71:01:
e2:82:20:d4:fe:6f:bd:b1
[root@server ~]#

Connect to remote MySQL server via SSH tunnel

To connect to remote MySQL server via SSH tunnel run commands:

# ssh -L 3307:1.2.3.4:3306 taras@1.2.3.4

Where 3307 local port, 1.2.3.4 remote MySQL server IP, 3306 remote MySQL port, taras – valid SSH user name.

To check if tunnel connection has been set up:

# lsof -i :3307

Connect to remove MySQL server using local SSH tunnel:

# mysql --port 3307 -h 127.0.0.1 -u db_user -p db_name

Debian 7 IPTables set up

To set up persistent IPTables rules on Debian GNU/Linux 7 (wheezy)
install package using command:

# apt-get install iptables-persistent

Save current IPTables rules using command:

# /etc/init.d/iptables-persistent save

Edit /etc/iptables/rules.v4 file for IPv4 and
/etc/iptables/rules.v6 for IPv6 rules.

To apply new rules run command:

# /etc/init.d/iptables-persistent reload

Loading iptables rules… IPv4… IPv6…done.

To view current IPTables rules:

# iptables -vnL --line-numbers |more

Git edit remote origin URL

To edit remote origin URL in Git configuration file can be edited:

# more /home/taras/.git/config

[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote “origin”]
url = ssh://git@bitbucket.org/podlom/example.git
fetch = +refs/heads/*:refs/remotes/origin/*

#

Where url = ssh://git@bitbucket.org/podlom/example.git new example path.

To check new settings use command:

# git remote -v

origin ssh://git@bitbucket.org/podlom/example.git (fetch)
origin ssh://git@bitbucket.org/podlom/example.git (push)

#

Create second MySQL database and give privileges to one user

To create second MySQL database and give privileges to the same user the following commands can be used:

# mysql -h localhost -u root -p
mysql> SHOW CREATE DATABASE `database_name`;
mysql> CREATE DATABASE `database_name2` /*!40100 DEFAULT CHARACTER SET utf8 */;
mysql> SHOW GRANTS FOR database_user;
mysql> GRANT ALL PRIVILEGES ON `database\_name2`.* TO 'database_user'@'%';
mysql> FLUSH PRIVILEGES;
mysql> SHOW GRANTS FOR database_user;
mysql> quit;

SHOW CREATE DATABASE `database_name`; will show first MySQL create database DDL SQL query.

CREATE DATABASE `database_name2` /*!40100 DEFAULT CHARACTER SET utf8 */; will create second MySQL database.

SHOW GRANTS FOR database_user; is used to view current user grants.

GRANT ALL PRIVILEGES ON `database\_name2`.* TO ‘database_user’@’%’; grant all privileges to newly created database;

FLUSH PRIVILEGES; will apply new user privileges.

SHOW GRANTS FOR database_user; is used to view updated user privileges;

quit; to exit MySQL client program.

Connect to remote host via ssh proxy

To connect to remote server via ssh proxy use can use the following sequence of commands:

# lsof -i :2222
# ssh -f proxy_user@proxy_host -L 2222:destination_host:22 -N
# ssh -p 2222 destination_user@localhost

If TCP port 2222 is free you will not see any output. So you can use it for SSH proxied connection.

proxy_user – SSH user on SSH proxy server proxy_host.

destination_host – IP or host name of remote server where should we connect using proxy_host server as SSH proxy.

destination_user – SSH user on destination_host server.

apachectl – web server Apache control interface

To view possible options of apachectl – web server Apache server control interface run command:

root@shkodenko:~# apachectl --help
Usage: /usr/sbin/apachectl start|stop|restart|graceful|graceful-stop|configtest|status|fullstatus|help
       /usr/sbin/apachectl <apache2 args>
       /usr/sbin/apachectl -h            (for help on <apache2 args>)
root@shkodenko:~#

To view full version information run:

root@shkodenko:~# apachectl -V
Server version: Apache/2.2.22 (Debian)
Server built:   Feb  1 2014 21:26:04
Server's Module Magic Number: 20051115:30
Server loaded:  APR 1.4.6, APR-Util 1.4.1
Compiled using: APR 1.4.6, APR-Util 1.4.1
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"
root@shkodenko:~#

To view list of compiled-in modules execute:

root@shkodenko:~# apachectl -l
Compiled in modules:
  core.c
  mod_log_config.c
  mod_logio.c
  mod_version.c
  prefork.c
  http_core.c
  mod_so.c
root@shkodenko:~#

To check web server Apache syntax run:

root@shkodenko:~# apachectl configtest
Syntax OK
root@shkodenko:~#

To restart web server Apache gracefully run command:

root@shkodenko:~# apachectl graceful

List files and folders inside Java jar archive

To list files and folders inside Java jar archive use unzip.

Look at example below:

# unzip -l /home/taras/Downloads/clientControl.jar |more
Archive:  /home/taras/Downloads/clientControl.jar
  Length      Date    Time    Name
---------  ---------- -----   ----
        0  02-16-2014 12:10   META-INF/
      106  02-16-2014 12:10   META-INF/MANIFEST.MF
        0  02-16-2014 12:10   database/
        0  02-16-2014 12:10   i18n/
        0  02-16-2014 12:10   lib/
        0  02-16-2014 12:10   web/
        0  02-16-2014 12:10   web/WEB-INF/
        0  02-16-2014 12:10   web/images/
        0  02-16-2014 12:10   web/style/
     2052  02-16-2014 12:10   changelog.html
      926  02-16-2014 12:10   database/clientcontrol_db2.sql
      926  02-16-2014 12:10   database/clientcontrol_hsqldb.sql
      853  02-16-2014 12:10   database/clientcontrol_mysql.sql
      934  02-16-2014 12:10   database/clientcontrol_oracle.sql
      926  02-16-2014 12:10   database/clientcontrol_postgresql.sql
      940  02-16-2014 12:10   database/clientcontrol_sqlserver.sql
      518  02-16-2014 12:10   database/import_db2.sql
      518  02-16-2014 12:10   database/import_hsqldb.sql
      518  02-16-2014 12:10   database/import_mysql.sql
      531  02-16-2014 12:10   database/import_oracle.sql
      518  02-16-2014 12:10   database/import_postgresql.sql
      518  02-16-2014 12:10   database/import_sqlserver.sql
     9970  02-16-2014 12:10   i18n/clientcontrol_i18n.properties
    21675  02-16-2014 12:10   i18n/clientcontrol_i18n_cs_CZ.properties
    20526  02-16-2014 12:10   i18n/clientcontrol_i18n_es.properties
    18680  02-16-2014 12:10   i18n/clientcontrol_i18n_fr.properties
    20470  02-16-2014 12:10   i18n/clientcontrol_i18n_pt_BR.properties
    23402  02-16-2014 12:10   i18n/clientcontrol_i18n_zh_CN.properties
    22379  02-16-2014 12:10   lib/commons-fileupload-1.0.jar
    55527  02-16-2014 12:10   lib/plugin-clientControl-jspc.jar
    37248  02-16-2014 12:10   lib/plugin-clientControl.jar
      814  02-16-2014 12:10   logo_large.gif
      592  02-16-2014 12:10   logo_small.gif
     2074  02-16-2014 12:10   plugin.xml
     4225  02-16-2014 12:10   readme.html
      636  02-16-2014 12:10   web/WEB-INF/web-custom.xml
     3964  02-16-2014 12:10   web/WEB-INF/web.xml
     2674  02-16-2014 12:10   web/images/certificateimg_error.gif
     2673  02-16-2014 12:10   web/images/certificateimg_warning.gif
     1049  02-16-2014 12:10   web/images/client-icon_adium.gif
      552  02-16-2014 12:10   web/images/client-icon_exodus.gif
     1033  02-16-2014 12:10   web/images/client-icon_ichat.gif
      363  02-16-2014 12:10   web/images/client-icon_jbother.gif
       94  02-16-2014 12:10   web/images/client-icon_pandion.gif
      592  02-16-2014 12:10   web/images/client-icon_pidgin.gif
      687  02-16-2014 12:10   web/images/client-icon_psi.gif
      591  02-16-2014 12:10   web/images/client-icon_spark.gif
      996  02-16-2014 12:10   web/images/client-icon_trillian.gif
      546  02-16-2014 12:10   web/images/icon_error.gif
      237  02-16-2014 12:10   web/images/icon_help_14x14.gif
      415  02-16-2014 12:10   web/images/icon_warning-small.gif
      538  02-16-2014 12:10   web/images/icon_warning.gif
      645  02-16-2014 12:10   web/images/mac.gif
       51  02-16-2014 12:10   web/images/reports_selected-arrow.gif
     1015  02-16-2014 12:10   web/images/win.gif
      241  02-16-2014 12:10   web/images/zip.gif
     7006  02-16-2014 12:10   web/style/style.css
---------                     -------
   274964                     57 files

Unable to start MySQL service. Another MySQL daemon is already running with the same UNIX socket

Š•verything happens for the first time ever.

Today, first time I have seen such MySQL service error during start: Unable to start MySQL service. Another MySQL daemon is already running with the same UNIX socket.

First item to check: main MySQL service log /var/log/mysqld.log and main configuration file /etc/my.cnf

Then I have found nice KB article on Rackspace: http://kb.parallels.com/en/119334

It has helped me to solve this problem.

I have runned command to kill all possible running MySQL daemons:

# killall -9 mysqld_safe mysqld

And then I have made changes below to MySQL service startup script /etc/init.d/mysqld:

# cp -fv /etc/init.d/mysqld /etc/init.d/mysqld.orig
# diff -c /etc/init.d/mysqld.orig /etc/init.d/mysqld

+       # We check if there is already a process using the socket file,
+       # since otherwise this init script could report false positive
+       # result and mysqld_safe would remove the socket file, which
+       # actually uses a different daemon.
+       if fuser "$socketfile" &>/dev/null ; then
+           echo "Socket file $socketfile exists. Is another MySQL daemon already running with the same unix socket?"
+           action $"Starting $prog: " /bin/false
+           return 1
+       fi

-       if [ -S "$socketfile" ] ; then
-           echo "Another MySQL daemon already running with the same unix socket."
-           action $"Starting $prog: " /bin/false
-           return 1
-       fi

Then I have started MySQL server using command:

# /etc/init.d/mysqld start

There is another method to fix problems with MySQL server error:
Another MySQL daemon already running with the same unix socket

Run command:

# rm -fv $(grep socket /etc/my.cnf | cut -d= -f2) && /sbin/service mysqld start

Both of methods listed above has solved MySQL issues for me.