POUWIEL|COM

JeroenPouwiel

OraPKI :: wallets and certificates

[14:32:28_JEROEN_db_name@SERVER1] TST
SQL> SELECT * FROM V$ENCRYPTION_WALLET;

WRL_TYPE             WRL_PARAMETER                    Status                         WALLET_TYPE          WALLET_OR FULLY_BAC     CON_ID
-------------------- -------------------------------- ------------------------------ -------------------- --------- --------- ----------
FILE                 /ora/admin/db_name/wallet        OPEN_NO_MASTER_KEY             UNKNOWN              SINGLE    UNDEFINED          0
 
server1.pouwiel.com(db_name):/home/oracle>mkstore -wrl "/ora/admin/db_name/wallet/" -create --passwd:*****
server1.pouwiel.com(db_name):/home/oracle>orapki wallet add -wallet /ora/admin/db_name/wallet -cert /tmp/server2_trusted_cert.crt -trusted_cert -pwd "*****"
server1.pouwiel.com(db_name):/home/oracle>orapki wallet add -wallet /ora/admin/db_name/wallet -cert /tmp/server3_trusted_cert.crt -trusted_cert -pwd "*****"
server1.pouwiel.com(db_name):/home/oracle>orapki wallet display -wallet /ora/admin/db_name/wallet -pwd "*****"
server1.pouwiel.com(db_name):/home/oracle>orapki wallet remove -wallet "/ora/admin/db_name/wallet/" -dn 'CN=db_name,C=NL' -user_cert -pwd "*****"
server1.pouwiel.com(db_name):/home/oracle>orapki wallet remove -wallet "/ora/admin/db_name/wallet/" -dn 'CN=db_name,C=NL' -trusted_cert -pwd "*****"
server1.pouwiel.com(db_name):/home/oracle>orapki wallet remove -wallet /ora/admin/db_name/wallet -dn 'CN=db_name,C=NL' -cert_req -pwd "*****"


server1.pouwiel.com(db_name):/home/oracle>orapki wallet add -wallet /ora/admin/d/wallet -dn 'CN=db_name,C=NL' -keysize 2048 -self_signed -validity 3650 -pwd "*****"                                                                <
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

server1.pouwiel.com(db_name):/home/oracle>orapki wallet display -wallet /ora/admin/db_name/wallet -pwd "*****"
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:
User Certificates:
Subject:        CN=db_name,C=NL
Trusted Certificates:
Subject:        CN=server3.pouwiel.com,OU=Apx,O=AH,L=Amsterdam,ST=Netherlands,C=NL
Subject:        CN=db_name,C=NL
Subject:        CN=server2.pouwiel.com,OU=Apx,O=AH,L=Amsterdam,ST=Netherlands,C=NL
server1.pouwiel.com(db_name):/home/oracle>orapki wallet export -wallet /ora/admin/db_name/wallet -dn 'CN=db_name,C=NL' -cert /tmp/db_name.txt -pwd "*****"
Oracle PKI Tool : Version 12.1.0.2
Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

server1.pouwiel.com(db_name):/home/oracle>lr /tmp/db_name.txt
-rw-------. 1 oinstall 990 Apr  6 14:28 /tmp/db_name.txt
server1.pouwiel.com(db_name):/home/oracle>cat /tmp/db_name.txt
-----BEGIN CERTIFICATE-----
MIICsDCCAZgCAQAwDQYJKoZIhvcNAQEEBQAwHjELMAkGA1UEBhMCTkwxDzANBgNVBAMTBmFwYWNo
ZTAeFw0xNzA0MDYxMjI3MzBaFw0yNzA0MDQxMjI3MzBaMB4xCzAJBgNVBAYTAk5MMQ8wDQYDVQQD
EwZhcGFjaG%wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZVNvKVj5pNfZQ9GAOILdg
dVTEgQf74+vyCKA7bq8uE3ooKFWIF+0z67zYScvgl0U6B4q02&h7Zj3I1/Z4E750Ss7H1i5Y9LgY
6kMF9+lhlctWmkiWTcco3yd47Xl+exmKVb1CLEG1234567890ZVoGG8Xvc6pSdm7/jInBnshUdTb
KJLDGcv4LAaS3s4mStr4at_aBcRK+s7sbcqBXf7vXLb9GBEeip8UZK5DgqrO++i7wzbT5AW4yOXP
CfeYwHbgdsyMO2eRrRvAcEULN4YTa6yOxz1FkxjrCI9UEFnuUM5/0NFmLu+Zff0iOCinDpjf6lCE
5Q1xt6P1cJHIfzr/AgMBAAEwDQYJKoZIhvcNAQEEBQADggEBAJczBLirU2m7tjAIkUgg8gDAKlgn
uabXCRjmaCBg18QOHWEF7W:EFINsejCq74NJmj45jMayrdsy+Tpa71+p80U6ojFPuO7EjqPWTFab
aCWOWNKAkE0h2402Bq8ysw4DE/GDdHbjGAxu2m3WvFPoRo3yd47XlNLuBAxu2m3WvFPoRaLXZ9Al
72pJXwrq7e4?K/zpDAQ976JT+7x6xsM9GODtNYrrJwHzH0ocSuFWNs5SvHdVBe#Y6fJPMyEH7qQR
D6Oh634ZBHtybrSeU6BAYq/U9kevrr5CP7+TkZA4EAhYu@Ifvh6b/yN2do0WwEjTWrGyERU6EVSD
tU0UZBbewCI=
-----END CERTIFICATE-----

bb_name

iDRAC6 – virtual console :: connection failed

Somehow, from somewhere, my virtual console stopped connecting. The java console showed the following messages:
Missing Application-Name manifest attribute for: https://***.***.***.***:443/software/avctKVM.jar
jan 18, 2017 3:41:48 PM java.util.prefs.WindowsPreferences
WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0x80000002. Windows RegCreateKeyEx(…) returned error code 5.
01/18/2017 03:41:49:004: Starting client.
====setPowerMenuStatus: (##2)
01/18/2017 03:41:51:018: Connection failed.

Pretty cryptic, huh!? And good luck trying to find a solution through google…
Of course, mine was the case: “..but it worked last week!”
Than I remembered, that I had installed HitmanPro.Alert. Could it be… No! surely not.

Well, of course it was and don’t call me Shirley!

Using the advanced interface, under “Risk reduction”, click the icon that looks like fusion between the CMD and network share icon. This is the “Network lockdown – command-and-control” option. When this is active, connection to/via the virtual console is prohibited.

HYPER-V | Working without the Local Security Policy snap-in

When working with Windows Server products any security setting can be altered by using the local security policy.
Enter HYPER-V server core.

Because I’m just meddling around with it, I definitely want to be able to use it on a as much as TeleTubby level as possible. Queue Josip Medved. Following his post:
Run this on a server where the configuration already meets your requirements or where you can edit the file created in the code below:
secedit /export /cfg X:\new.cfg


The task has completed successfully.
See log %windir%\security\logs\scesrv.log for detail info.

When needed, edit the part below:
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 39
MinimumPasswordLength = 0
PasswordComplexity = 1
PasswordHistorySize = 0
...

In this case you’d want to set the PasswordComplexity to 0.
Move the file to your HyperV server and run the following code:
secedit /configure /db C:\Windows\security\new.sdb /cfg X:\new.cfg /areas SECURITYPOLICY


The task has completed successfully.
See log %windir%\security\logs\scesrv.log for detail info.

Worked for me!

## Update::
OR!..
You can just
cmd::> gpedit.msc /gpcomputer: remote-computer
powershell::> Invoke-Command -ComputerName FQDN-of-computer {gpupdate /force}

Also works very nice and isn’t that cumbersome.

Error when installing CPU Jan 2011 – 8836671 & OUI-67294

Error when installing CPU, could Oracle be more cryptic ?!? Read the rest of this entry »

DR project after my heart

Now this is how you exercise a Disaster/Recovery test

source: click

FGA

Use FGA to simulate a parallel export in Oracle8: Read the rest of this entry »

Group Policy Object Editor

Quite a mouthfull to refer to something that takes privileges away or adds them.
I needed/wanted to take the “System shutdown” privileges away from my kids on my computer, once in a while i might be downloading something that might otherwise take unnecassary longer.
Read the rest of this entry »

Log in as root from other than /dev/console

Edit /etc/default/login with your editor (probably vi). Navigate to the line which reads
Read the rest of this entry »

Solaris + MD5

Whadda ya’ know, Solaris doesn’t come shipped with MD5 but (!) using digest, you can come a long way:
Read the rest of this entry »

Categories