Wednesday, 18 October 2017

Certcheck for checking and notifying certificate expiry date

#############################################################################################################
# Description : certcheck will report certificate expiry date for all the URLs that is available in urls.txt#
# Date  : 10/17/2017                                                                                        #
# Ver   : 2.0                                                                                               #
# Ver 1 : 10/17/2017                                                                                        #
# Ver 2 : Added Email Alerts 10/18/2017                                                                     #
# Usage : execute ./certcheck.ksh                                                                           #
#############################################################################################################

EXP_DAYS=90
DATA_FILE_PATH="urls.txt"
OPENSSL="/usr/bin/openssl"
MAILX="/bin/mailx"
EMAILADDRFILE='emails.txt'


function check_expiry {

        DAYS=`echo "(($(date -d "$2" +%s))-$(date +%s))/86400" | bc -l|awk -F'.' '{ print $1 }'`

        if [ $DAYS -lt 0 ]; then
                echo " Certificate already expired $DAYS ago";
        elif [ $DAYS -gt 0 -a $DAYS -lt $EXP_DAYS ] ; then
                echo " Certificate renewal due in $EXP_DAYS Days - Sending Email Alert";
                EMAIL_ADDRS=`cat $EMAILADDRFILE`
                echo " $EXP_DAYS Days certificate expiry notice for $1"|$MAILX -s "IMPORTANT ${1} - Certificate will expire in $EXP_DAYS Days"  $EMAIL_ADDRS
        else
                echo "   Certificate expires in $DAYS days"
        fi
}

cat $DATA_FILE_PATH|grep -v '#' |while read SERVERNAME
do
         if [ $(echo $SERVERNAME|grep ":" | wc -l) -eq 1 ]; then
           echo -n $SERVERNAME" "
           DATESTR=`(echo | $OPENSSL s_client -connect $SERVERNAME 2>/dev/null | $OPENSSL x509 -noout -enddate|sed 's/notAfter=//g') | awk -F' ' '{ print $1" "$2" "$4 }'`
        else
          echo -n ${SERVERNAME}:443 " "
           DATESTR=`(echo | $OPENSSL s_client -connect $SERVERNAME:443 2>/dev/null | $OPENSSL x509 -noout -enddate|sed 's/notAfter=//g' ) | awk -F' ' '{ print $1" "$2" "$4 }'`
         fi
        echo -n $DATESTR
        check_expiry "$SERVERNAME" "$DATESTR"
done

Saturday, 22 July 2017

PHP OCIi 12c XAMPP Configuration


Resolve it by following these steps:
Make sure you download and install Oracle instantclient at: http://www.oracle.com/technetwork/topics/winsoft-085727.html, but note:
  1. Take note of your Oracle database version; use Version 12.1.x for Oracle Database 12c and Version 11.1.x for 11g releases.
  2. In either case, make sure you download the Basic Lite version of the Oracle instantclient.
After that, do add the location of your Oracle instantclient to your System variable Path under your Environment Variables. Do equally ensure that you have both the PHP of your xampp and its extavailable and set there as well (if not, do add them).
Then, proceed to add a new System variable with TNS_ADMIN as a variable name and the location to Oracle instantclient as the variable value.
Also, define your User variables PATH with the same the location to Oracle instantclient as value.
After this stage, restart your computer for a full propagation of the newly defined environment variables.
Once on, you may open your Windows Command Prompt and run where oci* to ensure that you had your environment variables well defined; the response should look like this:
C:\Users\flex>where oci*

C:\oraclexe\app\oracle\product\11.2.0\server\bin\oci.dll
C:\oraclexe\app\oracle\product\11.2.0\server\bin\ocijdbc11.dll
C:\oraclexe\app\oracle\product\11.2.0\server\bin\ocijdbc11.sym
C:\oraclexe\app\oracle\product\11.2.0\server\bin\ociw32.dll
C:\instantclient_11_2\oci.dll
C:\instantclient_11_2\oci.sym
C:\instantclient_11_2\ocijdbc11.dll
C:\instantclient_11_2\ocijdbc11.sym
C:\instantclient_11_2\ociw32.dll
C:\instantclient_11_2\ociw32.sym
If not, you must have missed something and need to revisit the process, ensuring to completing it effectively.
You may now proceed to your php.ini file (provided environment variables are well defined) and enable your oci extensions (php_oci8.dll and php_oci8_11g.dll) by uncommenting them; you can achieve that by simply removing the semi column (;) before the said extensions.
Do remember to save your php.ini file, then, restart or start your Apache if it isn't already running.
To check your PHP oci8 configurations are enabled, you may go back to your Windows Command Prompt and run: php --ri oci8; the response should be similar to the one below:
C:\Users\flex>php --ri oci8

OCI8 Support => enabled
OCI8 DTrace Support => disabled
OCI8 Version => 2.1.1
Revision => $Id: 86f22a208f89dcd5b305e82929a7429683968b11 $
Oracle Run-time Client Library Version => 11.2.0.4.0
Oracle Compile-time Instant Client Version => 10.2

Directive => Local Value => Master Value
oci8.max_persistent => -1 => -1
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20
oci8.default_prefetch => 100 => 100
oci8.old_oci_close_semantics => Off => Off
oci8.events => Off => Off

Statistics =>
Active Persistent Connections => 0
Active Connections => 0
Alternatively, you can create a PHP file with as<?php phpinfo(); ?> content, then open it in your browser and search for oci8 occurrences; it should show enabled there as well.

Saturday, 1 April 2017

Workforce 17.x Certificate Installation Procedure.

1) Create a Certificate Request

keytool -genkeypair -v -alias '<hostname>' -keyalg 'RSA' -keysize 2048 -validity 1825 -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password>

CN = <hostname> -> use the servername as CN (important)
OU = OrgUnit
O = Org
L = Altamonte
S = Florida
C = US

2) Generate NEW CSR Request
keytool -certreq -alias '<hostname>' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password>

-----BEGIN NEW CERTIFICATE REQUEST-----

4Q3Jxb63U9VMpqjGwU54o1cX6sJOpWgpxT5cpgP9tkf8ovV0jmvE3XhGztG1qDlYyov2J8/fMySJ
EUkC8nIKJHV9O/yM0jHZnhpjn1b+dwq8lE92sGz1DDNBDFJp73tnV3OgqOIn12wTro70wpHrao/h
t5LrmRfngtvt+6Bpsa/V7KOpCTXyYKe/OLcYB5r4OsliPUoNijXoIO+018U/3GwW7KP+NYc=
-----END NEW CERTIFICATE REQUEST-----

Once you have this key, save this to notepad and request for a signed key to   (Create a Service Request)

3) These are the intermediate certificates mandatory for your organization to be imported

keytool -importcert -alias 'ahsca' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/newAffirmTrust_OV1.cer'
keytool -importcert -alias 'AffirmTrustOV1' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/newAffirmTrust_OV1.cer'

4) Once you have the signed key from Step 2. Use the following command to import the key into Keystore

keytool -importcert -alias '<hostname>' -keystore '/u01/wforce/TST/17.0/workforce.keystore' -storepass <password> -file '/u01/wforce/TST/17.0/<hostname>.p7b'

5) Once you have the key imported. Use the following command to convert the signed key into PK12 format as workforce will need to be in this format

keytool -importkeystore -srckeystore '/u01/wforce/TST/17.0/workforce.keystore' -destkeystore '/u01/wforce/TST/17.0/<hostname>.p12' -srcstoretype JKS -deststoretype PKCS12 -srcalias 'lkmvwtabsdev21' -srcstorepass <password> -srckeypass <password> -deststorepass <password>

6) Use the ant command to import the certificate back in the keystore

./ant importTomcatCertificate -Dcertificate.file=/u01/wforce/TST/17.0/<hostname>.p12 -Dcertificate.pass=<password> -Dkeystore.alias=<hostname>


7) Important Step.

cat /u01/wforce/TST/17.0/catalina_base/conf/server.xml |grep keyAlias -A2 -B2

     keystoreFile="/u01/wforce/TST/17.0/workforce.keystore"
     keystorePass="<password>" algorithm="SunX509"
            keyAlias="<hostname>"                         <---- Change to <hostname> as shown
            compression="on"
            compressionMinSize="2048"

8) bounce back the Empcenter Services

/u01/wforce/TST/17.0/wfsctl restart