Did I missed anything during this?
I am running a this command from command prompt in Windows 7 to create a certificate but it is showing a syntax error.
Command I ran:
makecert.exe "c:\1\Test.cer" -a sha1 -n "CN=AppGuid" -sr LocalMachine -ss My -sky signature -pe -len 2048
Output I got:
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Basic Options
-sk
-ss
-sr
.
.
.
Did I missed anything during this?
Well, as you can see from the format it says MakeCert [basic] [output file].
The last item in your command is not the output file, so theres one thing wrong. As for the rest, I would assume that "C:\1\test.cer" is not an option, so that is probably wrong too.
Related
I have the need to start a java rest server with concourse that lives on an Ubuntu 18.04 machine. The version of concourse my company uses is 5.5.11. The server code is written in Java, so a simple java -jar <uber.jar> suffices from the command line (see below). In production, I will not have this simple luxury, hence my question.
I have an scp command working that copies the .jar from concourse to the target Ubuntu machine:
scp -i /tmp/key.p8 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ./${NEW_DIR}/${ARTIFACT_NAME}.${ARTIFACT_FILE_TYPE} ${SRV_ACCOUNT_USER}#${JAVA_VM_HOST}:/var/www
Note that my private key is passed with -i and I can confirm that is working.
I followed this other SO Q&A that seemed to be promising: Getting ssh to execute a command in the background on target machine
, but after trying a few permutations of the suggested solution and other answers, I still don't have my rest service kicked off.
I've tried a few permutations of this line in my concourse script:
ssh -f -i /tmp/pvt_key1.p8 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${SRV_ACCOUNT_USER}#${JAVA_VM_HOST} "bash -c 'nohup java -jar /var/www/${ARTIFACT_NAME}.${ARTIFACT_FILE_TYPE} -c \"/opt/testcerts/clientkeystore\" -w \"password\" > /dev/null 2>&1 &'"
I've tried with and without the -f and -t switches in ssh, with and without the file stream redirection, with and without nohup and the Linux background ('&') command and various ways to escape the quotes.
At the bash prompt, this line successfully starts my server. The two switches are needed to point to the certificate and provide the password:
java -jar rest-service.jar -c "/opt/certificates/clientkeystore" -w "password"
I really think this is possible to do in Concourse, but I'm stuck at this point.
After a lot of trial an error, it seems I needed to do this:
ssh -f -i /tmp/pvt_key1.p8 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${SRV_ACCOUNT_USER}#${JAVA_VM_HOST} "bash -c 'sudo java -jar /var/www/${ARTIFACT_NAME}.${ARTIFACT_FILE_TYPE} -c \"/path/to/my/certificate\" -w \"password\" > /var/www/log.txt 2>&1 &'"
The key was I was missing the 'sudo' portion of the command. Using nohup as opposed to putting in a Linux bash background indicator ('&') seems to give me an error in the pipeline. This works for me, but others are welcome to post responses with better answers or methods that might be a better practice.
Running win8.1 rtm (MSDN). I've downloaded the sdk to
'C:\Users\foo\Downloads\Windows Kits\8.1\StandaloneSDK'.
No errors the first time I ran it ... attempting to re-run tells me all features are uptodate. I've re-booted.
Attempting to execute the makecert tool:
makecert -sky exchange -r -n "CN=myDevLaptop" -pe -a sha1 -len 2048
-ss My "myDevLap.cer"
and get:
makecert : The term 'makecert' is not recognized as the name of a
cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path
is correct and try again.
Suspect that the path's length is preventing further appendage.
I believe I'm going to need to cull my path a bit. The following explicitly entered path solved the original problem.
set-location 'C:\Program Files (x86)\Windows Kits\8.1\bin\x64\'
makecert -sky exchange -r -n "CN=myDevLaptop" -pe -a sha1 -len 2048 -ss My "myDevLap.cer"
I've been working on a Powershell script for a little while, which is designed to be used both by me personally (on my local machine) and by other people both in my domain and outside of it.
The problem is, when someone other than me tries to run the script, they're greeted with the following error:
The file C:\my_script.ps1 cannot be loaded. The execution of scripts is disabled on this system. Please see "Get-Help about_signing" for more details.
I thought I had taken care of this by changing the policy on the other employee's workstation to allow remotesigned within the script itself, but according to this link, I'll need something a bit more robust.
Since the idea is to allow this to run, self-contained, on both internal and external machines, I'd rather not force the script to change things to unrestricted. Are there other options? Could I wrap this up in some other way (one person recommended a .NET container) project or something to allow it to run cleaner and be more self-contained?
I'm not sure I understand your problem. You can use makecert on the machine where you wan't to execute the script:
#echo off
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr LocalMachine
pause
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
then, sign your script:
$cert = #(Get-ChildItem cert:CurrentUser\My -codesigning)[0]
Set-AuthenticodeSignature <your script path> $cert | Out-Null
The "self containing" part shouldn't be a problem.
I'm trying to make a certificate for testing and I am using this site How to: Create Your Own Test Certificate as a tutorial on how to but when it comes time to enter in the password after you create the password it says failed in the command prompt why is that?
What I've done:
First, I open a command prompt and type in:
cd C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin
Second, I type in
makecert -sv myPrivateKeyFile.pvk -n "TestCert" myCertFile.cer -b 01/01/2011 -e 01/01/2015 -r
Then I create the password then enter the password on the sencond pop up box and then it says failed in command prompt
When I enter in this again, the popup is asking for the password pops up first this time, and I enter it in and it says:
Error: CryptCertStrToNameW failed => 0x80092023 (-2146885597)
makecert -sv myPrivateKeyFile.pvk -n "TestCert" myCertFile.cer -b 01/01/2011 -e 01/01/2015 -r
I solved the problem by running the program as an administrator, but I had to change also the name of certificate in a LDAP style like this (CN=...):
makecert -sv myPrivateKeyFile.pvk -n "CN=TestCert" myCertFile.cer -b 01/01/2011 -e 01/01/2015 -r
This was a bit of a shotgun-debug for me. I started with this after reading the makecert guide:
makecert.exe /b 01/01/2014 /e 01/01/2114 /len 256 /m 1200 /n "CN=In-House-Software" /pe /r /sr localMachine Test_Cert.cer
There's two error-causing flaws here:
/e and /m likely are not supposed to overlap; seems kind of obvious, but they didn't document it or create an expressive error message for it.
/len 256 was an invalid value -- too low. This also didn't seem too obvious/documented/expressed in a good error message. 512 did work. I didn't bother finding the floor-value, but by default 1024 is used.
I ended up using this with success:
makecert.exe /b 01/01/2014 /e 01/01/2114 /len 512 /pe /r /n "CN=In-House-Software" /sr localMachine Test_Cert.cer
The reason why I was getting this error is, because I didn't right click on cmd when I ran it. So when you have this problem you need to right click on cmd and then run as administrator and see if that fixes your problem as it did mine.
I also received this error when I specified the CA name for a self-signed cert, in other words, if you specify the '-cy authority' and the '-r' options, then DON'T specify the CA name explicitly in the name via the -n option.
The issue was by the publisher name not starting with "CN=".
This fixed the issue, I didn't need to run as administrator.
For some reason I couldn't run makecert properly from Dropbox folders. So try moving it to a solid disk like C:\ and try again.
I need to encrypt an XML file with a x509 certificate on one computer and be able to decrypt it with the same certificate on another computer. It doesn't seem to work for me like Microsoft suggests:
http://msdn.microsoft.com/en-us/library/ms229744.aspx
The decryption process always fails on another computer!
I create a certificate by using the following command:
makecert -r -pe -n "CN=DEEP_201X" -b 01/01/2011 -e 01/01/2014 -sky exchange -ss my deep.cer
Then I install it by using:
certmgr /add deep.cer /s root
And try to get its private key with the FindPrivateKey.exe utility:
FindPrivateKey My CurrentUser -n "CN=DEEP_201X"
Works great. However, when I perform all the same actions to install the certificate on another computer FindPrivateKey will fail with
No certificates with key 'CN=DEEP_201X' found in the store.
when I use
certmgr /add deep.cer /s my
the error message will be like this:
Unable to obtain private key file name
Could someone please give me a piece of advice on how to make it work?
I suspect that you only need the private key on the decrypting computer.
However...
If you really need the private key on both computers, be aware that The .cer file does not include the private key.
(I think) makecert adds it to the local machine when it generates the cert. You can write it out using the -sv option. Then build a pfx container for the certificate that contains it.
makecert -r -pe -sv myprivatekey.pvk -n "CN=DEEP_201X" -b 01/01/2011 -e 01/01/2014 -sky exchange -ss my deep.cer
pvk2pfx -pvk myprivatekey.pvk -spc deep.cr -pfx deep_private.pfx
I haven't been able to convince certmgr to import private keys from the commandline. Use it in gui mode or use the certmgr.msc snap-in.