Https query from web application like JSON to the site that needs to add certification exception (the trust) manually. When the user use their own browser to launch a https query to a web site that its certificate is not supported by the standard authorities, the user will be prompted for a permission to accept the certificate as an exception.
For web application server to launch the query, there is no way to prompt the web application to accept the exception, and the default is to reject the untrusted certificate. The web server will complain that the certificate is not found from the keystore for the requested target.
javax.xml.ws.soap.SOAPFaultException
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Now, we have to tell the web server to trust the certificate from the target.
1> Query the target URL by web browser.
2> Download and save the certificate <xxx.pem> from the target.
3> Append the certificate to the keystore
1. cd /usr/java/jdk1.6.0_33/jre/lib/security
2. /usr/java/jdk1.6.0_33/bin/keytool -import -v -trustcacerts -alias <Create your own> -file <filepath/xxx.pem> -keypass
changeit -keystore ./cacerts -storepass changeit
Thursday, 22 August 2013
Tuesday, 13 August 2013
Mounting file system, fstab, mtab
Basic format: mount -t <filesystem type> old_dir new_dir
1> Mounting a directory to another directory to let them access the same content
mount --bind old_dir<directory has content> new_dir<directory designed to access the content>
2> Mounting a device <like CDROM> with no -t parameter, it will let the OS to guess
mount /dev/cdrom /cd
3> NFS
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
/dev/VolGroup00/LogVol01 /data ext3 defaults 1 2
LABEL=/boot1 /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-sda6 swap swap defaults 0 0
172.16.95.93:/var/myApp /logserver-1/var/myApp nfs hard,intr 0 0
4> fstab and mtab
[root@localhost ~]# cat /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
/var/myApp /localserver-1/var/myApp none rw,bind 0 0
There are 3 ways of using fstab.
1> mount -a will cause all the filesystem listed on fstab to be mounted, except those noted as noauto. Adding the -F will make mount fork. Usually it is used by boot scripts.
2> To mount or umount the filesystem mentioned on the fstab, it is sufficed to give only the device or the mount point.
e.g In fstab, /tmp/a /tmp/b none rw,bind 0 0
mount /tmp/a or mount /tmp/b will suffice.
3> Normally, only the superuser can mount file systems. However, when fstab contains the user option on a line, anybody can mount the corresponding system.
1> Mounting a directory to another directory to let them access the same content
mount --bind old_dir<directory has content> new_dir<directory designed to access the content>
2> Mounting a device <like CDROM> with no -t parameter, it will let the OS to guess
mount /dev/cdrom /cd
3> NFS
- /etc/exports specifies the access control of the mounting directory.
/home vale(rw) vstout(rw) vlight(rw)
/usr/X11R6 vale(ro) vstout(ro) vlight(ro)
/usr/TeX vale(ro) vstout(ro) vlight(ro)
/ vale(rw,no_root_squash)
/home/ftp (ro) /var/myApp 172.16.95.17/255.255.255.255(rw,no_root_squash)
Each line defines a directory and the hosts allowed to mount it. Wildcard is allowed (* ?).Range of ip address / network mask can be used to specify the host. If no host is give, any host matches and is allowed to mount the directory.CLI form to mount NFS volume.mount -t nfs nfs_volume local_dir options- /etc/fstab entry of NFS
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
/dev/VolGroup00/LogVol01 /data ext3 defaults 1 2
LABEL=/boot1 /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-sda6 swap swap defaults 0 0
172.16.95.93:/var/myApp /logserver-1/var/myApp nfs hard,intr 0 0
4> fstab and mtab
[root@localhost ~]# cat /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
/var/myApp /localserver-1/var/myApp none rw,bind 0 0
There are 3 ways of using fstab.
1> mount -a will cause all the filesystem listed on fstab to be mounted, except those noted as noauto. Adding the -F will make mount fork. Usually it is used by boot scripts.
2> To mount or umount the filesystem mentioned on the fstab, it is sufficed to give only the device or the mount point.
e.g In fstab, /tmp/a /tmp/b none rw,bind 0 0
mount /tmp/a or mount /tmp/b will suffice.
3> Normally, only the superuser can mount file systems. However, when fstab contains the user option on a line, anybody can mount the corresponding system.
Subscribe to:
Posts (Atom)