Practical VMware ESX training municipality Peel en Maas

This week I had 3 people form the municipality Peel en Maas for a VMware ESX 3 training. The just introducted VMware.
Unfortunally I had to leave the last day at noon but it where 3 nice day’s and we laught a lot.
So Ben, Marion and Gerrian until next time!

categories Uncategorized | February 26, 2010 | comments Comments (2)

Early bird registration Novell Brainshare Amsterdam

no images were found

The time is finally there! Now we can register for the early bird of Novell Brainshare Amsterdam. The early bird price is EUR 695,- and end at 16 april 2010. After the early bird the price will be EUR 800,-.

As I posted in a previous post, Brainshare Amsterdam will be in the Passenger Terminal in Amsterdam.

So if you want to register? Click this link and maybe will will see each othter on 18 until 21 may in Amsterdam!

categories Novell | February 8, 2010 | comments Comments (0)

Securing your Groupwise Post Office with SSL

By default your connection with your Groupwise Post Office (POA) isn’t secure. With the ‘normal’ Groupwise protocol who connects at TCP 1677 this isn’t a really big problem because normally this protocol is only used on your internal LAN. But what if you want to sync your mobile device with for example IMAP or POP. These protocols aren’t by default secure. This can be a problem when you connect over the internet.

So how can we secure our POA using SSL? For this we have 2 options. We can use a so called self-signed certificate or we can use a certificate signed why a external Certificate Authority.

In this example we’re going to use a self-singed certificate. The disadvantage of this is that you have to except the certificate every time the certificate is used. Most system have a option to import the certificate ones, so you don’t get that question any more.

  1. Go into Yast | Security and Uses | CA Management
  2. Select the default CA you create during installation and click on Enter CA
  3. You are asked for the CA password. This is the root password used during installation.
  4. Click on the certificates tab and select the server certificate for this server
  5. Click on Export | Export to file
  6. Select Certificate and the Key Encrypted in PEM Format
  7. Provide the password and path where you want to save the .pem file and click on Ok.
  8. Close Yast and go to the directory where you save the .pem file
  9. Open the file with a text editor like gedit
  10. Select the part that starts with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–
  11. Open a new text file and copy the content you selected in step 10.
  12. Save the file as a .crt file
  13. Go back to the .pem file and select the part that starts with —–BEGIN RSA PRIVATE KEY—– and ends with —–END RSA PRIVATE KEY—–
  14. Save this part in a .key file

Ok so now we have a self-singed certificate file. The next step is to use this file in our Groupwise Postoffice.

  1. In ConsoleOne open the POA object
  2. In the Groupwise tab goto SSL setting
  3. Here you have to provide the .crt and .key file
  4. Click on Set Password to provide the password you use for the export
  5. Click on Ok and make sure your POA restarts

After this your POA can use SSL. Now we have to enable for example IMAP to use SSL.

  1. In ConsoleOne open the POA object
  2. On the Groupwise tab goto Network Address and select under SSL behind IMAP required. This make sure you only can use IMAP with SSL.
  3. Goto to Agent Setting and enable IMAP.
  4. Restart your POA

Now we can use IMAP with SSL.

categories Uncategorized | February 5, 2010 | comments Comments (0)

Securing your Apache webserver with a certificate from godaddy.com

Most of you people probably run a webserver for example a webaccess server. Apache default uses a self-singed SSL certificate who is created during installation of Apache.
Disadvantage is that when people access you secure website they get a error that the certificate cannot be validated because of a untrusted Certificate Authority (CA). This does not mean the site isn’t secure, you know that, I know that, but for normal users it looks that you company doesn’t have a secure site.
In Internet Explorer 8 there is a new security feature who is enabled by default that for every new windows what is opened the user has to accept the certificate. This is really annoying with for example a webaccess where you open a Email in a new Window. By the way with Firefox you don’t have this problem after you ones accepted the certificate during a session.

So how can we solve this? Simple by getting a valid SSL certificate. So I looked how to implement a certificate provided from Godaddy.com.
I chose a so called “Standard (Turbo) SSL for 1 Year who costs around 27 dollars a year.

In this post I assumed you all ready have a working Apache with a self-signed SSL certificate who we are going to replace.

Step 1 is to create a certificate request from the webserver. Log in a root and give the command:

openssl genrsa -des3 -out server.key 2048

You are asked for a pass phrase. This is to encrypted this private certificate.

Step 2 is to create a request file who you are going to use to get a valid certificate. Give the command:

openssl req -new -key server.key -out server.csr

You are asked a couple of questions, make sure that where Common Name is asked you provide the FDN for your website.

#openssl req -new -key blog.wilmsenit.nl -out blog.wilmsenit.nl.csr
Enter pass phrase for blog.wilmsenit.nl:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:NL
State or Province Name (full name) [Some-State]:NB
Locality Name (eg, city) []:Eindhoven
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WilmsenIT
Organizational Unit Name (eg, section) []:IT Department
Common Name (eg, YOUR name) []:blog.wilmsenit.nl
Email Address []:info@wilmsenit.nl

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:WilmsenIT

Now you have a so called .csr file who we are going to use for the request of our certificate.

Go to the Godaddy website a buy the certificate. When you have bought the certificate you can go to the SSL page and click on the certificate. Now you are asked for the the content of the csr file we created. Just do a cat of the file and copy paste the content into the screen. After this follow the instructions on the screen.

Now your request is pending. After a while (this can take 2 until 24 hours) a email will be sent to the administrator of the domain where we requested the SSL certificate for. You can check this on every WHOIS database. In this Email a validation link is provided. If you click on that link you accepted the request for the certificate.
After validation you can download the certificate file. When doing so, you are asked where you want to use this certificate. In our case Apache.
In the zip file we have downloaded are to files:

  • server.crt
  • gd_bundle.crt

Copy these files to /etc/apache2/ssl.crt
We also have to copy the server.key file we created earlier to /etc/apache2/ssl.key
Now we have to adjust the vhost-ssl.conf file in /etc/apache2/vhost.d for using these files.
Make sure the following lines look like:

  • SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
  • SSLCertificateChainFile /etc/apach2/ssl.crt/gd_bundle.crt
  • SSLCertificateFile /etc/apache2/ssl.crt/server.crt

Save the file and restart your apache by /etc/init.d/apache2 restart

You are asked for the pass phrase we entered earlier in this section. This is because of security reasons. If you don’t want to provide this pass phrase do the following:

  1. Go to /etc/apache2/ssl.key directory
  2. save the original file: cp server.key server.key.org
  3. Give the command: openssl rsa -in server.key.org -out server.key
  4. restart your apache

Now you don’t have to provided the pass phrase any more.

categories Novell | January 28, 2010 | comments Comments (18)

Single Sign On Novell Client for VMware View

If you use the Novell on a Widows Virtual Machine that’s going to be used for VMware View, you don’t want your user to login twice.
First for VMware View and after that for the Novell Client. If you only use a Windows Client this is done by VMware View. For Novell we have to make some registry changes.

This is taken from the Novell Client  Documentation pages:

1. Click the Start button, then type regedit.exe in the Start Search field.
2. Press Enter to open the Registry Editor.

3. Navigate to HKEY_LOCAL_MACHINESOFTWARENovellLogin, then add the following:

  • Value Type=REG_SZ, Name=TSClientAutoAdminLogon, Data=1
  • Value Type=REG_SZ, Name=DefaultLoginProfile, Data=name of profile to use Typically, the profile policy name is Default.

4. Close the Registry Editor.

In Novell menu:

Advanced Login:
Computer Only Logon Default: Never
Login Windows password synchronisation: Off
Login with Non-Novell Credential Provier: On
Novell Logon: On
Prompt for Novell login during Windows AutoAdminLogon

LDAP Contextless Login:
Enable LDAP Contextless Login: On
Trees: [TREE NAME]
Servers: [SERVER NAME]

categories Novell, VMware | January 25, 2010 | comments Comments (0)