11 Apr

Converting SSL private key to x509 PEM format for Amazon AWS

Are you trying to install your new SSL certificate into AWS for use in an elastic load balancer but keep seeing this pesky error about PEM format:

Please ensure the private key is in PEM format

But you look at your private key and it looks like it’s PEM format already, because it starts with this text and it’s all ASCII readable:

-----BEGIN PRIVATE KEY-----

Well, your private key is not in X.509 PEM format just yet, because it should instead start with this line of text:

-----BEGIN RSA PRIVATE KEY-----

So, to convert it to X509 PEM format and stop all that wrong format guff, run this OpenSSL command (OpenSSL should be already installed on Linux or OSX):

openssl rsa -in yourwebsite_private.key -out pem-yourwebsite_private.key

where “yourwebsite_private.key” corresponds to your newly generated private ssl key and pem-yourwebsite_private.key is the new AWS pem formatted key that you will create.

Now it’s just a matter of uploading your new ssl files. If you’re savvy and are using the AWS CLI, you’ll use something like:

aws iam upload-server-certificate --server-certificate-name yourwebsite --certificate-body file://yourwebsite.crt --private-key file://pem-yourwebsite_private.key --certificate-chain file://yourwebsite_certificatechain.crt

For more information on using SSL certificates with Amazon AWS, see the official documentation:

Hope this helps people out :)

-Pete

29 Mar

Tagging with autoscaling groups

aws_logo

Ever wondered how to configure your autoscale groups to tag the instances they spin up?

I’m not sure this is supported from the AWS Web Console, but here’s how to do it from the command line…

Using the AWS CLI (ensuring the CLI is configured correctly with your auth creds when you set it up,etc) you can simply set your autoscale groups to propagate tags to instances at launch time:

aws autoscaling create-or-update-tags --tags ResourceId="your-autoscale-group",ResourceType=auto-scaling-group,Key="Name",Value="name-for-all-your-instances",PropagateAtLaunch=True --region us-west-2

where “your-autoscale-group” is the name of the ASG you want to affect and “name-for-all-your-instances” is an example of setting the “Name” tag on newly initialised instances belonging to the ASG.

You can however propagate any tags you want to your instances using different Key names.

Happy clouding!

01 Feb

iiNet VOIP with Siemens C470IP

So I recently changed over to iiNet from Internode as my new internet provider. I kept all of my existing hardware, my voip device being the Siemens C470IP which is officially unsupported by iiNet.

After a bit of fiddling, I got it initially to only accept inbound calls on my voip number then with more fiddling I got outbound calls working fine too.

Here’s how to get it working…

First log into the admin panel of your C470IP, the default login pin is 0000 if you haven’t changed it.

If you’re unsure of the ip of your C470IP then you can probably look up the ip on your internet router by viewing connected devices or dhcp list, I won’t cover this here, but if you’re really stuck then use the contact form at the end of this article and I’ll see if I can help you out.

Once you’ve logged into the Gigaset admin panel, navigate over to Settings –> Telephony

Click Edit on one of the IP connections to create a new one.

Click Show Advanced Settings

Connection Name or Number: <your new iinet voip phone number>
Authentication Name: <your new iinet voip phone number>
Authentication Password: <your voip password NOT your broadband password>
Display Name: iinetphone
Domain: iinetphone.iinet.net.au
Proxy Server Address: sip.<STATE>.iinet.net.au
(eg, sip.qld.iinet.net.au)
Registrar Server Port: 5060
Registration Refresh Time: 300 sec

The above will get your inbound calls working and I found that configuring the next setting got my outbound calls working too:

Outbound Proxy Mode: Never

Click the Set button to save it all.

Now test by calling your new number from your mobile. Then call your mobile from your voip phone. If both are working you’re done but for completeness, you might want to reboot all of your voip and internet routers then do both call tests again to ensure it all works after the reboots.

If you still have issues, drop me a line using the contact form.

08 Oct

General Purpose Tomcat Init Script

tomcat

I’ve forked a nice tomcat init script that works quite reliably and added a number of general purpose features to it.
Check the script at github:
https://github.com/geekpete/tomcatscripts/ tomcat.sh

Features/Options include:

  • email notify on tomcat container start up
  • custom port prefix to run more than one tomcat container on the same host/ip
  • RHEL/Fedora chkconfig compatible so you can configure run on startup
  • Lots of handy jvm/tomcat configs with either preconfigured examples or commented out examples

Keen have any feedback on it.
In a future post, I’ll provide a working tomcat example and a possible puppet template variation.