Here I considering ESP IPSEC with authentication based on certificate between two peer.
1. use the following command to generate private key and certificate request
openssl req -new -nodes -out req.pem -keyout cert.pem
here cert.pem is the private key and req.pem is the certificate request
2. Get this certificate signed by some certificate authority (CA) using the following commands
openssl x509 -req -days 365 -in certs/req.pem -CA cacert.pem -CAkey private/cakey.pem -CAcreateserial -outform PEM -out certs/mycert.pem
3. Now put both the certificate as well as CA public certificate in the directory specified in racoon.conf file give the following commands
ln -s CA.crt `openssl x509 -noout -hash -in CA.crt`.0
4. Start racoon
ref :http://www.fefe.de/racoon.txt
Monday, October 18, 2010
Wednesday, October 13, 2010
How to install a package in freeBSD
1. Usually freeBSD provides a ports for many packages. So just search for a port using the following commands
whereis
this may give out like this /usr/ports/.....
now just change the directory to the above directory and give commands
make install clean
for removing make deinstall clean
if you having package tar file in /usr/ports/distfiles/ then fine you are done otherwise freeBSD will try to connect to internet. If you are not connected to internet just download the package (note the version number required) manually and put it in /usr/ports/distfiles
2. If no port is available for the desired package. Then use the following commands
pfg_add
for removing pkg_delete
good luck
whereis
this may give out like this /usr/ports/.....
now just change the directory to the above directory and give commands
make install clean
for removing make deinstall clean
if you having package tar file in /usr/ports/distfiles/ then fine you are done otherwise freeBSD will try to connect to internet. If you are not connected to internet just download the package (note the version number required) manually and put it in /usr/ports/distfiles
2. If no port is available for the desired package. Then use the following commands
pfg_add
for removing pkg_delete
good luck
Tuesday, August 17, 2010
How to make servlet relaodable in tomcat server
During development phase it as advisable to make servlet reloadable as one need not to restart the tomcat server after making any changes in servlet.
For doing this edit Context.xml file in Conf dir of tomcat and put a line in header
as relaodable="true" restart the tomcat server
upto tomcat 5.5 this holds true.
For doing this edit Context.xml file in Conf dir of tomcat and put a line in header
as relaodable="true" restart the tomcat server
upto tomcat 5.5 this holds true.
Wednesday, August 11, 2010
How to create a new user after initializing a database for first time
Do the following :
su -
su - poatgres
createuser -d //-d give user to permission to create a new database
exit
after that you may create a database which is owned by above user
createdb -O
then you may dump a database owned by the above mentioned user
hopes this will work. Good luck
su -
su - poatgres
createuser -d
exit
after that you may create a database which is owned by above user
createdb -O
then you may dump a database owned by the above mentioned user
hopes this will work. Good luck
~org.postgresql.util.PSQLException: Connection rejected: FATAL: Ident authentication failed for user "username"
This occur when user have not sufficient permission to access the database
to avoid this problem to happen modify the pg_hba.conf file as per detail given below
# TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 127.0.0.1/32 trust
hopes this will work.
Good luck !!
to avoid this problem to happen modify the pg_hba.conf file as per detail given below
# TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 127.0.0.1/32 trust
hopes this will work.
Good luck !!
Tuesday, July 27, 2010
How to reset cisco router to factory default
Follow the following steps if you are already logged in
- go to global configuration mode and enter the following commands
- config-register 0x2142
- reload
System configuration has been modified. Save? [yes/no]:n
Proceed with reload? [confirm]y
now after rebooting change config-register value to
0x2102 now save the configuration and reboot
If you have forget password connect to the router using console
and start router press CTRL+BREAK
go to rommon mode type config-register 0x2142 and reset
After rebooting router change the config-register value to 0x2102
Wednesday, July 21, 2010
How to make cisco router as CA server
Here is a sample configuration to make a cisco router as CA server. Enter the following commands in global configuration mode.
- crypto pki server CAname
- issuer-name CN=domainname.com L=location C=country
- grant auto
- lifetime crl 24
- lifetime certificate 200
- lifetime ca-certificate 365
- cdp-url http://ipaddress/CAnamecdp.CAname.crl
- crypto pki trustpoint CAname
- revocation-check crl
- rsakeypair CAname
Subscribe to:
Posts (Atom)