Thursday, May 15, 2008

Verisign Class 1 CA Individual Subscriber cert expires

Yesterday, 5/14/2008, we were rudely awakened to errors in our SSL checkout process. Basically, the dialog box that informs a person browsing the website that a problem has occurred showed up. Investigating our IIS 5.0 web servers, we found that none of the SSL certificates had expired. Digging deeper, we then looked at the certificate store on the machine. In the certificate store, we found that the Intermediate Certificate called Verisign Class 1 CA Individual Subscriber certificate had expired. Yuck!


For Windows 2000
We called Verisign and confirmed that the expired certificate was affecting our site. Verisign was able to give us a link to download the latest certificate:
https://knowledge.verisign.com/support/digital-id-support/index?page=content&id=SO6052



We followed the install and verfication instructions to install the cert on each server in the farm. After making those changes, I verified in Firefox that the SSL dialog box no longer appeared. Thank God!

For Windows 2003
Win2K3 was slightly different. We actually needed to make the certificate appear in our Intermediate Certificate list:


This was accomplished by downloading the latest intermediate cert that works with your chosen level of SSL certification from here:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR657

For us, we use Non-EV Premium SSL certificates. So we used that link from the main page. Once we installed them by following the directions on the linked page,
http://www.verisign.com/support/verisign-intermediate-ca/secure-site-pro-intermediate/index.html, we saw the intermediate cert appear (date of 10/24/2011) in the proper certificate store:


Finally, a reset of IIS was needed. Yuk!

Afterword
The one thing I do not have clarity on is exactly what certificates does a typical web server running ASP and ASP.net need to run correctly. I know that there is a hierarchy of certs:
1) Root certificates
2) Root cert signs Intermediate
3) Intermediate signs Personal (www.mysite.com)

We had a similar problem back a couple of years ago and I had been too busy to research the question then. I will try to research it and give an update to this page.

Good luck, folks!
'sodo
Posted by Cacasodo at 9:11 AM 0 comments
Labels: , , ,

Wednesday, April 16, 2008

Ubuntu 7.10 install in VMware Server gotcha

Trying to install Ubuntu 7.10 in VMware Server 1.04, I came upon a lot of these messages as Ubuntu was trying to install itself into the virtual machine's hard drive:
sd 2:0:15:6 rejecting I/O to offline device

Background
A caveat to installing most Linux distributions within VMware Server for XP is that you need to set the SCSI driver to Lsilogic in the configuration file for the virtual machine. The config file will be a file with the extension ".vmx" in the VM's directory. For example, the config file for my Ubuntu install was "Other.vmx"

Solution
Here is the line you need to add to your .vmx file:
scsi0.virtualDev = "lsilogic"

My entire .vmx file ended up looking like this:
config.version = "8"
virtualHW.version = "4"
scsi0.present = "TRUE"
scsi0.virtualDev = "lsilogic"
memsize = "1024"
ide0:0.present = "TRUE"
ide0:0.fileName = "Other.vmdk"
ide1:0.present = "TRUE"
ide1:0.fileName = "auto detect"
ide1:0.deviceType = "cdrom-raw"
floppy0.fileName = "A:"
Ethernet0.present = "TRUE"
displayName = "Ubuntu 7.10"
guestOS = "other"
priority.grabbed = "normal"
priority.ungrabbed = "normal"
ide0:0.redo = ""
ethernet0.addressType = "generated"
uuid.location = "56 4d 32 f1 73 c7 b5 15-26 b3 bf 4b eb 77 4f c6"
uuid.bios = "56 4d 32 f1 73 c7 b5 15-26 b3 bf 4b eb 77 4f c6"
ide1:0.autodetect = "TRUE"
ethernet0.generatedAddress = "00:0c:29:77:4f:c6"
ethernet0.generatedAddressOffset = "0"
numvcpus = "2"


Of course, the line you add may differ if you have more than one SCSI device. Once the line is added, you'll need to restart your virtual machine for the change to take effect.

Good luck!
sodo
Posted by Cacasodo at 12:36 PM 0 comments
Labels: , ,

Tuesday, April 08, 2008

black screen/no video in VLC

I noticed a problem in VLC on XP the other day. While watching a music video, I starting getting sound but no video. I thought it was some sort of display problem, but then tried QuickTime and found I could watch the video in QuickTime. Just to see if it would help, I logged off and back on. Still giving the same problem. I didn't change any settings, so I thought it was a hardware problem. So I shutdown the box and turned it back. Same problem. Argh.

I then realized that it must be some issue with VLC itself, so I started digging through the Settings menu; specifically, Preferences. Looking in Preferences -> Audio with "Advanced options" checked, I saw that "Audio desynchronization compensation" had reset to -10000000! Woah! How did that happen? I reset this value to 0 (zero) and played back my original video. Voila! The video played perfectly.

I don't know what key combination or bug I may have triggered, but that is a wacky one. Hope this helps someone in similar distress.

'sodo
Posted by Cacasodo at 9:40 AM 2 comments
Labels: , ,

Friday, March 21, 2008

authenticated FTP through browser

I always forget the syntax for accessing a password protected FTP site through a web browser

If you know the username and password of the FTP site, you should be able to access the FTP site through your web browser. You need to construct a URL with the following syntax:
ftp://username:password@ftp.ftpsite.com/

For example:
ftp://cacasodo:mypassword@ftp.techanswerguy.com/

Make sure if you are accessing via a proxy server, that FTP is configured in your proxy settings.

'sodo
Posted by Cacasodo at 12:02 PM 0 comments
Labels: ,

Friday, March 07, 2008

recording video off Motorola 6412

I had been wanting to copy some unsecured shows (read: no premium channels, HBO, SHO, MAX, etc) off of my Comcast cable box, a Motorola DCT-6412, for quite some time. I finally got around to trying this out last week by using my MacBookPro and a standard 6-pin male-to-male firewire cable. GXW on http://www.macosxhints.com/ has provided some excellent instructions for doing this.

Requirements
OS X10.4.9 or above
Apple's FireWire SDK (downloadable from Apple's Developer website)
VLC (Video Lan player for Mac) or MPEG Streamclip for playback

Steps
1) connect Mac to Motorola
2) verify physical connectivity via System Profiler
3) connect and verify firewire connection with AVC Browser
4) replay show and grab stream with Virtual DVHS

You'll need Apple's firewire SDK in order to do this. Create a free Apple ADC Online account from here:
http://developer.apple.com/products/

Evaluation
Once I got the SDK installed and verified my connectivity as above (see GXW's fine article for the details), I was able to successfully pull content off of my Motorola 6412 HD cable tuner. However, the way it works is that you have to capture live content as it is playing or replay a stored recording in order to capture it to your Mac. In other words, this method does not allow you to access the hard drive in the STB to get at the stored recordings directly. Therefore, it will take some time if you have a bunch of shows stored in order to replay and capture them to a file.

Hint: Don't fast-forward or reverse while recording a saved program to your Mac's hard drive. This will screw up the audio and video synchronization of the destination file.

I was able to pull both regular (SD) format and HD format content off the Motorola. HD shows are recorded to MPEG-TS (transport stream) format. Also, I just realized I didn't try recording content off of the analog channels, I only recorded shows off of the digital channels. So I can't speak to that.

Once I get a workflow in place, it will be nice to have my favorite movies and shows as files to stream from a media server. Yeehoo!

enjoy!
TAG
Posted by Cacasodo at 11:31 AM 0 comments
Labels: , , , , ,

Wednesday, March 05, 2008

understanding CSS using Firebug

Understanding CSS is not trivial stuff. But the Firebug plugin (http://www.getfirebug.com) for Firefox can help. Here's a video I produced that shows how to inspect your CSS with Firebug. The context is understanding Blogger templates:


Also depicted in the video are cross-hairs from the Orca screen magnifier, an application for disabled people that is installed with the Fedora 7 distribution. I used the cross-hairs because the mouse cursor disappears when I capture the video with Cinelerra.

cheers,
techanswerguy
Posted by Cacasodo at 11:06 AM 0 comments
Labels: , , , ,

Thursday, February 28, 2008

command line email in Cygwin

As mailx is not part of the Cygwin distribution, you don't have that many choices if you want to send an email from a shell script. In this regard, Jeremy Reed has kindly provided a nice substitute script that can help us out:
http://cygwin.com/ml/cygwin/2005-02/msg00635.html

If you have Cygwin installed, you'll need to do the following things:
1) install ssmtp
2) configure ssmtp with ssmtp-config
3) install Jeremy's mailx shell programs

There are a couple of gotchas with step 2 above.
1) make sure you have the directory /etc/ssmtp created
- for some reason, the ssmtp-config program doesn't create it
2) make sure you define a fully qualified hostname
- if not, you'll get the following error
$ /usr/bin/mailx -s "test" cacasododom@gmail.com < test.txt
3) make sure that you have a symbolic link created for /usr/sbin/sendmail that links to /usr/sbin/ssmtp and that /usr/sbin is in your PATH. Otherwise, you'll get this error:
$ mailx.sh -s "test" joe.user@yahoo.com < test.txt

That's it.

I preferred to use Jeremy's program over nail, because it gives me the same arguments as mailx did.

Thanks Jeremy!
TAG
Posted by Cacasodo at 5:24 PM 0 comments
Labels: , , , ,
Subscribe to: Posts (Atom)
Feel free to drop me a line or ask me a question.