Admins eHow SysAdmin Tips & Tricks

May 22, 2010

Check connected IPs to port 80 and number of connections on linux

Filed under: Apache,linux,Security — admin @ 6:57 pm
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

May 17, 2010

How to check domain NS glue records using dig

Filed under: dns — Tags: , , , , , — admin @ 11:52 am

Lets check microsoft.com NS glue records by dig command.

As it is a .com domain first we should check root servers for .com by the following command :

dig NS com

Result :

com.                    22124   IN      NS      d.gtld-servers.net.
com.                    22124   IN      NS      f.gtld-servers.net.
com.                    22124   IN      NS      a.gtld-servers.net.
com.                    22124   IN      NS      c.gtld-servers.net.
com.                    22124   IN      NS      g.gtld-servers.net.
com.                    22124   IN      NS      i.gtld-servers.net.
com.                    22124   IN      NS      l.gtld-servers.net.
com.                    22124   IN      NS      m.gtld-servers.net.
com.                    22124   IN      NS      k.gtld-servers.net.
com.                    22124   IN      NS      e.gtld-servers.net.
com.                    22124   IN      NS      h.gtld-servers.net.
com.                    22124   IN      NS      b.gtld-servers.net.
com.                    22124   IN      NS      j.gtld-servers.net.

We can choose any root server for next query , I will choose m.gtld-servers.net :

dig NS microsoft.com @m.gtld-servers.net

Result :

;; AUTHORITY SECTION:
microsoft.com.          172800  IN      NS      ns1.msft.net.
microsoft.com.          172800  IN      NS      ns2.msft.net.
microsoft.com.          172800  IN      NS      ns3.msft.net.
microsoft.com.          172800  IN      NS      ns4.msft.net.
microsoft.com.          172800  IN      NS      ns5.msft.net.

;; ADDITIONAL SECTION:
ns1.msft.net.           172800  IN      A       65.55.37.62
ns2.msft.net.           172800  IN      A       64.4.59.173
ns3.msft.net.           172800  IN      A       213.199.161.77
ns4.msft.net.           172800  IN      A       207.46.75.254
ns5.msft.net.           172800  IN      A       65.55.226.140

OK we are done , the ADDITIONAL SECTION in last query contains the glue records :

ns1.msft.net.           172800  IN      A       65.55.37.62
ns2.msft.net.           172800  IN      A       64.4.59.173
ns3.msft.net.           172800  IN      A       213.199.161.77
ns4.msft.net.           172800  IN      A       207.46.75.254
ns5.msft.net.           172800  IN      A       65.55.226.140

May 11, 2010

“ASN1 bad tag value met” error when processing a certificate request in IIS 7

Filed under: IIS,Windows — Tags: , , , , , — admin @ 12:48 pm

We’ve seen a few instances of the following error message on 64 bit servers when IIS 7.0 is attempting to process a pending certificate request:

Complete Certificate Request
There was an error while performing this operation.
Details:
CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267)

This error seems to mean that the private key (created when the certificate request was made) does not match the public key (the .crt file). The keypair is not successfully joined into a working SSL certificate.
So far this behavior seems most common with .crt files (instead of the .cer files many of us are more used to) issued by one specific Certification Authority—which will remain nameless here.
The error shows up after reaching the point in the process where you ‘specify certificate authority response’ and guide the wizard to the ‘File name containing the certification authority’s response…’ (the .crt file).

Solution :
Begin by importing the .crt file into the Personal certificate store for the local computer. (Start button > Run: MMC > File Menu > Add/Remove Snap-in > highlight Certificates snap-in and click the ADD button > select Computer Account and click Finish > Click OK > drill into Personal > Certificates > right-click and select All Tasks > select Import > guide to the .crt file.) At this point your certificate is basically a half-certificate. It is still missing its private key.
Second, double-click the crt certificate file you just imported, select the Details tab, scroll all the way down to Thumbprint and highlight Thumbprint. In the lower pane, block and copy all the letters of the thumbprint. Paste the thumbprint characters into notepad. Open the command prompt and run this command: Certutil /?
The command you’ll want to run is:

certutil -repairstore my "{insert all of the thumbprint characters here}"

When you see the response: “CertUtil: -repairstore command completed successfully” you should have a private key associated with the .crt file in the personal store. There should no longer be any need to run through the “Complete Certificate Request…” wizard. The certificate should show up in the IIS Manager’s list of server certificates at this point. It should also be available in the SSL Certificates drop-down list when attempting to edit the https binding for a website.

Source

Powered by WordPress