So I received a nice article on How to obtain and install an SSL/TLS certificate, for free. The site describes how to acquire a Class 1 certificate at no cost. Basically, a Class 1 cert only validates a legal email on the domain. Your traffic will be encrypted though.
The instruction below is how to apply and use the free certificate on the Cisco ASA firewall not how to create the anyconnect configuration.
StartSSL uses an S/MIME personal certificate to let you log in after sign-up. You will create this certificate and one other for free.
Start at the Authenticate or Sign-Up page.
Create Account for your domain.
Log into account
You'll see 3 options
Tool Box, Certificates Wizard, Validations Wizard.
Pick Validations Wizard and change drop down time to Domain Name Validation.
Fill out domain name, press continue.
Pick email address to get validation key. Follow instructions.
Go to Certificates Wizard.
Pick Web Server SSL/TLS Certificate for Certificate Target
Generate Private Key, I left keysize to 2048
!! I know the ASA can generate CSR, but StartCom only accepts SHA and the ASA generates using MD5.
A private Key is generated. Save as ssl.key - Important to save this certificate.
Continue through following instruction.
Tool Box
Retrieve Certificate
- pick Certificate just created.
- should be 2 in there, the one for the browser to use the StartCom site and one for the Server - Class 1)
- copy and paste certificate.
Go go Create PKCS#12 (PFX) File
- copy and paste private key into Private Key box
- copy and paste certificate you just grabbed into Enter Certificate box.
- provide a password
- save p12 file that is created, this will be imported into the ASDM.
In ASDM
- Configuration
- Device Management
- Certificate Management
- Identity Certificates
- Add
- Create Trustpoint Name (Startcom-SSL)
- Enter Decryption Passphrase used earlier
- import p12 file.
- Add Certificate.
- Advanced
- SSL Settings
- Change outside trustpoint to one created earlier (Startcom-SSL)
-Apply
-Save
Sunday, December 27, 2009
Monday, December 07, 2009
IP Conflict Detection on Ubuntu
One thing that drives me crazy as a consultant is going to sites and acquiring a duplicate IP. Windows tells you there is a conflict. Ubuntu does not unless you install some additional software - IPwatchD.
There are 2 ways to install IPwatchD. Passive mode or active mode. Passive mode just logs packets, active mode uses Gratuitous Arp and notifies you of a problem.
The notification works nicely in 9.10 (as shown).
Here are the steps I followed:
http://www.linuxconfig.org/IPwatchD_an_IP_conflict_detection_tool_for_Linux
I will add some additional info.
/PostLogin/Default for this script to be run. This
# script will be run before any setup is run on behalf of the user and is
# useful if you for example need to do some setup to create a home directory
# for the user or something like that. $HOME, $LOGIN and such will all be
# set appropriately and this script is run as root.
If you don't already use the file, copy the sample it to its final destination and add the login script for IPwatchD:
There are 2 ways to install IPwatchD. Passive mode or active mode. Passive mode just logs packets, active mode uses Gratuitous Arp and notifies you of a problem.
The notification works nicely in 9.10 (as shown).
Here are the steps I followed:
http://www.linuxconfig.org/IPwatchD_an_IP_conflict_detection_tool_for_Linux
I will add some additional info.
The article doesn't say what to do to get the script to run at setup. It's simple. In 9.10 there is a file you can update to run scripts as root after user login. They are nice enough to provide a sample.
/etc/gdm/PostLogin/Default.sample
# Note: this is a sample and will not be run as is. Change the name of this
# file to # script will be run before any setup is run on behalf of the user and is
# useful if you for example need to do some setup to create a home directory
# for the user or something like that. $HOME, $LOGIN and such will all be
# set appropriately and this script is run as root.
sudo cp /etc/gdm/PostLogin/Default.sample /etc/gdm/PostLogin/Default echo /usr/local/sbin/ipwatchd -c /usr/local/etc/ipwatchd.conf | sudo tee -a /etc/gdm/PostLogin/Default
logout and back in or reboot to check the work.
Show running status:
ps aux | grep ipwatchdYou'll see something like:
mikem@mikem-9751L:~$ ps aux | grep ipwatchd root 28581 0.0 0.1 12388 4744 ? Ss 21:58 0:00 /usr/local/sbin/ipwatchd -c /usr/local/etc/ipwatchd.conf mikem 30234 0.0 0.0 7340 892 pts/0 S+ 22:15 0:00 grep ipwatchd
Friday, December 04, 2009
Access gmail from your Cisco IP Phone
Nice article on IP Phone Web Services for IP Phones. Weather, Gmail, etc.
http://unifiedcommunicationsblog.globalknowledge.com/2009/12/02/ip-phone-web-services-part-1/
Another IP Phone service URL that I know is popular and floating around is from Berbee:
http://phone-xml.berbee.com/menu.xml
http://unifiedcommunicationsblog.globalknowledge.com/2009/12/02/ip-phone-web-services-part-1/
Another IP Phone service URL that I know is popular and floating around is from Berbee:
http://phone-xml.berbee.com/menu.xml
Thursday, December 03, 2009
Compare files easily with Ubuntu
Sometimes you need to compare old configs with new configs. Instead of comparing the files manually you can run a great program called Meld Diff Viewer.
Just load up both files and you'll see missing lines, changed lines, etc.
To install in Ubuntu:
You'll see the program in Applications - Programming
http://meld.sourceforge.net/
Just load up both files and you'll see missing lines, changed lines, etc.
To install in Ubuntu:
sudo apt-get install diff
You'll see the program in Applications - Programming
http://meld.sourceforge.net/
Wednesday, December 02, 2009
Publishing
Adding an entry for Technorati.
code 65BHJAS792BE
Also, if you have Google Wave you can reach me at michaelmunoz@googlewave.com
code 65BHJAS792BE
Also, if you have Google Wave you can reach me at michaelmunoz@googlewave.com
Tuesday, December 01, 2009
Cisco Console software for Linux
There is a nice tool that I use regularly to access consoles on routers, switches, etc.
minicom. This is a great tool for doing simple console work.
get started with Ubuntu:
Here is a link on configuration and setup.
https://help.ubuntu.com/community/CiscoConsole
Basically, minicom -s for initial configuration.
E - Bps/Par/Bits : 9600 8N1
F - Hardware Flow Control : No
G - Software Flow Control : No
Save setup as dfl
Ctrl-a f is the break sequence for password recovery
Ctrl-a z for the help menu, say you want to upload files through the console. I hope you never have to :)
minicom. This is a great tool for doing simple console work.
get started with Ubuntu:
sudo apt-get install minicom
Here is a link on configuration and setup.
https://help.ubuntu.com/community/CiscoConsole
Basically, minicom -s for initial configuration.
E - Bps/Par/Bits : 9600 8N1
F - Hardware Flow Control : No
G - Software Flow Control : No
Save setup as dfl
Ctrl-a f is the break sequence for password recovery
Ctrl-a z for the help menu, say you want to upload files through the console. I hope you never have to :)
Subscribe to:
Posts (Atom)
Posts
