Citrix Receiver on Linux: SSL Error 61 (“You have not chosen to trust”)

Important:
If you don’t know or understand certificates / root and intermediate certificate authorities, get someone who understands to follow below instructions.

I tried connecting to the company’s citrix server, but kept hitting the same error when I tried to open the connection:

Contact your help desk with the following information:
You have not chosen to trust "INSERT YOUR CA HERE", 
the issuer of the server's security certificate (SSL Error 61)

It seems that Citrix has an alternate directory where it stores it’s trusted cert’s / certificate authorities. Even though you can see that the server’s certificate is trusted (by root CA’s) via a web browser, we need to copy those to the correct directory.

In short: Copy the root and intermediate CA’s to this directory: /opt/Citrix/ICAClient/keystore/cacerts

Continue reading “Citrix Receiver on Linux: SSL Error 61 (“You have not chosen to trust”)”

Advertisements

Using SSH to forward the same local port to multiple external hosts

Okay, this is kinda awesome :-), I got my geek on :-)

My application is connecting to a cluster of external servers but my application can configure hostname but can’t configure port.

So I wanted to connect to a remote cluster using SSH tunneling, but I was unable to forward everything because the port binding to localhost (127.0.0.1) can only be used once.

Then I saw that you can use multiple loopback addresses! See this page: https://en.wikipedia.org/wiki/Loopback

Basically you can bind the portforward to 127.0.0.2, 127.0.0.3 till 127.255.255.254, that should provide enough addresses, right!? :-)

So I can use multiple port forwards from my localhost(s) to the six remote hosts like this:

ssh somedomain.com \
-L 127.0.0.1:9042:external-node1.somedomain.com:9042 \
-L 127.0.0.2:9042:external-node2.somedomain.com:9042 \
-L 127.0.0.3:9042:external-node3.somedomain.com:9042 \
-L 127.0.0.4:9042:external-node4.somedomain.com:9042 \
-L 127.0.0.5:9042:external-node5.somedomain.com:9042 \
-L 127.0.0.6:9042:external-node6.somedomain.com:9042

Vagrant proxy through CNTLM on Windows using CYGWIN

Wow, talk about a crappy post title, but I just got this working on my corporate network and was quite happy about it.

Reason for this post; Every time I start a new assignment at a (rather big) corporation, I need to follow these steps to be able to access the internet from my vm’s.

(and I keep forgetting the steps, I’m getting old..)

What we’ll use to get this working:

  • Cygwin : https://www.cygwin.com/
  • Vagrant : https://www.vagrantup.com/
  • Virtualbox : https://www.virtualbox.org/
  • Cntlm : http://cntlm.sourceforge.net/

I’m running CentOS vm’s inside Vagrant with Virtualbox provisioning on Cygwin on Windows 7. I’m running Cntlm to create a local proxy for all stuff what I’m doing through cygwin, because I don’t like putting clear text passwords in bashrc or in Win / Bash variables.

Steps:

  1. Get your corporate proxy URL (Via Google Chrome)
  2. Configure Cntlm
  3. Configure Cygwin
  4. Configure Vagrant
  5. Use teh interwebs from your VM, practicing ninja turtle coding skillz and be instantly awesome!!1!

Continue reading “Vagrant proxy through CNTLM on Windows using CYGWIN”

Puppet provisioning on Vagrant Error: –manifestdir

This post is a distilled version of the discussion here: https://github.com/mitchellh/vagrant/issues/3740

Problem:

When I started using the latest Puppetlabs boxes, I encountered the error “Error: Could not parse application options: invalid option: –manifestdir” when my puppet manifest was about to be executed. Continue reading “Puppet provisioning on Vagrant Error: –manifestdir”

Python pip without internet

The title of this post is a bit misleading. I will not outline the use of pip without internet but I will suspect most people will search for this search string, thus coming here for an alternative.

I’ve been blessed with a very thorough security officer, who decided that CLI internet access is not permitted, even using CNTLM (1)is blocked.

The easiest way to install packages is via pip, but it’s also possible to install them via the commandline.

Using the example of Django, we will first download the tarball from the Django site;

https://www.djangoproject.com/download/

On the right side there’s a link to the latest release.

Unzip and untar the tarball and open a Prompt in that directory.

Then run the following command:

python setup.py install

Next, we’ll check if it is installed correctly:

2015-10-20 13_11_27-Opdrachtprompt

Remove host from SSH KnownHosts file without seeing the hostname

This post is mostly a bookmark for myself. I’ve been using search engines way too often to find this command..

The command to remove a host from a knownhosts file without seeing the actual hostname in the knownhosts file is the following:

ssh-keygen -R HOSTNAME

Continue reading “Remove host from SSH KnownHosts file without seeing the hostname”

Comparing sed stream output in linux

Sed is very very powerful, which is a good thing to be aware of.
I was looking to compare the output of a sed command to the original file before I wanted to execute the sed command directly on the file and came across this handy trick.

It works by using temporary named pipes inside the diff command.

Contents of file:

One
Two
Three
Four
Five

If I just want to remove the line which begins with “Four”, I can check my sed command like this:

joris@beanie ~
$ diff <(sed '/Four/d' numbers.txt) numbers.txt
3a4
> Four

Awesome possum, now I know my sed command won’t destroy anything.