Skip to content

HowTo: Check SSL Cert Validity via openssl command a.k.a. from Terminal

Check SSL Cert Dates ( Issued Date, Expiration Date ) on a mail server, smtp service, port 465:

sto$ echo | openssl s_client -connect #smtp_server_FQDN:465 2>/dev/null | openssl x509
notBefore=Sep 10 20:45:37 2019 GMT
notAfter=Dec  9 20:45:37 2019 GMT
sto$

Check SSL Cert Dates ( Issued Date, Expiration Date ) on a web server, https service, port 443:

sto$ echo | openssl s_client -servername $FQDN -connect $web_server_FQDN:443 2>/dev/null |openssl x509 -noout -dates
notBefore=Sep 11 21:59:27 2019 GMT
notAfter=Dec 10 21:59:27 2019 GMT
sto$

Check SSL Cert CN ( Whom domain certificate is issued for ) [ For Example: on a web server, https service, port 443 ]

sto$ echo | openssl s_client -servername $FQDN -connect $web_server_FQDN:443 2>/dev/null | openssl x509 -noout -subject
subject=CN = gigaram.bg
sto$
Advertisements

CheatSheet : MacOS X Mojave partly downloaded updates tmp files path

howto delete partly downloaded catalina update baby

downloading updates tmp files path:

#rm -rf  /private/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/com.apple.SoftwareUpdate/*tmp

 

Downloading new Catalina on your 128 already full ssd?:)  Download failed, re-download…

CheatSheet: ffmpeg transcode MOV(quicktime) to MP4(h264) + Downstream 4k/2k to FullHD

Original file: RA-video.mov, video/quicktime, 2560×1600

ffmpeg -i RA-video.mov -s hd1080 -c:v libx264  -c:a copy RA-video.mp4

Transcoded file: RA-video.mp4, video/mp4, 1920×1080

SOLVED: GPG error: https://packages.grafana.com stable InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 8C8C34C524098CB6

Problem:

W: GPG error: https://packages.grafana.com stable InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 8C8C34C524098CB6

Solution:

root@nms-ra:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8C8C34C524098CB6
Executing: gpg –ignore-time-conflict –no-options –no-default-keyring –homedir /tmp/tmp.my5T5fELsP –no-auto-check-trustdb –trust-model always –keyring /etc/apt/trusted.gpg –primary-keyring /etc/apt/trusted.gpg –keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg –keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg –keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg –keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg –keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg –keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg –keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg –keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg –keyserver keyserver.ubuntu.com –recv-keys 8C8C34C524098CB6
gpg: requesting key 24098CB6 from hkp server keyserver.ubuntu.com
gpg: key 24098CB6: public key “Grafana <info@grafana.com>” imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

SSH X Forwarding from Linux to MacOS X ssh client || FIX: Can’t Open Display -and- FIX: Warning: untrusted X11 forwarding setup failed: xauth key data not generated

When you do ssh -X from your MacOS X box to linux and receive error: Can’t open display , just do ( on macosx box ):

# echo 'X11Forward yes' >> ~/.ssh/config

 

When you login with X Forwarding but you receive warning:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated, then you can temporary workaround using -Y ssh option, a.k.a.:

# ssh -Y user@linuxbox

APT: KEYERROR: GRAFANA: W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packagecloud.io jessie InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 285D5812F5A66BFE

This is normal because of the migrated repo URLs.. so and the keys wouldn’t work…
The Packagecloud.io grapfana repo is moved to packages.grafana.com from 01.05.2019 !!! OFFICIALLY !

deb https://packages.grafana.com/oss/deb stable main

APT: W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: …… jessie InRelease: The following signatures were invalid: KEYEXPIRED ….. KEYEXPIRED 1550….32 KEYEXPIRED 15……832

apt error message when try to apt update mysql repo:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://repo.mysql.com jessie InRelease: The following signatures were invalid: KEYEXPIRED 1550412832 KEYEXPIRED 1550412832 KEYEXPIRED 1550412832

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packagecloud.io jessie InRelease: Clearsigned file isn’t valid, got ‘NODATA’ (does the network require authentication?)

W: Failed to fetch https://packagecloud.io/grafana/testing/debian/dists/jessie/InRelease
W: Failed to fetch http://repo.mysql.com/apt/debian/dists/jessie/InRelease

 

The you have to:

The one-liner that fixes this is the following:

sudo apt-key adv --recv-keys --keyserver ha.pool.sks-keyservers.net 5072E1F5

Which basically fetches the new key and installs it into the keyring.

A bit more detail:
You can find the expired key by executing the following command:

LANG=C apt-key list | grep expired

Which outputs something like this: pub 1024D/5072E1F5 2003-02-03 [expired: 2019-02-17] 5072E1F5 is the key ID, which we used in the command above.

 

Originally found in serverfault discussion here:

https://serverfault.com/questions/955299/mysql-repository-key-expired