Showing posts with label bash. Show all posts
Showing posts with label bash. Show all posts

Tuesday, January 25, 2022

Configuring certificates for the Netcool email probe when using Office365

 Background

If your company uses Office365 for email, and you need to use the Netcool Email Probe, you will have to configure a KeyStore database to store the valid/trusted certificates presented by Office365. What I found at one customer was that after we imported one certificate into the KeyStore, we still frequently received Certificate chaining errors, which eventually would cause the probe to stop working. The problems I saw were caused by what looks like a configuration difference on the load-balanced Office365 servers, where multiple different certificates (and certificate chains) were being presented to the Email Probe.

Solution

After several attempts at resolving the problem, I took the nuclear approach to download every possible certificate from Office365 and import them all into the KeyStore database. I'm certain it's overkill, but I scripted the solution below, and it doesn't affect the performance of the probe. Here's the script, with comments:

cd /tmp

for i in file{1..100}

do

openssl s_client -showcerts -verify 5 -connect outlook.office365.com:995 < /dev/null > $i

# each file contains at least two certificates. Each certificate needs to be in its own file

# to import it into the keystore. That's what the following command does. It will create

# files named file*-00, file*-01, file*-02 if there are two certificates returned by the above

# command.

csplit -f $i- $i '/-----BEGIN CERTIFICATE-----/' '{*}'

# file*-00 doeesn't contain anything useful (certs are in *-01 and *-02), so we will delete it

rm file*-00

done

# now import all of the above certs into the keystore.

for i in file*-*

do

keytool -keystore "/opt/IBM/tivoli/netcool/core/certs/key_netcool.jks" -import \

-trustcacerts -alias $i -file $i -noprompt -storepass THE_KEYSTORE_PASS

done





Tuesday, March 5, 2019

Customizing bash command line completion

What am I talking about?

In the bash shell on Linux, you can type a character or two then hit the TAB key to get a list of the commands that start with those characters. You can do the same to complete the name of a file you're trying to edit or directory you're trying to change to. It turns out that you can customize this command line completion behavior by installing the "bash-completion" package. This package is often installed by default and has been available for several years.

What can you do with bash-completion?

You can have the TAB key complete command arguments for you. For example, the 'curl' command has tons of arguments. You can customize bash to auto-complete the parameters for you. You just need to create a specifically coded file named 'curl' in the /etc/bash_completion.d folder. Here's a great tutorial on creating these command completion scripts:


Even more helpful, here is a ton of them that have already been created:


If you've got a command with tons of options, you can use this to make it easier for you or your users to successfully create a working command.