Is there any way of downloading a https certificate using a batch file (or a powershell script) in Windows? In Linux I can use openssl s_client -connect <URL> ...
How can I do it in windows (without using thirdparty openssl implementations)?
Some time ago I wrote a Test-WebServerSSL PowerShell script that does the thing: Test remote web server SSL certificate. The function utilizes built-in System.Net.WebRequest class and its ServicePoint property.
just copy/paste the function to your PowerShell console and call it by specifying remote server host name:
Test-WebServerSSL www.mydomain.com
Note that you must type only remote server's host name without protocol prefix and relative URL path.
to save the certificate to a file, you can send the output object to Set-Content cmdlet:
$SSL = Test-WebserverSSL www.mydomain.com
Set-Content -Path $CertificateFile -Value $SSL.Certificate.RawData -Encoding Byte
Related
I'm trying to run a PS1 file in T-SQL using XP_CMDSHELL, like so:
exec xp_cmdshell 'powershell -ExecutionPolicy bypass -command "C:\Users\sleven\Documents\DimAcctImport.ps1"'
The powershell script is as follows:
import-module dbatools
Import-DbaCsv -SqlInstance 'MSSQL' -Database 'Test' -Table 'Account' -Path "R:\Data\Account.csv" -Delimiter ',' -Quote '"' -KeepNulls -NoProgress
This script uses the cmdlet Import-DbaCSV of module DbaTools to import the CSV to the target table.
Here is the error I receive in SSMS:
import-module : The specified module 'dbatools' was not loaded because no valid module file was found in any module
directory.
At C:\Users\sleven\Documents\DimAcctImport.ps1:1 char:1
+ import-module dbatools
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (dbatools:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
The module is installed and runs as expected if I copy the PowerShell script and run it in PS ISE.
I'm using SQL Developer Edition on the same PC as I'm using to run the sp - my local PC.
What am I missing?
EDIT: Adding output from get-module and $PSVersionTable
PS> (Get-Module -ListAvailable dbatools).Path:
C:\Users\sleven\Documents\WindowsPowerShell\Modules\dbatools\0.9.834\dbatools.psd1
PS> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.18362.145
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.18362.145
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Using Import-Module cmdlet tells PowerShell to look for cmdlet only in certain folders. You can check these folders by checking environment variable PSModulePath (splitting added for better visibility):
$env:PSModulePath -split ';'
In that case, when running PowerShell by xp_cmdshell, that folder is not included in PSModulePath (might happen as well if you use different account as your module is currently in your profile folder). Now you have two options:
Reference the module using its path, not name. You can get path using (get-module -ListAvailable dbatools).path:
# Replace the path with the path you found with Get-Module
Import-Module 'C:\path\to\module\dbatools.psd1
Modify your $env:PSModulePath. As that topic is more broader, let me give you the link to the docs. Remember that you should set that variable for the user running xp_cmdshell. As RThomas mentioned, by default it's not your user account. See linked answer for explanation on that topic.
NOTE (credits go to #David Browne - Microsoft from his comments):
If you're going to set the environment variable, it should be a system environment variable, as you wouldn't want this process to break if you change the SQL Server service account. And remember, setting a system environment variable requires a reboot for services to see the change.
It's likely an account issue. Keep in mind that running xp_cmdshell by default runs everything as the service account behind the SQL Server instance. So you'll want to verify what account this is.
If it's a built in system account this can cause strange behavior when it comes to rights.
If it's a windows or a domain account then you'll want to test externally to SQL Server by running the PS file not as yourself but as the same account SQL Server uses as a service account. You can do this easily by opening the cmd shell with shift/right click and specifying the other account.
Your other option is to set up a proxy account for the xp_cmdshell call to use. Instructions on how to do this can be found in Microsoft documentation.
Trying here to see if anyone has worked out LDAP auth against AD with rundeck. I am using the JRE running method for rundesk. Here is what I have done so far:
I have set up the jaas-ldap.conf as shown on Rundeck authentication users page
I have requested for a ssl certificate from my admin. To use ldaps rundeck requires ssl cert or so it's written on their site. After getting the cert, they mention following two steps:
Once a certificate has been obtained. There are two options for adding the certificate. The first involves updating the truststore for the JRE. If that is not possible or not desirable, then one can set the truststore to be used by the jvm, using any arbitrary truststore that contains the appropriate certificate.
Both options require importing a certificate. The following would import a certificate called, AD.cert into the /etc/rundeck/ssl/truststore.
keytool -import -alias CompanyAD -file AD.cert -keystore /etc/rundeck/ssl/truststore -storepass adminadmin
To add the certificate to the JRE, locate the file $JAVA_HOME/lib/security/cacerts and run
keytool -import -alias CompanyAD -file AD.cert -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
To verify your CA has been added, run keytool list and look for CompanyAD in the output.
keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
This is where I am running into issue. I have imported my certificate to the java truststore under $JAVA_HOME/lib/security/cacerts. The ssl.properties files also ask for a keystore, keystore.password, key.password parameters. Now, am I supposed to create a new keystore or omit these and just use the truststore variables?
I also tried creating a new keystore (.jks) and imported the same ssl certificate to it setting keypass and storepass. This did not help. I am getting error saying java.io.IOException: Keystore was tampered with, or password was incorrect
I am deploying the jar using - java -Dloginmodule.conf.name=jaas-ldap.conf -Dloginmodule.name=ldap -Drundeck.ssl.config=ssl.properties -jar rundeck-launcher-2.6.4.jar
I'd appreciate help passing through this.
There is no need to ask your admin for the ssl certificate. If your organization uses ldaps and the certificate installed on the ldap server is a self signed cert which is not in your keystore, then you need to add the cert to your JVM keystore. Now to get that certificate run the below query
openssl s_client -connect <ldapserver>:636
This will give some output with -----BEGIN CERTIFICATE----- and ---------END CERTIFICATE--------. Copy the text between these strings to a file ldap.cert.
keytool -import -alias CompanyAD -file ldap.cert -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit.
If your keystore is tampered probably you may have to reinstall Java in the system.
My requirement is to create a named instance, while there is a default instance running on the same machine and connect to it, through some kind of management console or command line.
I created a firebird 2.5 second instance using
instsvc install -auto -superserver -guardian -name secondservice
instsvc start -name secondservice
This created the engine service and guardian service and was confirmed running using firebird control centre and through services window.
However I am unable to connect to the instance using ibo console when I put the parameters to host name as localhost/secondservice, nor can I cannot to it through isql using
isql localhost\secondservice:employee
I downloaded the zip file through
http://downloads.sourceforge.net/project/firebird/firebird-win32/2.5.4-Release/Firebird-2.5.4.26856-0_Win32.zip
Would anyone have any idea what is missing?
Firebird doesn't have a concept of named instances like SQL Server. If you want to run a second instance, then the firebird.conf file of that instance must have a different value for the configuration option RemoteServicePort (which defaults to 3050), and you need to specify that port number when connecting (say you configured the port on 13050):
isql localhost/13050:employee
Running multiple instances of the server, also requires you to have separate installations for each instance.
This worked
I made sure
Registry does not have any firebird related keys that are pointing to firebird 1.5 or anything else.
echo %FIREBIRD% does not print a value
firebird.conf has below two lines (only line changed was the port from 3050 to 3070):
#RemoteServiceName = gds_db
RemoteServicePort = 3070
Ran
instsvc stop -name secondservice
instsvc stop -name DefaultInstance
instsvc r -n secondservice
instsvc install -auto -superserver -guardian -name secondservice
instsvc start -name secondservice
Services are up and running
telnet -a confirms service is listening on 3070 port.
isql localhost/3070:C:\test.fdb -user SYSDBA -pass masterkey
worked for me
What sorted it was clearing out ENV variables and registry, nothing much to it after that.
Every night we need to zip certain files contained in a folder. I then need to make sure that all the files that should have been zipped are in the zip file.
I have created a piece of code that work perfectly on my PC but when I move the code to the live server I get the following error:-
The term 'unzip' is not recognized as the name of a cmdlet'
I have installed dot.net 4.5 & also the PowerShell Community Extensions 3.1
Here is my code that creates an array of file names:-
$UnZip_Test = unzip -t $ZipFile
$zip_contents = $UnZip_Test | ? { $_ -match "^\s*testing:\s*(.*?)\s+OK\s*$"} | % { $matches[1] }
unzip is not the cmd-let Community Extensions uses. If you had correctly installed the PCE 3.1 you should be able to use Expand-Archive cmdlet.
expand-archive -format zip -path $ZipFile
unzip is not a PowerShell built-in command. You need to provide an unzip.exe in one of the folders in the $env:PATH on the production server, or define a function/cmdlet or alias that does The Right Thing™.
I use this in my powershell scripts, granted it's not powershell but requires java to be installed.
jar xf ./path/to/archive.zip
In my case, knowing java is on a server is a lot easier than downloading some community extension all over the place
libcurl can get certificate info by using CURLINFO_CERTINFO, but that info must come after curl_easy_perform, which means you need to log in to the FTP server first without verifying the certificates.
FTP software like FileZilla get the certificates and then ask the user to trust them or not, just before sending username and password.
The following OpenSSL command can also get the certificates with no username or password:
$ openssl s_client -showcerts -connect ftp.godaddy.com:21 -starttls ftp
I also tried using CURLOPT_VERBOSE to monitor the FTP commands. After AUTH TLS command is OK, it'll stop immediately and try to get the cert info. But that didn't work.
You can accomplish this by using the CURLOPT_SSL_CTX_FUNCTION to install a callback function when the SSL_CTX gets created. From that CURL callback, you can install your own verify function callback using the regular OpenSSL API SSL_CTX_set_cert_verify_callback().
The CURL web site provides an example.