My Favorite OSX Utilities

Posted on by Sobit No Comments ↓

OSX is a capable operating system out of the box, but there are a few tools that I like to add to every new system I get.  I’ve been asked for the list a few times, so in no particular order,  here goes:

Keka
Keka is a free file archiver for Mac OS X. The main compression core is p7zip (7-zip port). Compression formats supported: 7z, Zip, Tar, Gzip, Bzip2, DMG, ISO.  Extraction formats supported: RAR, 7z, Lzma, Zip, Tar, Gzip, Bzip2, ISO, EXE, CAB, PAX, ACE (PPC).

Chicken of the VNC
Chicken is a VNC client for Mac OS X. A VNC client allows remote access to another computer over the network. Chicken is based on Chicken of the VNC.

Limechat
LimeChat is an IRC client for Mac OS X

Text Wrangler
TextWrangler is a very capable text editor. 

VMWare Fusion
Virtualize all the things.  Virtualbox and Parellels also work well here, but VMWare remains my preference for compatibility and functionality.

Zterm
Console into things.

Zenmap
Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.)

LastPass
Password Management.

Vienna
Vienna is an RSS/ATOM reader for OSX.

Handbrake
HandBrake is a tool for converting video from nearly any format to a selection of modern, widely supported codecs.

Watch
A Linux command to continuously execute a program and monitor output.

Did I miss anything?  Let me know!

 

Posted in OSX

Create A Windows Certificate Signing Request Without IIS

Posted on by Sobit No Comments ↓

Before we can install a certificate, a certificate signing request (CSR) must be generated and sent to the certificate authority (CA).  The CSR should be generated from the device that will install the certificate, as the private key will need to match.  Microsoft has simple instructions to create a CSR when IIS is installed, but what if we want to implement SSL over LDAP?  or SQL? IIS is not always available to generate the CSR.

Microsoft has a command line utility called certreq.exe to help us out.  From the technet article:

“Certreq can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request.”

Certreq is installed by default on: Vista, Windows 7, 8, Server 2008, and Server 2012.  The syntax has changed a little between versions, but it essentially takes an action and an inf file as parameters.  The inf file contains information that will appear in the certificate, so we want to populate it carefully.

We are going to focus on generating a new CSR, using the command:

certreq -new myrequest.inf mycsr.req

If you are exceptionally lazy, you can omit the filenames and certreq will open a file open dialog box and a file save dialog box for your lackadaisical self.

Here is the contents of the myrequest.inf file:

;—————– myrequest.inf —————–

[Version]

Signature=”$Windows NT$

[NewRequest]

Subject = “CN=myserver.sobit.org, E=certs@sobit.org, O=Sobit.org, L=SLC, S=Utah, C=US” ; replace with your FQDN
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

;———————————————–

Please populate the subject field with your device/server specific information.  Make sure the FQDN matches the hostname that your users are going to use to connect to your encrypted service.  Here is the template:

Subject = “CN=FQDN, OU=Organizational_Unit_Name, O=Organization_Name, L=City_Name, S=State_Name, C=Country_Name

The output of the tool will be the CSR that you submit to your certificate authority.  Similar to this:

csr3

Posted in Operating Systems