Adding an SSL cert to an Amazon ELB

So recently I needed to add SSL capability to an Amazon Elastic Load Balancer (ELB) which actually meant :

– Get the certificate, having created a new CSR and Private key on the machine of your choice
– Uploading the Private key, CSR and Certificate into Amazon using Amazon Web Services (AWS) Identity and Access Management service (IAM)

So the first challenge was getting the command line tools and creating the relevant identity files.

Download the AWS command line tools and put them somewhere you want to use them from, I put them in /use/local/IAMCLI which I then added to my .bash_profile using the settings below (this bit is optional, but makes your life easier):

# Added for AWS CLI
export AWS_IAM_HOME=/usr/local/IAMCli
export PATH=${AWS_IAM_HOME}/bin:$PATH
export AWS_CREDENTIAL_FILE=${HOME}/path_to_credential_file/credential_file

The AWS_CREDENTIAL_FILE is as below and the information to put in the file you get from the “Security Credentials” tab under your account settings, add in the ID of the access key you want to use, and click on “show” to reveal the key to use, create the file and ensure you put it in the location you added into your .bash_profile. Observant people will notice this doesn’t work if you deal with multiple AWS accounts, you can always use the optional -aws-credential-file when using the command line tools to point to the credential file you want to use.

AWSAccessKeyId=STUPID_LONG_ID
AWSSecretKey=Stupid_long_key

To upload the certificate:

$ iam-servercertupload -b public-key.pem -c .cert-chain-file.pem -k private-key.pem -s domain.name

To check the certificate is in place:

$ iam-servercertgetattributes -s domain.name

And should you need to delete the certificate:

$ iam-servercertdel -s domain.name

Now when you create the ELB, select “Secure HTTP Server” from the common applications list and save, then when you continue to the next page you should be given the option to “Choose from your existing SSL Certificates”

Adobe Air

So for a while I’d had issues with Adobe Air applications sometimes working other times not, and due to the infrequency with which I used Air based applications I had largely ignored the problem, however today I need to use Mockups and this I meant I had to fix the issue.

The solution turned out to be pretty simple, uninstall Air (for good measure) and then install Mockups, simples.  So open a terminal session and use the following:

sudo /Applications/Utilities/Adobe\ AIR\Uninstaller.app/Contents/MacOS/Adobe\ AIR\ Installer -uninstall

Enter your password when prompted and a few seconds later you get:

Uninstalling Adobe AIR (all versions)
done

Re-install Air, install Mockups, get creative ;-)

Why the dull post on something so simple, well I’ve had to do this several times now and always have to Google for the best way to uninstall Air on OSX so this time I’ve posted here to help me out.

Zimbra Upgrade (Take Two)

Ok going from 6.0.2 -> 6.0.5 NE on RHEL 4.x (Yes I know that the next major version won’t support 4.x) and I was hoping for a nice smooth upgrade, the previous SSL Comercial cert problems now showing as fixed in the bugtracker, however at the end of the process and I’m getting the same “Expired Cert” warning messages from email clients and the like….

So as root

cd /opt/zimbra/ssl/zimbra
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.6.0.2/commercial/commercial.crt commercial.6.0.2/commercial/commercial_ca.crt

Restart the services using ZMProv and all is good.

VMWare Server Build

Well with the snow came the abuse of the company VPN (will post more about that later) and some sofa / server time.

The least shocking element was the amount of work I could get down with a 3 year old and 6 week old in the house, easier to work from the sofa (no office yet) and less distractions than being the office…

So it was time to build some servers, I’ve got SonicWalls Global Management System and ManageSoft all requiring servers, also as we change things around the way we build and use servers will be changing, so I had three servers to build, (well four when we take into account the new development server for the in house digital team)

1) Windows 2K3 (64Bit) and SQL 2K5 Server for ManageSoft and SGMS usage
2) 2 x Windows 2K3 (32Bit) for ManageSoft ECM and SGMS
3) RHEL 5.4 Server for dev.

The windows servers were pretty simple. Build a new server, fully patch, then clone to a template, then join the server to AD with it’s new name and carry on with the specific requirements for the server.

Next server.
Use the fully patched template you’ve just created for your shiny new server, join to AD and you’re done, new server in under 10 minutes, sit back and rejoice at your new power…. repeat.

Three servers created in the time it would take you to create one new server.

Did the same with RHEL, so now I have my four new servers and three templates to enable me to deploy a new instance in under 10 minutes.

Nice having uninterrupted time to get stuff done – also printed out the manuals for the NSA2400 / SGMS / SSL-VPN, time to get reading…. and shortly re-configuring the NSA to make the most of the new power (before deploying to the other new NSA units via SGMS…)

“I have a cunning plan m’lord…”

OSX Migration

So it was time to replace the home Mac Mini, it had done sterling work as the main home machine serving as a home for all of our photos, music and used for general surfing, but it was certainly slowing down, the upgrade to Snow Leopard had gone well and helped prolong its life but the signs were there, time for something new and shiny.

The Mini was sitting on top of 2 x 1Tb Iomega Minimax drives which gave a useful number of extra USB boots and made for a neat tower / shrine. One drive was data the other was the time machine backup, but things had moved on, I now had a QNAP TS-439 with 4 x 2Tb (1863Gb Actual) drives installed and configured as RAID 6 (3664Gb usable) so there was plenty of storage to be had and the potential ability to recover from two drives failing.

I configured a number of iSCSI targets and using the Studio Solutions GlobalSAN iSCSI initiator connected up. This was a very simple, one minutes process and having done the same under Windows using the MicroSoft iSCSI initiator I know which I’d prefer to use in future.

I copied the data across into the relevant targets, music, photos and then setup backup using time machine to do the applications, user account and everything else other than the music and pics. To ensure everything worked I quickly re-opened iTunes and iPhoto and changed the library to the iSCSI targets, all was working lovely. Time taken to setup, 10 minutes, time to copy the data about 4 hours in total.

Now the migration, shut down the mac mini, spend an hour moving all the kit around and tidying up the wires and then for the moment of truth. Fire up the new mac, register and ignore the migration assistant for now. Once the mac is running I downloaded the initiator and installed, setup the connections to the iSCSI targets, open iPhoto and iTunes and point the applications to the iSCSI data and all was good. Just the application migration to go.

I opened up the ever so handy OSX Migration Assistant, pointed it at the time machine backup and recovered the old account data and applications on to the machine as a new account, logged out, logged in as the recovered account and the migration was done.

Work done, about 10 minutes, time taken 5 hours of data transfer backwards and forwards.

Job done, no problems and no fuss, technology as it should be.