About trust flags of certificates in NSS database that can be modified by certutil

Managing Certificate Trust flags in NSS Database

We can modify certificate trust flags using certutil. But before we do so we must know more about these trust flags. Here are my notes about trust flags from Nelson Bolyard 's Brown bag:

...  >>> READ MORE >>> ...

[Read More] Posted by meena ( Jul 08 2009, 06:17:58 PM IST ) Permalink Comments [1]

Running Sun Web Server 7.0 in FIPS mode

Running Sun Java System Web Server 7.0 in FIPS mode

Jyri's blog  http://blogs.sun.com/jyrivirkki/entry/fips_140_certification talks about FIPS certification. In this blog I will show how to run Web Server 7.0 in FIPS mode.

READ MORE >>

[Read More] Posted by meena ( Oct 29 2008, 01:18:24 PM IST ) Permalink Comments [0]

Using builtin hardware accelerators of Niagara 1 (Sun Fire T 2000) server with SSL enabled Sun Java System Web Server 7.0 instance

Using builtin hardware accelerators of Niagara 1 (Sun Fire T 2000) server with SSL enabled Sun Java System Web Server 7.0 instance

In my previous blog I talked about SCF framework and Sun Java System Web Server 7.0 in general. This time I tried to make use of builtin hardware accelerators of Niagara 1 (Sun Fire T 2000) server with my SSL enabled Sun Java System Web Server 7.0 U2 instance. My blog is an attempt to show how easy it is to do so.

READ MORE DETAILS>>>

[Read More] Posted by meena ( Sep 19 2007, 01:31:20 PM IST ) Permalink Comments [0]

Denial of Service (DoS) Prevention By Request Timeout in Sun Java System Web Server 7.0

Denial of Service (DoS) Prevention By Request Timeout in Sun Java System Web Server 7.0

Check out the new improvements we made in Sun Java System Web Server 7.0. In this blog I will talk about Denial Of Service (DoS) Prevention "Request Timeout" enhancements.

We have introduced two more timeouts in the server.xml's <http> element in addition to the existing <io-timeout>. They are <request-header-timeout> and <request-body-timeout>.

If you are a Web Server Administrator and you want to limit users to be sending all request headers in the first 10 minutes of the connection and request body in the next one hour, you can set these two parameters in server.xml like

...
<http> ...
    <request-header-timeout>600</request-header-timeout>
    <request-body-timeout>3600</request-body-timeout>
</http>
...

All other connections which last longer will be disconnected by the server automatically.

Posted by meena ( Mar 07 2007, 12:20:34 PM IST ) Permalink Comments [2]

Directory listing in Sun Java System Web Server 7.0

Directory listing in Sun Java System Web Server 7.0

Been getting a lot of questions about directory listing in Sun Java System Web Server 7.0

I have setup a Sun Java System Web Sever 7.0. I am not able see directory contents. I get a popup saying "Authentication Required". Under "Content Handling"->"General"->"Directory Listing", I tried setting "Listing Type" to 'Fancy' & 'Simple'.  But that did not help (I saved and re-deployed the server instance).

Here is the solution. Check in obj.conf configuration file if "index-common" service SAF is present:
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"

Directory listing is not enabled by default. If you look at the default ACL file default.acl, (assuming you do not have any other other VS specific ACL file)
version 3.0;
acl "default";
authenticate (user, group) {
  prompt = "Sun Java System Web Server";
};
allow (read, execute, info) user = "anyone";
allow (list, write, delete) user = "all";

That shows "list" right is allowed to "all" (authenticated users only). And for directory listing, you need "list" rights. That means only authenticated users can see directory lists.

You can move this "list" right to "anyone" so that even unauthenticated users can see the directory lists.
So here is what the changed ACEs should look like :

allow (read, execute, info, list) user = "anyone";
allow (write, delete) user = "all";


Two more minor tips I would like to add

1. If you want to change the width of the columns of filename, last modified time, size, description in directory listing, add "cindex-init" directive in magnus.conf. For example
Init fn="cindex-init" widths="50,5,5,20"

2. If you want to change the directory listing to "simple" style where you will only see the list of filenames, you can change "index-common" to "index-simple" as shown below
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-simple"
Posted by meena ( Feb 26 2007, 01:25:10 PM IST ) Permalink Comments [1]

Creating Authentication Databases in Sun Java System Web Server 7.0

Creating Authentication Databases in Sun Java System Web Server 7.0

I have tried out creating different authentication databases (keyfile, digestfile, LDAP, PAM) via administration CLIs in Sun Java System Web Server 7.0.
...
I created a file authentication database of type "keyfile" in config "test" and in virtual server "test".
wadm> create-file-authdb --vs=test --config=test --path=/space/mykeyfile mykeyfile
CLI201 Command 'create-file-authdb' ran successfully
Then created a file authentication database of type "digest", added "--syntax=digestfile" in the above command.
...
>>> READ MORE >>>

[Read More] Posted by meena ( Jan 20 2007, 03:42:36 PM IST ) Permalink Comments [5]