月度归档:2017年07月

“IDE/ATAPI账户没有足够权限”错误解决

当我通过直接拷贝文件的方式迁移Hyper-V虚拟机时遇到了以上错误,错误内容为:IDE/ATAPI 帐户没有足够的权限。

错误原因为直接拷贝文件,之前的文件所有者和现有用户不一致(虽然表面上看起来是同一个用户)。

解决方法:解绑虚拟磁盘后重新绑定即可。步骤如下:

首先打开出问题的虚拟机设置

在IDE控制器0处,删除之前的虚拟硬盘。这里的删除只是断开连接而已,并不是真正的删除文件。删除后点击确定保存。

重新进入设置,在IDE控制器0出添加刚才解绑的虚拟硬盘

选择虚拟硬盘绑定

完成以上步骤后,重新连接虚拟机开机即可。

参考:Hyper-V虚拟机启动报错:IDE/ATAPI 帐户没有足够的权限

.kdb转.pem格式

.kdb格式密钥数据库无法直接导出.pem格式密钥文件。需要先转换为.p12格式。具体转换方法参考: IHS密钥数据库KDB导出证书和私钥

转换成为p12文件后,通过外部工具(例如 OpenSSL)来完成到pem文件的转换。命令如下:

openssl pkcs12 -export -out Cert.p12 -in cert.pem -inkey key.pem -passin pass:root -passout pass:root

参考:将 PEM 证书转换为 PFX/P12 格式 — IBM

IHS密钥数据库KDB导出证书和私钥

IHS生成的证书默认保存在.kdb的密钥数据库文件中。如果需要导出其中的证书和私钥则需要使用ikeyman工具操作。本文将说明如何使用ikeyman工具从.kdb数据库文件中提取证书(.crt)、私钥(.key)、pem密钥文件(.pem)。

第一步:使用ikeyman将.kdb文件导出为.p12格式。

打开.kdb数据库

输入授权密码

点击右侧的Export/Import,选择导出格式为PKCS12

输入导出后的数据库的密码

第二步,从.p12文件中提取出证书和私钥

这一步需要使用openssl工具。安装步骤不在此详述。

导出证书(.crt)

openssl pkcs12 -in key.p12 -out sample.crt -nodes -nokeys

导出私钥(.key)

openssl pkcs12 -in key.p12 -out sample.key -nodes -nocerts

导出为.pem文件

openssl pkcs12 -in key.p12 -out sample.pem -nodes

其他命令可以使用openssl pkcs12 -h查看

常见问题

在导出过程中,遇到如下错误:“restricted policy files”

解决办法:将java sdk 的policy由restricted转换成unrestricted

参考下附参考链接中的第二个。

附,openssl常见证书格式转换示例

# PEM--DER/CER(BASE64--DER编码的转换)
openssl x509 -outform der -in foo.pem -out foo.der

# PEM--P7B(PEM--PKCS#7)
openssl crl2pkcs7 -nocrl -certfile foo.crt -out certificate.p7b -certfile CA.crt

# PEM--PFX(PEM--PKCS#12)
openssl pkcs12 -export -out foo.pfx -inkey foo.key -in foo.crt -certfile CA.crt

# PEM--p12(PEM--PKCS#12)
openssl pkcs12 -export -out foo.p12 -in foo.pem -inkey foo.key

# CER/DER--PEM(编码DER--BASE64)
openssl x509 -inform der -in foo.crt -out foo.pem

# P7B--PEM(PKCS#7--PEM)
openssl pkcs7 -print_certs -in foo.p7b -out foo.pem

# P7B--PFX(PKCS#7--PKCS#12)
openssl pkcs7 -export -in foo.p7b -inkey foo.key -out foo.pfx -certfile CA.crt

# PFX/p12--PEM(PKCS#12--PEM)
# 如无需加密pem中私钥,可以添加选项-nodes
# 如无需导出私钥,可以添加选项-nokeys;
openssl pkcs12 -in foo.pfx -out foo.pem

# PEM BASE64--X.509文本格式
openssl x509 -in foo_base64.pem -text -out foo_x509.pem

# PFX文件中提取私钥(.key)
openssl pkcs12 -in foo.pfx -nocerts -nodes -out foo.key

# PEM--SPC
openssl crl2pkcs7 -nocrl -certfile foo.pem -outform DER -out foo.spc

# PEM--PVK(openssl 1.x开始支持)
openssl rsa -in foo.pem -outform PVK -pvk-strong -out foo.pvk

# PEM--PVK
http://www.drh-consultancy.demon.co.uk/pvk.html

# 对于openssl 1.x之前的版本,可以下载pvk转换器后通过以下命令完成
pvk -in ca.key -out ca.pvk -nocrypt -topvk

参考:

IHS创建自签名证书

IHS创建自签名证书时,需要使用自带的ikeyman程序。此程序需要GUI界面支持,无法直接以CLI方式运行。这里的使用方法为在服务器上安装VNCServer,在本地使用vncviewer软件连接服务器。关于VNC的配置和使用这里不进行详述。

连接完成后,进入bin目录(一般为/opt/IBM/HTTPServer/bin),运行ikeyman

cd /opt/IBM/HTTPServer/bin
./ikeyman

运行后,进入到GUI界面。如果显示乱码,则先修改语言

LANG=en_US.utf-8

下面创建一个新的密钥数据库文件。依次点击菜单栏上的Key Database File -> New… 参考以下配置

Key database type: CMS
File Name: key.kdb
Location: /opt/IBM/HTTPServer/certs/

输入密码加密密钥数据库。创建密钥数据库后,就可以在数据库中新建证书了。在Key database content选框中选择Personal Certificates,然后点击右侧按钮中的New Self-Signed…创建自签名证书。创建对话框中需要填写的信息如下:

  • 密钥标签:输入用于标识数据库中的密钥和证书的描述性注释。
  • 密钥大小:从下拉菜单中选择加密级别。
  • 公共名:输入 Web 服务器的标准主机名作为公共名。示例:www.myserver.com
  • 组织名:输入您的组织名。
  • 可选:组织单元
  • 可选:区域
  • 可选:省/直辖市/自治区
  • 可选:邮政编码
  • 国家或地区:输入国家或地区代码。请至少指定两个字符。示例:US 证书请求文件名或使用缺省名称。
  • 有效期

完成后,点击ok,自签名证书配置就完成了。接下来,在IHS的httpd.conf文件中加上key配置即可

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
<VirtualHost *:443>
SSLEnable
KeyFile /opt/IBM/HTTPServer/certs/key.kdb
</VirutalHost>

参考:创建自签名证书 – IBM

LAMP Stack for WordPress

Introduction

WordPress is a free and open source blogging platform or content management system based on PHP and MySQL. Currently WordPress is the most popular CMS all over the world, and has 20000 plus plugins to extend its functionality.You can easily create a simple website, blog or complex portals and enterprise websites using WordPress.

WordPress provides lots of features. Some of them are listed below:

  • WordPress is available in more than 70 languages. So you can build a website in a language as your choice.
  • You can easily manage your content, schedule, look and publication using WordPress, and also secure your posts and content with a password.
  • WordPress comes with thousands of themes for you to create a beautiful website. You can also upload your own theme with the click of a button.
  • With the importers feature you can easily import your blog from another website to WordPress.
  • WordPress provides search engine optimization out of the box, and also provides many SEO plugins.

In this tutorial, we will discuss how to install and configure WordPress on a CentOS 7 server.

Requirements

  • A server running CentOS 7.
  • A non-root user with sudo privilege setup on your server.

Getting Started

Update your system with the latest package versions by running the following command:

sudo yum update -y

Once your system is up-to-date, you can proceed to the next step.

Installing LAMP

Before installing WordPress itself, you will need to install the LAMP stack and other required packages on your server.

You can install all the necessary packages with the following command:

sudo yum install httpd mariadb mariadb-server php php-common php-mysql php-gd php-xml php-mbstring php-mcrypt php-xmlrpc unzip wget -y

Once installation is complete, start the Apache and MariaDB services and enable them to start at boot with the following commands:

sudo systemctl start httpd
sudo systemctl start mariadb
sudo systemctl enable httpd
sudo systemctl enable mariadb

Configuring MariaDB for WordPress

By default MariaDB is not secured, so you will need to secure it first. You can do this by running mysql_secure_installation script:

sudo mysql_secure_installation

Answer all the questions as shown below:

Set root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Once you have finished, login to MariaDB console with the following command:

mysql -u root -p

Enter your MariaDB root password and hit Enter. After login, create a database for WordPress:

MariaDB [(none)]>CREATE DATABASE wordpress;
MariaDB [(none)]>GRANT ALL PRIVILEGES on wordpress.* to 'user'@'localhost' identified by 'password';
MariaDB [(none)]>FLUSH PRIVILEGES;
MariaDB [(none)]>exit

Installing and Configuring WordPress

You can download the latest version of the WordPress source from the official website. You can get the latest version of WordPress by running the following command:

wget http://wordpress.org/latest.tar.gz

Once download is finished, extract the downloaded file with the following command:

tar -xzvf latest.tar.gz

Next, move the extracted files to the Apache web root directory:

sudo cp -avr wordpress/* /var/www/html/

Next, create a directory for WordPress to store uploaded files:

sudo mkdir /var/www/html/wp-content/uploads

Next, assign proper ownership and permissions to your WordPress files and folders:

sudo chown -R apache:apache /var/www/html/
sudo chmod -R 755 /var/www/html/

Next, you will need to make some changes in the WordPress main configuration file, so it can be connected with the database and user.

First, rename and edit the WordPress main configuration file:

cd /var/www/html/
sudo mv wp-config-sample.php wp-config.php
sudo nano wp-config.php

Change the DB_NAME, DB_USER, and DB_PASSWORD variables as shown below:

define('DB_NAME', 'wordpress');
define('DB_USER', 'user');
define('DB_PASSWORD', 'password');

Save and close the file when you are finished.

Accessing WordPress Web Installation Wizard

Before starting, you will need to allow access to the Apache ports using firewalld.

You can do this by running the following command:

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

Next, open your web browser and type the URL http://your-server-ip to finish the installation.

SecureCRT配色方案修改

SecureCRT是常用的SSH客户端,默认的SecureCRT配色十分丑陋且难用,白底黑字没有语法高亮和文件夹/文件区分。这里给出最简单的配置修改方案。

首先,进入二级窗口:Options->Global Options->Default Session->Edit Default Settings…

选择Terminal->Emulation,将Terminal配置修改为Linux。点击ok保存后回到一级窗口。

在一级窗口中,进入Terminal->Appearance->ANSI Color

在这里修改Bold colors即为修改字体颜色。最简单的方案是:只修改Bold colors中深蓝色配置,将RGB值修改为:(0, 128, 255)即可。其他颜色不做变化。

最后的效果如下: