Create a self signed root CA certificate that works in Chrome in Ubuntu using openssl

This was really a lot of work as I’m not familiar with SSL and openssl. Took me a few days digging the net and trying many things to eventually make this work.

I was trying to make a Ubuntu client to trust a Windows webserver.

A few things I learned

  • If your certificate only have Common name, but your Subject Alternative Name is not in the cert, Chrome will complain with error ERR_COMMON_NAME_INVALID
    • Which is inaccurate and misleading.
    • Apparently, Common Name has been technically obsolete for 2 decades(!) and now the domain name must be put in SAN, which requires using openssl extension.
  • Using New-SelfSignedCertificateEx from Microsoft to generate the cert in Windows, the cert will not be trusted in Ubuntu, for some unknown reason. However if you install the cert in a Windows client and browse the website, it works.
  • For some application, you need to have a Friendly Name in the cert.

Steps to do it

Instructions are from the below link

https://www.ibm.com/support/knowledgecenter/SSZQDR/com.ibm.rba.doc/LD_rootkeyandcert.html

Generate the private key of the root CA:

openssl genrsa -out rootCAKey.pem 2048

Generate the self-signed root CA certificate, with SAN, you need openssl 1.1.1

openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 3650 -out rootCACert.crt -addext “subjectAltName = DNS:<Your domain name>”

Refer to this stackoverflow question on how to add SAN: https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line

Create a pfx file to install in Windows web server.

openssl pkcs12 -export -out rootCACert.pfx -inkey rootCAKey.pem -in rootCACert.crt -name “<Your domain name>”

Afterwards, import the pfx file to the certificate store of the Windows Server using Microsoft Management Console and configure your webserver to use this certificate.

For Ubuntu Client, install to ca-certificates

sudo cp rootCACert.crt /usr/local/share/ca-certificates

sudo update-ca-certificates

Test using cURL, you may need to configure DNS or hosts file

curl https://<Your domain name>

Chrome and Firefox use their own certificate stores, so you need to add the certificates through their settings GUI. cURL will still work if cert doesn’t have SAN, but Chrome will complain as mentioned above.

EF Core Update-Database failed with MySQL

When trying to use the code first approach of Entity Framework Core to generate database and tables using MySQL. When running Update-Database in the package console manager, it shows an error saying table __efmigrationhistory doesn’t exists.

After digging in Stackoverflow, it seems that it’s a bug with the official MySQL connector. And at the time of this writing with this version 8.0.20 and .NET Core 3.1, this bug hasn’t been fixed. The connector is supposed to create this table for migration.

https://stackoverflow.com/a/46090571/9191495

In order to solve this problem there are two solutions

-Don’t use the official connector, use Pomelo.EntityFramework.MySql

https://www.nuget.org/packages/Pomelo.EntityFrameworkCore.MySql

-Alternatively create, the table yourself

CREATE TABLE `__EFMigrationsHistory` 
( 
    `MigrationId` nvarchar(150) NOT NULL, 
    `ProductVersion` nvarchar(32) NOT NULL, 
     PRIMARY KEY (`MigrationId`) 
);

It’s a waste of time, but what can one do.

No Configuration values in ASP.NET Core app when debugging in Visual Studio Code

This is a stupid mistake.

Make sure that in launch.json, the value for cwd is correct and is pointing to the same folder as the DLL of the .NET Core app.

By default current working directory is set to the workspace directory, the appsettings.json file is not there, thus when running the app, it doesn’t have any settings.

Change DNS server in Ubuntu 18.04

In Ubuntu desktop 18.04, it seems that in order to change the DNS server, you need to open Network Manager in the UI and set the DNS server IP Address.

However it doesn’t work until you restart or run sudo netplan apply.

If you use Ubuntu server, you need to modify a yaml file within yaml file, then run netplan apply.

Not sure why doing so in Ubuntu desktop doesn’t work, though.

Read single aggregate historical values from OPC UA

When reading processed historical data from OPC UA server, if you don’t set processing interval, only one value will be returned.

So if you use aggregation function Max from StartTime to EndTime, if you don’t specify the processing interval, it will return the maximum value from start time to end time.

If you specify the processing interval to 1 hour, it will return multiple max values for each hour within StartTime to EndTime.

Windows server is not listed under Network

Refer to this link: https://social.technet.microsoft.com/Forums/windows/en-US/6e133d2c-d0b8-48b0-8b32-94d6b010a224/server-does-not-appear-under-network?forum=w7itpronetworking

“Network discovery requires that the DNS Client, Function Discovery Resource Publication, SSDP Discovery, and UPnP Device Host services are started, you may check this on both sides to make sure they are started.”

Cannot restore database to SQL Server running in Docker container

I faced this issue, turned out when using docker cp to copy files to the container, the files were owned by root user and other users didn’t have read permission. This is because the files were copied from shared folder in Windows host to the linux VM.

Because only root can read, I couldn’t restore the DB using the copied file as the server cannot read the file.

Doing a chmod to add read permission before copying into the container solves the issue.