Get SSL cert in PFX format using OpenSSL

Steps for getting SSL certificate in pfx format (suitable for Azure for example)

openssl req -new -nodes -keyout mycert.key -out mycert.csr -newkey rsa:2048

Upload CSR, get the Certificate and save it local file. Get the intermediate certificates (if needed).

Concatenate the intermedia certs to one file:

cat AddTrustExternalCARoot.crt COMODORSA* > intermediates.crt


openssl pkcs12 -chain -export -out mycert.pfx -inkey mycert.key -in mycert.crt -CAfile intermediates.crt
Posted in Azure |

Azure, add IP address to cloud service

Azure now supports multiple IP addresses per cloud service. This means you can for example host multiple web sites, each running in different IP address on one cloud service (1..n virtual machines).

Right now it seems to be be possible to manage this only via the Azure PowerShell commandlets. After adding a secondary IP for my cloud service I was no longer able to manage the end points via Azure management web site or the command line tools.

In brief the commands to create a new reserved IP address and create a load balancer that uses the IP are following:

# Create a new reserved IP address
New-AzureReservedIP –ReservedIPName "MyIP"  –Location "West Europe"

# Create load balancer and end points that use the reserved IP
# Here I'm adding it to two virtual machines which are part of the cloud service
Get-AzureVM -ServiceName myservice -Name vm01`
| Add-AzureEndpoint -Name myEndpoint -LoadBalancedEndpointSetName http`
    -Protocol tcp -LocalPort 8001 -PublicPort 80 -VirtualIPName MyIP -DefaultProbe `
| Update-AzureVM

Get-AzureVM -ServiceName myservice -Name vm02`
| Add-AzureEndpoint -Name myEndpoint -LoadBalancedEndpointSetName http`
    -Protocol tcp -LocalPort 8001 -PublicPort 80 -VirtualIPName MyIP -DefaultProbe `
| Update-AzureVM

# To see the endpoints for VM
Get-AzureVm -ServiceName myservice  -name vm01 | Get-AzureEndpoint

Posted in Azure |

Azure CLI tools, Credentials have expired, please reauthenticate

After installing Azure CLI tools and trying to use them on the first time on Windows, I started getting “Credentials have expired, please reauthenticate Detailed error message from ADAL is as follows: Error: Entry not found in cache.” error message. A regular logout/login did not fix the issue in my case.

I did not figure out the exact reason for the error, but a fix was simple. First logout using

azure logout <username>@<domain>

Then issue a command to clean up(?) the credentials:

%APPDATA%\npm\node_modules\azure-cli\bin\windows\creds.exe  -d -t AzureXplatCli:target=* -g

And after that login again.

Posted in Azure |

IntellijJ IDEA: Maven home directory is invalid

When creating a new project based on Maven archetype IntelliJ IDEA wants know certain Maven related directories. It took few minutes to figure out what IDEA actually wants here and answering wrong gives the not very informative “Maven home directory is invalid” -error message.

The Maven home directory is the place where your Maven installation is located. It is not your personal Maven directory, which in Windows is usually c:\users\<username>\.m2



The “Maven home directory is invalid” message would be a lot more helpful if IDEA would tell WHY it thinks the directory is not valid. If you are trying to find a specific file or sub directory – please tell me.

Posted in Misc |

Convert SPSS .SAV file to CSV (for Excel)

SPSS alternative, GNU PSPP include a very easy to use tool that can convert the SPSS SAV file to CSV. This can be further read in to excel. Just open the csv file in Excel. If excel does not automatically split data, choose the first column, go to Data tab and select “text to columns” and use comma as separator.

Usage is very simple:

pspp-convert <input.sav> <output.csv>

More instructions in documentation. You can download the Windows version of SPSS at least from pspp4windows Source Forge project page.

Posted in Misc |

Filezilla GnuTLS error -15: An unexpected TLS packet was received and VsFTP


sudo /usr/sbin/setsebool -P ftp_home_dir 1

Long(er) story

I ran into “interesting” problem on CentOS while trying to setup VsFTP with FTPS. I was using FileZilla to connect to the server. The VsFTPd version that comes with my CentOS version seems to be rather old, 2.2.2. The setup however was smooth. But then the problems started. The main issue I hit was FileZilla complaining about “GnuTLS error -15: An unexpected TLS packet was received” after the connection was established (NOTE: GnuTLS error -12 indicates a different problem, and a common solution is to add ssl_ciphers=HIGH to vsftpd.conf)

To an untrained eye this might indicate there is something wrong with the encryption. But no – apparently the “GnuTLS error -15” on FileZilla can be also caused by other issues which have nothing to do with the encryption. The way to find the solution was to take a step back, enable regular FTP and try to connect with that one. The regular connection attempt showed an interesting error message: “500 OOPS: cannot change directory:/home/myaccount”. Since I had already checked the permissions on the directory, the problem started to sound like some issue with SELinux. And indeed, that was the case. FTP daemon could not access the home directory of the user due to missing permissions.

Some googling revealed that “sudo /usr/sbin/setsebool -P ftp_home_dir 1” was the correct thing to do. And indeed, after that command both FTP and FTP-S started working.

Lessons learned: very the unencrypted stuff works before sprinkling security to your solution.

Some resources:

Posted in Misc |

Enable debug log in Azure Storage Emulator

Azure Storage Emulator has logging capability but this is not enabled by default and it does not seem to be available via user interface.

In order to enable the log,

  • Head to the Storage Emulator data directory, which is located at %LOCALAPPDATA%\DevelopmentStorage.
  • Edit the the developmentstorage configuration file located in the directory and change the LoggingEnabled to true
  • Restart Strorage Emulator

The logs will appear in the logs directory.

<?xml version="1.0"?>
<DevelopmentStorage xmlns:xsd="" xmlns:xsi="" v
Posted in Azure |

Ubuntu, disable special effects

I installed Ubuntu under Hyper-V and for reason the UI with all the effects is S-L-O-W.

Quick steps for disabling the UI effects:

sudo apt-get install compizconfig-settings-manager

Then head to the effects tab and disable those that you want. This does not make the UI blazing fast, but helps a bit. NOTE: You may not want to take away the window decorations, as that means losing the title bar.

(Tip via IT World)

Posted in Ubuntu |

Keymapper mappings for using Apple keyboard with Windows

I fell in love with the full size Apple keyboard. It is low profile and I really like how it works. Plus it’s pretty affordable (compared to premium keyboards).

Unfortunately by default few of the keys are out of place compared to standard PC keyboard. In order to fix this I created a mapping to be used with Keymapper tool that fixes these issues.

NOTE: I’m using the finnish/swedish keyboard layout.

Save the following to for example mappings.reg file and read it to registry. After that you need to at least log out, maybe also restart windows to make the mappings effective.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,04,00,00,00,38,00,5B,E0,5B,E0,38,00,38,E0,5C,E0,00,00,00,00

[HKEY_CURRENT_USER\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,06,00,00,00,38,E0,5C,E0,38,00,5B,E0,5B,E0,38,00,37,E0,64,00,46,E0,66,00,00,00,00,00
Posted in Web development |

Change SQL Server Express authentication mode

When you install SQL Server Express you can select the authentication mode. If you want to enable SQL Server authentication mode (username and password) later on, you can use T-SQL to do it:

ALTER LOGIN sa WITH PASSWORD = '<strong password>';
Posted in Web development |