RHEL 6.8, i have a user locally authenticated and not entirely certain if that user has setup key based logins already from another node to connect to the node in question.

I'm thinking of regenerating the ssh keys for the user in order to prevent him from logging in using the previously setup keys.

I have "root" access to the node. What's the best way forward to restrict the key based login that would have been set but to keep the same account for other services which we currently use the account for.

The version details :

Using CATALINA_BASE:   /apps/TOMCAT/tomcat
Using CATALINA_HOME:   /apps/TOMCAT/tomcat
Using CATALINA_TMPDIR: /apps/TOMCAT/tomcat/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /apps/TOMCAT/tomcat/bin/bootstrap.jar:/apps/TOMCAT/tomcat/bin/tomcat-juli.jar
Server version: Apache Tomcat/8.5.4
Server built:   Jul 6 2016 08:43:30 UTC
Server number:  8.5.4.0
OS Name:        SunOS
OS Version:     5.11
Architecture:   sparcv9
JVM Version:    1.8.0_92-b14
JVM Vendor:     Oracle Corporation

Keytool list :

keytool -list
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

root, Sep 16, 2016, trustedCertEntry,
Certificate fingerprint (SHA1): xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
intermediate, Sep 16, 2016, trustedCertEntry,
Certificate fingerprint (SHA1): xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
server, Sep 16, 2016, PrivateKeyEntry,
Certificate fingerprint (SHA1): xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:

The server.xml connect

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation with the JSSE engine. When
         using the JSSE engine, the JSSE configuration attributes must be used.
    -->


   <Connector
        port="8443"
        protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150"
        SSLEnabled="true"
        keystorePass="XXXXX"
        sslProtocol="TLS"
        clientAuth="false">
        scheme="https"
        keyAlias="server"
        certificateKeystoreFile="/apps/JAVA/tomcat.jks"
<!--        <SSLHostConfig>
            <Certificate certificateKeystoreFile="/apps/JAVA/tomcat.jks"
                         type="RSA" />
        </SSLHostConfig>
-->
    </Connector>

I'm running a configtest.sh and i get the following :

SEVERE: Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"]
java.lang.IllegalArgumentException: java.io.IOException: Alias name tomcat does not identify a key entry
.
.
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
.
.
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:1012)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        ... 12 more
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name tomcat does not identify a key entry
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
        ... 13 more
Caused by: java.io.IOException: Alias name tomcat does not identify a key entry
        at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:213)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
        ... 20 more

1. I cannot make out where it picks up the alias tomcat
2. The keyalias specified in the server.xml doesn't look like having an impact
3. The entry certificateKeystoreFile="/apps/JAVA/tomcat.jks" didn't have an impact and i had to create a $USER/.keystore file

as anyone come across this and how do i rectify this ?

cheers OSP

trying to use certs for securing connections between Tomcat 8.x and mysql/mariadb. I'm going to use a self-signed cert. What follows is what i think i should be going and appreciate you to jump in and correct me.

Create Backend(DB) certs

1. sudo openssl genrsa 4096 > ca-key.pem
2. sudo openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem
3. sudo openssl req -newkey rsa:4096 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
4. sudo openssl rsa -in server-key.pem -out server-key.pem
5. sudo openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

update the mysql cnf

• ca-key.pem
• server-key.pem
• server-cert.pem

Ok, here's where i don't know how to proceed. I think i have to use the JAVA keytool .

Where do i go from here ?

ta OSP

How can i find which clients are mounting the NFS shares from a solaris 10 NFS server ? i have tried using dfshare on the server which returns nothing.

    dfshares -F nfs

cheers osp

In a Netapp with a snapmirror relationship to another Netapp in 7-mode, what are my options of checking replication performance through Data Ontap? We upgraded the link and want to know how snapmirror performs after the change.