12 November 2014

SSL Certificate pfx to pem conversion with OpenSSL

OpenSSL is a tool used to manipulate SSL certificates. It also has the ability to extract and convert certificates between the various certificate formats that are required for various systems.

This tutorial will cover converting a PFX that contains the certificate chain into a plain text consolidated pem file for import into a WebLogic server.


openssl pkcs12 -in MyCert.pfx -out Mycert.pem

this will then ask for the import password that you specified during export
you will then be asked for a phassphrase
you will have to confirm the passphrase

The resultant file contains the extended properties and the various companents in the following order

Privatekey
Server Certificate
Root Certificate Authority
Intermediate Certificate Authority

Weblogic requires the pem file to be in the following order without any of the exterded properties

Privatekey
Server Certificate
Intermediate Certificate Authority
Root Certificate Authority

To do this we simple edit the pem file in a text editor

The various certificate elements are delimited as follows  

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

The export would look like this

Bag Attributes
    Microsoft Local Key set: <No Values>
    localKeyID: 01 00 00 00 
    friendlyName: le-734abccd-41eb-4767-8413-bb71a89936ff
    Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
Key Attributes
    X509v3 Key Usage: 10 
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BE2FBBD6CCFE6

3NrzDbQJjulQcMG6z9SHm4gEColMcXymYJJOcuUwELrFDzGImlF/uKXeaTjonk5z
1ECPImFEK2SwedgQ5bI+4zRBudw6sOnCMLSEdBZUFTPKaWikMTcO86QNoVL+Regf
HNMm3Xnyi0rOdyQYrCY0d1Qz3VmRpJmGt/7Sk4lLH2FamRLXFDQtImSEtq3L4HrB
2636Q2D+/sgtQSPpJV+M06eUpmJwkBk9Pf2794WGznxencYSgGIk5hYx5tfQJue6
n9cLD3sIrtKwhzwEnSDZu3NREKqmqRkyd4r+z60UhrJNRcQRSUvh71n7Y/w5+z04
-----END RSA PRIVATE KEY-----
Bag Attributes
    localKeyID: 01 00 00 00 
    1.3.6.1.4.1.311.17.3.92: 00 08 00 00 
    1.3.6.1.4.1.311.17.3.20: FF 07 5C 24 46 71 0D 5E 17 C5 1C C0 B5 93 8E D6 A0 57 80 9E 

    1.3.6.1.4.1.311.17.3.71: 54 00 4D 00 47 00 30 00 38 00 2E 00 77 00 6F 00 6F 00 6C 00 77 00 6F 00 72 00 74 00 68 00 73 00 2E 00 63 00 6F 00 2E 00 7A 00 61 00 00 00 
    1.3.6.1.4.1.311.17.3.75: 44 00 30 00 31 00 39 00 37 00 43 00 44 00 31 00 32 00 33 00 31 00 32 00 39 00 41 00 36 00 44 00 34 00 36 00 36 00 43 00 35 00 46 00 30 00 46 00 43 00 31 00 35 00 38 00 34 00 45 00 41 00 32 00 5F 00 00 00 
subject=/C=ZA/L=Cape Town/O=Wool (Pty) Ltd/CN=psnet.domain.co.za
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIETCR4XzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
cNk2pVK9lJzwU2WwmXfFWW3jNrAE/3OpVAsi6/45ZNLPsiD20Qpk6mZ3oY/5McLz
fDm5EzHNd8yXBZoEIZRKJpL4bmZl87TEEK8st38pDXZ1UhC+2OI355yqz2UmPW+S
c2MH1JAnaLSZxM80oOxBPIejTUiDqZ3ak5LmSR0vfjNGTpM/DFpevQ5izSoKVQRG
jzyKUQB6H/yI9zMb
-----END CERTIFICATE-----

Delete all of the extended attribute text leaving only the certificate hash between delimiters.  You should end up with the following:

-----BEGIN RSA PRIVATE KEY-----
3NrzDbQJjulQcMG6z9SHm4gEColMcXymYJJOcuUwELrFDzGImlF/uKXeaTjonk5z
1ECPImFEK2SwedgQ5bI+4zRBudw6sOnCMLSEdBZUFTPKaWikMTcO86QNoVL+Regf
HNMm3Xnyi0rOdyQYrCY0d1Qz3VmRpJmGt/7Sk4lLH2FamRLXFDQtImSEtq3L4HrB
/FwgoJHiSVb30nyVzVwpP49WDXOYJk1eXvTVEVHCUwH65Xjx78J6kex8OBryKnuh
2636Q2D+/sgtQSPpJV+M06eUpmJwkBk9Pf2794WGznxencYSgGIk5hYx5tfQJue6
n9cLD3sIrtKwhzwEnSDZu3NREKqmqRkyd4r+z60UhrJNRcQRSUvh71n7Y/w5+z04
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIETCR4XzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
E5/k2t9zC4exvIYDn0hGDlX4rtBDcL5GIYri3x+vCtz7EvISjzbPuJ5PmDttdwXX
ZYwTsWxRmSAzrQIDAQABo4IBhTCCAYEwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js
LmVudHJ1c3QubmV0L2xldmVsMWMuY3JsMGQGCCsGAQUFBwEBBFgwVjAjBggrBgEF
BQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwLwYIKwYBBQUHMAKGI2h0dHA6
Ly9haWEuZW50cnVzdC5uZXQvMjA0OC1sMWMuY2VyMEoGA1UdIARDMEEwNQYJKoZI
hvZ9B0sCMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBh
MAgGBmeBDAECAjAhBgNVHREEGjAYghZwc29mdC53b29sd29ydGhzLmNvLnphMB8G
A1UdIwQYMBaAFB7xq4kG+EkPATN37hR67hl8kyhNMB0GA1UdDgQWBBT/B1wkRnEN
XhfFHMC1k47WoFeAnjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQCB8kP1
0Xrtf7DFKvSSMl7mu909AfSlohJ02CYfjDszHEKBLS9cjKeHg/tP78qfSYpXD5sN
EUPtYFLTQ4RRqpOfm5BzS0QDDTRijySl8hKjQP8PmIAYdZe9VZvV8y5H2FK6cQWE
cNk2pVK9lJzwU2WwmXfFWW3jNrAE/3OpVAsi6/45ZNLPsiD20Qpk6mZ3oY/5McLz
fDm5EzHNd8yXBZoEIZRKJpL4bmZl87TEEK8st38pDXZ1UhC+2OI355yqz2UmPW+S
c2MH1JAnaLSZxM80oOxBPIejTUiDqZ3ak5LmSR0vfjNGTpM/DFpevQ5izSoKVQRG
jzyKUQB6H/yI9zMb
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
fF6adulZkMV8gzURZVE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgIEOGPp/DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBQe8auJBvhJDwEzd+4Ueu4ZfJMo
TTAfBgNVHSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDANBgkqhkiG9w0BAQUF
AAOCAQEAB/ZfgoR/gEDHkDRGQiQDzi+ruoOeJXMN7awFacaH7aNc8lfBsUl2mk3y
P93kDv4LPrmY2TKVHTL0Ae6cyMjlP+BTdmL83attPZSQ8sCzPJgnNl4olyL8G0DT
Kw2ttVdt3w/jS+9zAhBl+hvQrDHV4w/oujIwg+5K0L/fIpB6vuw6G8RJBB3xroB3
PEII26c7KKaAAQPmOaPr34BZG/MsvtxyRHmgbAelbU1EjkJoypR8Lja6hZ7NqsRe
PFS+/i/qaZ0cHimbltjI/lGQ8SSmkAaz8Cmi/3gud1xFIdlEADHzvjJP9QoyDfz8
uhZ2VrLWSJLyi6Y+t6xcaeoLP2ZFuQ==
-----END CERTIFICATE-----

The only thing left to do now is to swap around the last two certificates and you are set.  Save the file as consolidated.pem and import that into Weblogic


It may also be required to have a separate .pem that only contain the certs and .key file that only contains the private key. To get this you would follow a similar process.

Extract the pfx to pem exclusing the certs

openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes

Extract the pfx to pem excluding the key

 penssl pkcs12 -in certname.pfx -nokeys -out cert.pem

Convert the key pem to a .key file

openssl rsa -in key.pem -out server.key 


05 November 2014

SCVMM Manually remove orphaned hosts and clusters

Unfortunately it has happened to me on more than one occasion where VMM gets stuck with orphaned hosts and or clusters that you simple cannot delete.

Error Messages to correspond to this is:

Error (20400)
2 parallel subtasks failed during execution.

Error (2605)
Unable to connect to the VMM database because of a general database failure.
SQL error code: 547


To resolve this problem you are going to have to go into the VMM database and manually pick the orphaned object out.  Please note that this is a last resort option. please Ensure you have a fresh backup of the VMM database before you proceed.

Step 1 Get the host GUID

The host ID is the GUID that is required.  The easiest way to do this is the PowerShell the following (hyperv18 being the problem)

get-scvmhost -ComputerName hyperv18 | select id, name

This will return something like:

f072a82f-278f-4810-80ba-7d58c5eec29d    hyperv18.fixmyitsystem.com


Step 2 Run SQL Script
You will now need to stop the VMM Service so it releases the database

Specify the VMM Database name and specify the GUID.  Execute the script and start the VMM service again.  The objects should be gone now.

If it is a cluster you need to specify all of the orphaned hosts stuck in the cluster. When the last host is remove the cluster itself will also be removed.


USE VMMDB01;

DECLARE @DeleteHostId GUID;
SET @DeleteHostId = 'f072a82f-278f-4810-80ba-7d58c5eec29d '

PRINT N'Deleting host with GUID ' + RTRIM(CAST(@DeleteHostID AS nvarchar(50)))

PRINT N'Getting host cluster GUID'

DECLARE @HostClusterID GUID;
SET @HostClusterID =
(
SELECT HostClusterID FROM [dbo].[tbl_ADHC_Host]
WHERE HostID = @DeleteHostId
)

IF (@HostClusterID IS NOT NULL)
PRINT N'Retreived host cluster GUID ' + RTRIM(CAST(@HostClusterID AS nvarchar(50)))
ELSE
PRINT N'This host does not belong to a cluster'

PRINT N'Deleteing physical objects'

DELETE FROM [dbo].[tbl_WLC_PhysicalObject]
WHERE HostId = @DeleteHostId

PRINT N'Deleteing virtual objects'

DELETE FROM [dbo].[tbl_WLC_VObject]
WHERE HostId = @DeleteHostId

PRINT N'Prepairing to delete host network adapters'

DECLARE @HostNetworkAdapterCursor CURSOR;
DECLARE @HostNetworkAdapterID GUID;
SET @HostNetworkAdapterCursor = CURSOR FOR
(SELECT NetworkAdapterID FROM [dbo].[tbl_ADHC_HostNetworkAdapter])

OPEN @HostNetworkAdapterCursor

FETCH NEXT FROM @HostNetworkAdapterCursor INTO @HostNetworkAdapterID

WHILE (@@FETCH_STATUS = 0)
BEGIN
PRINT N'Prepairing to delete host network adapter with GUID ' + RTRIM(CAST(@HostNetworkAdapterID AS nvarchar(50)))

PRINT N'Deleting logical network mapping for host network adapter with GUID ' + RTRIM(CAST(@HostNetworkAdapterID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_NetMan_HostNetworkAdapterToLogicalNetwork]
WHERE HostNetworkAdapterID = @HostNetworkAdapterID

PRINT N'Deleting IP subnet VLAN mapping for host network adapter with GUID ' + RTRIM(CAST(@HostNetworkAdapterID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_NetMan_HostNetworkAdapterToIPSubnetVLan]
WHERE HostNetworkAdapterID = @HostNetworkAdapterID

FETCH NEXT FROM @HostNetworkAdapterCursor INTO @HostNetworkAdapterID
END

CLOSE @HostNetworkAdapterCursor
DEALLOCATE @HostNetworkAdapterCursor

PRINT N'Completing host network adapters deletion'

DELETE FROM [dbo].[tbl_ADHC_HostNetworkAdapter]
WHERE HostID = @DeleteHostId

PRINT N'Deleting virtual networks'

DELETE FROM [dbo].[tbl_ADHC_VirtualNetwork]
WHERE HostID = @DeleteHostId

PRINT N'Deleting virtual switch extensions'

DELETE FROM [dbo].[tbl_NetMan_InstalledVirtualSwitchExtension]
WHERE HostID = @DeleteHostId

PRINT N'Deleting host volumes'

DELETE FROM [dbo].[tbl_ADHC_HostVolume]
WHERE HostID = @DeleteHostId

PRINT N'Deleting pass through disks'

DELETE FROM [dbo].[tbl_WLC_VDrive]
WHERE HostDiskId IN (SELECT DiskID FROM [dbo].[tbl_ADHC_HostDisk] WHERE HostID IN (SELECT HostID FROM [dbo].[tbl_ADHC_Host] WHERE HostID = @DeleteHostId))

PRINT N'Deleting host disks'

DELETE FROM [dbo].[tbl_ADHC_HostDisk]
WHERE HostID = @DeleteHostId

PRINT N'Prepairing to delete host bus adapters'

DECLARE @HostBusAdapterCursor CURSOR;
DECLARE @HostBusAdapterID GUID;
SET @HostBusAdapterCursor = CURSOR FOR
(SELECT HbaID FROM [dbo].[tbl_ADHC_HostBusAdapter])

OPEN @HostBusAdapterCursor

FETCH NEXT FROM @HostBusAdapterCursor INTO @HostBusAdapterID

WHILE (@@FETCH_STATUS = 0)
BEGIN

PRINT N'Prepairing to delete host bus adapter with GUID ' + RTRIM(CAST(@HostBusAdapterID AS nvarchar(50)))

PRINT N'Deleting fiber port mapping for host bus adapter with GUID ' + RTRIM(CAST(@HostBusAdapterID AS nvarchar(50)))

DECLARE @FiberPortID GUID;
SET @FiberPortID =
(
SELECT PortID FROM [dbo].[tbl_ADHC_FCHbaToFibrePortMapping]
WHERE FCHbaID = @HostBusAdapterID
)

DELETE FROM [dbo].[tbl_ADHC_FCHbaToFibrePortMapping]
WHERE FCHbaID = @HostBusAdapterID

PRINT N'Deleting fiber port with GUID ' + RTRIM(CAST(@FiberPortID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_ADHC_FibrePort]
WHERE PortID = @FiberPortID

PRINT N'Deleting fiber channel mapping for host bus adapter with GUID ' + RTRIM(CAST(@HostBusAdapterID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_ADHC_HostFibreChannelHba]
WHERE FCHbaID = @HostBusAdapterID

PRINT N'Deleting any iSCSI entries for host bus adapter with GUID ' + RTRIM(CAST(@HostBusAdapterID AS nvarchar(50)))

DECLARE @iSCSITargets TABLE
(
TargetID GUID
)
INSERT INTO @iSCSITargets (TargetID)
SELECT TargetID FROM [dbo].[tbl_ADHC_ISCSIHbaToTargetMapping]
WHERE ISCSIHbaID = @HostBusAdapterID

PRINT N'Deleting iSCSI host bus adapter to target mapping for mapping for host bus adapter with GUID ' + RTRIM(CAST(@HostBusAdapterID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_ADHC_ISCSIHbaToTargetMapping]
WHERE ISCSIHbaID = @HostBusAdapterID

PRINT N'Deleting iSCSI host bus adapter with GUID ' + RTRIM(CAST(@HostBusAdapterID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_ADHC_HostInternetSCSIHba]
WHERE ISCSIHbaID = @HostBusAdapterID

PRINT N'Deleting iSCSI targets for host bus adapter with GUID ' + RTRIM(CAST(@HostBusAdapterID AS nvarchar(50)))

DECLARE @iSCSITargetIDCursor CURSOR;
DECLARE @iSCSITargetID GUID;
SET @iSCSITargetIDCursor = CURSOR FOR
(SELECT TargetID FROM @iSCSITargets)

OPEN @iSCSITargetIDCursor

FETCH NEXT FROM @iSCSITargetIDCursor INTO @iSCSITargetID

WHILE (@@FETCH_STATUS = 0)
BEGIN

PRINT N'Deleting iSCSI targets with GUID ' + RTRIM(CAST(@iSCSITargetID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_ADHC_ISCSITarget]
WHERE TargetID = @iSCSITargetID

FETCH NEXT FROM @iSCSITargetIDCursor INTO @iSCSITargetID
END

CLOSE @iSCSITargetIDCursor
DEALLOCATE @iSCSITargetIDCursor

FETCH NEXT FROM @HostBusAdapterCursor INTO @HostBusAdapterID
END

CLOSE @HostBusAdapterCursor
DEALLOCATE @HostBusAdapterCursor

PRINT N'Completing host bus adapters deletion'

DELETE FROM [dbo].[tbl_ADHC_HostBusAdapter]
WHERE HostID = @DeleteHostId

PRINT N'Prepairing to delete agent servers'

DECLARE @AgentServerID  GUID;
SET @AgentServerID =
(
SELECT AgentServerID FROM [dbo].[tbl_ADHC_AgentServerRelation]
WHERE HostLibraryServerID = @DeleteHostID
)

PRINT N'Deleting agent server relations'

DELETE FROM [dbo].[tbl_ADHC_AgentServerRelation]
WHERE HostLibraryServerID = @DeleteHostID

PRINT N'Deleting health monitor data for agent server with GUID ' + RTRIM(CAST(@AgentServerID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_ADHC_HealthMonitor]
WHERE AgentServerID = @AgentServerID

PRINT N'Deleting agent server with GUID ' + RTRIM(CAST(@AgentServerID AS nvarchar(50)))

DELETE FROM [dbo].[tbl_ADHC_AgentServer]
WHERE AgentServerID = @AgentServerID

PRINT N'Deleting host GPUs'

DELETE FROM [dbo].[tbl_ADHC_HostGPU]
WHERE HostID = @DeleteHostId

PRINT N'Deleting host'

DELETE FROM [dbo].[tbl_ADHC_Host]
WHERE HostID = @DeleteHostId

IF (@HostClusterID IS NOT NULL)
BEGIN

PRINT N'Checking to see if any other hosts are joined to the same cluster'

DECLARE @HostCount INT;
SET @HostCount =
(
SELECT COUNT(*) FROM [dbo].[tbl_ADHC_Host]
WHERE HostClusterID = @HostClusterID
)

PRINT N'There are ' + RTRIM(CAST(@HostCount AS nvarchar(50))) + N' currently joined to the same cluster'

IF (@HostCount = 0)
BEGIN

PRINT N'Deleting cluster disks'

DELETE FROM [dbo].[tbl_ADHC_ClusterDisk]
WHERE ClusterID = @HostClusterID

PRINT N'Deleting cluster'

DELETE FROM [dbo].[tbl_ADHC_HostCluster]
WHERE ClusterID = @HostClusterID
END
ELSE
PRINT N'This host is not the last host in the cluster, the cluster will be deleted upon the deletion of the last host.'
END
ELSE
PRINT N'This host does not belong to a cluster, no clusters will be deleted'

GO







Script originally from http://helshabini.wordpress.com/2011/11/14/manually-remove-hyper-v-host-cluster-from-scvmm-2012-database/