Monthly Archives: March 2016

Using keystore in JAVA for Self-Signed SSL certificates

You may observe the next error when working with domains with self-signed certificate: 
unable to find valid certification path to requested target

In this case you have to do next steps to allow java program trust to the given domain:

1. Get SSL certiicate for domain:

openssl s_client -connect > cert1.cert

2. Generate java keystore:

D:\runtime\jdk8u45x64\bin\keytool -import -v -trustcacerts 
-file cert1.cert -keystore cacerts1.jks 
-alias somealias -keypass "changeit" -storepass "changeit"

Type “yes” when promts to accept certificate.

3. Add JVM arguments to your program:"D:\projects\my\cacerts3.jks""changeit"

4. (Optional) debug arguments:

Also available java arguments (in case of self signed certificates not useful):"D:\projects\my\cacerts3.jks""changeit"

Thanx to:

Execute command from other user in Linux

Linux OS is fluent to run commands under different user if you are logged as root.
Here are two ways to do it:

1. Using “SUDO” command:

  sudo -u <username> "<commands>"

Example: sudo -u www-data php occ

2. Using “SU” command:

  su - <username> -c "<commands>"

Example: su – www-data -c ‘php /var/www/html/console.php files:scan –all’

Thanx to

OwnCloud connection to server error

The OwnCloud is great replacement of google, yandex, dropbox disks. It is really useful and convenient tool to manage your private data.

There are few ways to connect to you server:
- web dav directly from OS
- browser access
- iOS/Android mobile OS

If you OwnCloud service is behind the Nginx server with SSL protection, you can see the next error when access from mobile client:

it is not possible to connect to the server at this time

After spending few days in searching the solution on forum no one fix helped.

I paid attention in Admin panel on “Security & setup warnings” section:

The "Strict-Transport-Security" HTTP header 
is not configured to least "15768000" seconds. 
For enhanced security we recommend enabling HSTS 
as described in our security tips.

So, go ahead!

Just add the header to Nginx config (Strict-Transport-Security):

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

Restart Nginx and voila – mobile client will ask you to accept SSL certificate!