Okay, I have to say, a few things in this world drive me crazy, okay maybe a little more than a few.  Now I know this won’t apply to most people as they probably only have to ever VPN into one place, but for the folks in this world that VPN into multiple places, I often find that my Cisco Anywhere client tool often gets updated.  The problem I often find is that my default URL gets changed and the drop down never works, so I end up memorizing bizarre VPN urls for my various clients.

I just want to be able to have my most common client be first in the list and ideally have my other VPN urls in the drop down.  So I a fit of frustration I did a Google search yesterday and found how to change the default URL.  Look for the file preferences.xml which should be in your c:\users\{youruserid}\appdata\local\cisco\Cisco AnyConnect VPN Client\ folder, I had some issues finding this file as it might be in the roaming folder instead of local, and it might just be hidden.  In the file you can change the entry for:  DefaultHostName.

In order to get the drop down list to work properly, I found in my c:\programdata\cisco\Cisco AnyConnect Secure Mobility Client\Profile that there was an xml file that had my default profile in it.  In my trusty UltraEdit, I found the section for the ServerList and made a new HostEntry block for each of my VPN Servers.

<ServerList>
<HostEntry>
<HostName>{MyVPN-name-vpn1}</HostName>
<HostAddress>{MyVPN-address-vpn1}</HostAddress>
</HostEntry>
<HostEntry>
<HostName>{MyVPN-name-vpn2}</HostName>
<HostAddress>{MyVPN-address-vpn2}</HostAddress>
</HostEntry>
</ServerList>

Now my drop down box works.  Now I am a little bit happier. 🙂

Smart Thinking Newsletter

This Just In: Cloud ERP Acceptance is Rising!

It may have taken some time to get underway, but it looks like (according to Enterprise Apps Today) that more businesses are making the switch to Cloud ERP solutions. While there are obvious advantages to cloud hosting, this article from Enterprise Apps Today covers some of the common questions and concerns that organizations should address prior to making a move to the cloud.

I had to recreate a database in SQL Server the other day and my database user did not have privileges to recreate the database, so I found the following code which worked like a charm to drop all the tables in the database.  This example deletes all tables that start with PS, which drops all the PeopleSoft tables:

declare @SQL nvarchar(max)

SELECT @SQL = STUFF((SELECT ‘, ‘ + quotename(TABLE_SCHEMA) + ‘.’ + quotename(TABLE_NAME)
FROM INFORMATION_SCHEMA.TABLES WHERE Table_Name LIKE ‘PS%’
FOR XML PATH(”)),1,2,”)

SET @SQL = ‘DROP TABLE ‘ + @SQL

PRINT @SQL

EXECUTE (@SQL) — uncomment to actually delete the tables

Weblogic Web Server SSL Certificate:

A client called today and said they needed to change their wildcard SSL certificate that they were using on one of the external web servers. This seemed like a simple enough request, so:

Step 1:

Get Client to send the new SSL Certificate in pfx format.

Step 2:

Using Portecle “a user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more” – Load the PFX SSL Certificate

Step 3:

Convert the new keystore to JKS format.

Step 4:

Reset the password to the SSL Certificate and set the Alias name to the Alias already in use.

Step 5:

Export the PEM encoded certificate to a file and set the file extension to .CRT – This allows the SSL Certificate to be easily opened in Windows.

Step 6:

Export the intermediate and root certificates in base x.509 formats.

Step 7:

Import the intermediate and root trusted certificates (the ones just exported in Step 6) back into the keystore.

Step 8:

Take the SSL Certificate in PEM format and append the SSL Certificate Intermediate PEM format and then the SSL Certificate Root Certificate Authority (CA) in PEM format.  This basically creates a full certificate chain in PEM format.

Step 9:

In Portecle update the CA Reply of the Certificate with the Full Certificate Chain in PEM format.  This step is important so no certificate errors are reported with Firefox Browser.

Results:

The new JKS Keystore has 3 SSL Certificates in the keystore, the Full SSL Certificate private/public key combination, and the SSL Certificate Intermediate and SSL Certificate Root.

Install New SSL Certificate Keystore:

Log into the Weblogic Server and rename the existing SSL Certificate Keystore and upload the new SSL Certificate Keystore using the original SSL Certificate Keystore filename.

Restart the server, and………..

BOOOOOOOM!

ERROR:  <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Cannot convert identity certificate.>

Well, that’s new!  A quick investigation on Google, and some checking turns up that the new certificate was created using SHA256withRSA, while the old one used SHA1withRSA.

As it turns out, Weblogic prior to 10.3.4 cannot use certificates with SHA256withRSA encryption as it uses Certicom SSL implementation.  However, since the web server is version 10.3.6, JSSE SSL needs to be enabled.

Which is under the advanced options of the Weblogic console found under the SSL tab for the Server in question.  Once enabled and the web server restarted, the SSL Certificate & New Keystore worked!

Knowledge Reference:

Check out Wikipedia’s page on SHA-2 Encryption information.

Smart Thinking Newsletter

How to Avoid an ERP Cloud Migration Nightmare

Forbes is great at putting together excellent resources for ERP users, and this one is no exception. Planning any type of ERP upgrade or migration can be complex, but it can quickly get out of hand if the proper steps aren’t taken – including deciding what to keep and what to change. Don’t get fooled by The Hello Kitty Witch.