Export X509 certificate from PFX keystore with OpenSSL

Sometimes we find ourselves in the need of converting certificates between various formats.

Recently I received a .pfx keystore (pkcs12 format) containing a X509v3 certificate I needed to import in a java jks keystore.

Exporting the certificate from the .pfx file

Exporting the certificate is pretty easy, just use the following command:
openssl pkcs12 -in pfxkeystore.pfx -out certificate.pem -nokeys -nodes

Convert to x509 format

The exported certificate is not a x509 certificate. To convert it use the following command:
openssl x509 -outform der -in certificate.pem -out certificate.cer

Import Certificate into jks using keytool

Now you can just import the certificate normally into your jks keystore using this command:
keytool -importcert -alias certificatealias -file certificate.cer -keystore jkskeystore.jks

About 2 Months with Gnome Shell 3.2

I've been an avid Ubuntu user for several years now. I even liked the Unity desktop and have been using that for a long time as well. But after the update to 11.10 there was just to many things wrong with Unity. They made it impossible hard to remove Gwibber and other if their indicator entries. And I couldn't keep ignoring the entries in top of the other bugs and missing features I just to just work around.

So I decided to give Gnome Shell a try, and after using it for about two months I decided it was time to write down some of my impressions with it. My initial impression is that I quite like it. However there are a few things I would like to change. Forgive me if these things have already been reported as bugs and fixed in later versions.


  • I don't understand why some notifications stays persistent on the screen. For instance when a portable drive (usb stick) is inserted it shows a notification that the drive is ready. That notification doesn't disappear until you click either one of the action buttons or the black edge. I would also like to see the possibility to turn of those notifications as they appear every time I boot my laptop at home (as it mounts nfs drives at home)
  • Chat notifications are very handy. I like that you can keep your conversations in the notifications, but for some reason you can't keep them persistent and one wrong click and it opens the empathy window instead. I would like the ability to keep my conversations in those notifications.
  • I would love to see even deeper integration between gnome shell and empathy (chat). For instance you can search for contacts from empathy in the Activities, but you can't initiate a chat with that person... You can only see their contact details (even though you can see their online status) That just seems inconsistent.
  • I would also love to see the ability with keeping chats in the notifications described above.
  • It would be nice with better navigation between searched items in the Activities view. Once you searched for something partly and a few suggestions remain, it's not always obvious that only the up/down arrow keys can be used to navigate horizontally between suggestions.
  • As I'm a Google fanboy, I would like to see even deeper integration with google products such as documents, gmail and calendar. READ: Please get rid of the dependency on evolution to be able to sync google calendars to the calendar widget.
Having listed some of the things I would really love to see in Gnome Shell, I have to say I'm quite impressed with how well it works and how stable it is. It's pleasant to use and doesn't have all the small annoyances in Unity. Ok, to be fair, it has a few things that gets a bit annoying (see above) but overall it just feels more finished than Unity. 

Using sed to replace properties

I found myself wanting to replace some values in a property file using a bash shell script. The easiest way of doing that is by utilizing sed. I ended up doing the following to replace a value in the properties file (well actually it was the AIA installation response file, but the idea is exactly the same).


Below is an example:

sed -ie s/^hostname=.*/hostname=techblog.moerks.dk/ server.properties

Constructing replacements this way is a nice way of replacing property values as it is not dependent or special tags or anything like that.

Removing Indicator entries in Ubuntu 11.10

On my computer at home I never user a dedicated email client (Thunderbird in 11.10) and therefore wanted to remove the entry in the Message Indicator. I also have an aversion against Gwibber so that had to go as well. Normally I just remove the applications from the computer, but in 11.10 you can't remove Gwibber without removing the entiry ubuntu desktop (WTF?). Anyway I finally found this post explaining how to do it.

Unfortunately it didn't work for me, so I removed the entries instead of blacklisting them like this:

$ rm /usr/share/indicators/messages/applications/thunderbird
$ rm /usr/share/indicators/messages/applications/gwibber.indicator
After logging out and back in, the entries was gone. Excellent!

String concatenation in bash problems

Today I spent several hours figuring out how to do string concatenation in a bash script.

I was thinking that it should be quite easy just do

STRING_2= World

And of course it turns out that it is just that easy. However my problem was that I was using Notepad++ to edit the files (I know, bash on windows?). Without going into the discussion, let's just say it makes sense for my setup :)

But of course I got strange results, it seemed that the second string would be written "on top" of the first string. I finally figured out what the problem was and of course it was because the files was formatted with Windows line breaks and not Unix line breaks. I'm writing this because I need to remember to check these things every time I see strange behavior.

Now I just have to figure out how to force Notepad++ to default to using Unix line breaks.

Ubuntu Oneiric with Wine and OpenGL

Yesterday I suddenly couldn't start my wow client anymore as opengl was apparently broken. After a great deal of searching a few suggestions came up.

  • Make sure nvidia 32bit libraries are installed
    • I have no idea what this means. I know the nVidia distributed drivers will install these if you let them, but as I'm using the Ubuntu package and not the distributed drivers this made no sense to me.
  • Update to the latest Wine
    • This had no effect, but forced me to finally do the update I have been putting off. So I guess that was alright.
As none of the suggestions had any effect, I started digging in /usr/lib32 and found the libGL.so and libGL.so.1 was linking to the Mesa versions and not the nvidia versions. Changing the links finally made it work again. 

I'm still a bit surprised it suddenly stopped working, but I guess that's to be expected on a beta distribution.