You are here

Ivan Radovanovic's blog

Ivan Radovanovic's picture

Extracting private key and certificate from pfx file

To extract private key:

  • openssl pkcs12 -in file.pfx -nocerts -out pk.pem
  • openssl rsa -in pk.pem -out key.pem

To extract certificate:

  • openssl pkcs12 -in file.pfx -clcerts -nokeys -out cert.pem
Ivan Radovanovic's picture

Making SQL Server express listen for tcp connections

Start Configuration Manager (separate program with that name), go to "SQL server network configuration", choose "Protocols" bellow that - right click TCP/IP and click enable if not enabled already. Right click it again - choose properties this time, choose no for "listen all" unless you are exposing service to other machines, then on next tab choose "Enabled" for addresses you want to listen on (::1 and make sense). Make sure you delete "TCP dynamic ports" and set 1433 for "TCP port" value. Also make sure that your web.config files contain for server address.

Ivan Radovanovic's picture

Basic linux firewall configuration (iptables)

Linux firewall divides all traffic into 3 groups


First two are obvious, third group I guess also covers nat and similar features.

Traffic is controlled by adding accept or reject rules to appropriate group - compared to OpenBSD's pf iptables seems to be missing tables (weird choice for name, he he), all rules seem to behave like quick rules and you need explicitly to take care of connection state.

Ivan Radovanovic's picture

How to install deb file on linux

dpkg -i filename.deb

Ivan Radovanovic's picture

IPsec based VPN using FreeBSD

Since I wasn't really able to find information how to set this up on one place here is short recipe.


Ivan Radovanovic's picture

How to create pdfs from man pages

man -t page_name | ps2pdf - page_name.pdf

Sometimes this pdf actually looses some formatting (I don't have any idea why), so it might make more sense to create plain ps file

man -t page_name >

Note: You might want to change page size in /usr/share/groff_font/devps/DESC (by default it is set to letter there)

Ivan Radovanovic's picture

How to make tsclient use freerdp instead of rdesktop in freebsd

First of all why anyone would do that? Because rdesktop doesn't support newer encryption schemes supported by remote desktop while freerdp does.

Ivan Radovanovic's picture

How to prevent annoying crackers from brute force login attacks

Add following to your /etc/pf.conf

# if re0 is your card
# this goes in the top
table <bad_guys> persist
block in quick on $ext_if from <bad_guys> to any

Add following to your /etc/syslog.conf; |/root/

(assuming that is in /root directory)

Ivan Radovanovic's picture

How to gracefully restart lighttpd

Gracefully here meaning without loosing any request which is in processing (request which are not accepted yet might still be rejected)

Send SIGINT to lighttpd and then start new instance of it - the one received INT will stop listening for new connections but it will finish all connections it already accepted and exit after it
killall -INT lighttpd && lighttpd -f config_file


Subscribe to RSS - Ivan Radovanovic's blog