bookmark_borderCreating a Keystore for Android Apps on Windows

If you’re building Android apps for the Android or Amazon Playstore you will need to sign your apps with a certificate. To do this, you will need a Keystore file. There are a lot of instructions on how to do this on a Mac, but if you’re on a Windows machine it’s a labyrinth of useless information.

This is a simple guide on how to create a keystore using Windows, here is what you will need:

Operating SystemWindows 10
JavaJava SDK 17 (or latest version)

Yes, you need Java so just do it.

By default, the installation will go to: C:\Program Files\Java\ (remember this)

NOTE: Open Command prompt as Administrator, not doing this will generate a permission error.

In your command prompt, navigate to the bin folder. For me, it was:

cd "c:\Program Files\Java\jdk-17\bin"

From here, you can now run the keytool application like this:

keytool -genkey -v -keystore my-release-key.keystore -alias [change this value] -keyalg RSA -keysize 2048 -validity 10000 

Set the -alias to whatever you’re going to call it. For instance it could “tonys-androidapp“.

NOTE: You can set the path where you want to store the .keystore by doing something like this

-keystore “C:\Users\Tony Perez\[Path to Keystore]\my-release-key.keystore”

It will prompt you to provide your keystore password:

Enter keystore password:
Re-enter new password:

Save this, you will need it. Fill out the rest of the information as you see fit:

What is your first and last name? Tony Perez
What is the name of your organizational unit? Engineering
What is the name of your organization? Tony Codes, LLC
What is the name of your City or Locality? Texas
What is the name of your State or Province? Texas
What is the two-letter country code for this unit? US
Is CN=Tony Perez, OU=CleanBrowsing, O=CleanBrowsing, L=Texas, ST=Texas, C=US correct? yes

That’s it, now you have a new keystore that you can use to sign your apps.

Cheers!

bookmark_borderERROR 1064 (42000) at line 1 – Passing MySQL Create User Arguments via SSH

I was recently building a script to help move things from one server to another and in the process stumbled into a very annoying problem when passing MySQL arguments to a remote server via SSH.

Desired outcome: Create a new user in a remote DB using SSH.

In practice, this should be extremely simple. If you do this on the server, you could execute a command like this:

mysql --user="root" --password="[pass]" --execute="create user 'testing'@'localhost' identified by '123';"

You would now have a new user in your database called testing and it’s password would be 123.

Continue reading “ERROR 1064 (42000) at line 1 – Passing MySQL Create User Arguments via SSH”

bookmark_borderCan’t Scroll in Windows Subsystem for Linux

I don’t know when it started, but at some point in 2021 I was not able to scroll inside my linux terminal on Windows. I really don’t care why it started, but I do know the fix.

After banging my head on a wall, and living with it for a few months, I decided enough was enough.

Continue reading “Can’t Scroll in Windows Subsystem for Linux”

bookmark_borderTroubleshooting PHP-FPM: ERROR: [pool [name1]] unable to set listen address as it’s already used in another pool ‘[name2]’

This error is telling you that you forgot to update your listening address. You likely have another pool configuration pointing to the same address.

For example, name1.conf is pointing to:

listen = 127.0.0.1:9000

Continue reading “Troubleshooting PHP-FPM: ERROR: [pool [name1]] unable to set listen address as it’s already used in another pool ‘[name2]’”

bookmark_borderSigning an App using a CodeSign certificate with SignTool & Windows 10

I was recently working with a new Windows app we built at CleanBrowsing and our users were getting hit with security warnings post-installation. This warning was generated because the app was not signed.

Ok, let’s get things signed.

To sign I would need a code-sign certificate. I went through the process of getting an Extended Validation (EV) certificate from GlobalSign.

Site Note: The process was not too bad, you sign some forms, take some pictures and you’re done. You do need a Windows machine when download the certificate, be prepared for that.

Continue reading “Signing an App using a CodeSign certificate with SignTool & Windows 10”

bookmark_borderBlocking HTTP requests via Iptables for a specific domain

In a previous article, we showed how to block specific domains at the DNS level using iptables. Today, we will expand into that and show how to also block HTTP requests for a specific domain (or URL) in there.

Iptables String Matching

Iptables string matching is very powerful and easier to use than the hex-string module we used before. When you specify -m string –string, it will activate the string module and inspect at the packet content for the keyword you are looking for.

Continue reading “Blocking HTTP requests via Iptables for a specific domain”

bookmark_borderLets Encrypt: Unable to install the certificate

You’ve heard it’s important to install Let’s Encrypt (LE). You spin up your Ubuntu 18.04 machine and try to use https://certbot.eff.org/.

You run the command:

certbot –apache -d domain.com

You are greeted with:

Continue reading “Lets Encrypt: Unable to install the certificate”

bookmark_borderHow To List UFW Rules When The Application is Inactive or Disabled

When working on your server you might need to disable the Uncomplicated Firewall (UFW). When doing so you’ll notice it doesn’t display your rules when the application is inactive.

Continue reading “How To List UFW Rules When The Application is Inactive or Disabled”

bookmark_borderWorking with UFW – Uncomplicated Firewall – on Ubuntu

This is not a comprehensive guide to the UFW application.

It is a basic orientation for the UFW application. This should provide insights you’re probably not aware of, but many might assume you already know.

Continue reading “Working with UFW – Uncomplicated Firewall – on Ubuntu”

bookmark_borderHow do you enable SFTP on your Ubuntu server?

SFTP is a file transfer protocol. It wraps the File Transfer Protocol (FTP) inside the Secure Shell (SSH) protocol. This allows the communication to be protected as it moves from one point to another.

PSA: Using FTP is considered an insecure transfer protocol and should be avoided.

This article assumes you are trying to create new SFTP users on your linux machine. In this example we’ll be using Ubuntu 18.04.

Enabling and Creating SFTP users:

To enable SFTP you have to enable it inside your SSH configuration file. It’s often located here: /etc/ssh/sshd_config. Open the file and add the following to the end of the configuration file:

# override default of no subsystems
Subsystem       sftp    /usr/lib/openssh/sftp-server
Match group sftp
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp

Options explained:

OptionDescription
SubsystemAn abstraction layer that allows you to invoke remote commands. In this instance, we’re invoking sftp-server.
MatchAllows you to limit actions in shell, in this instance we’re limiting the actions to a specific group – sftp. Only those users inside the SFTP group will be able to SFTP into the server.
X11ForwardingThis is a special case for remote tunneling. Unfortuantely it can be used maliciously by a bad actor, so it’s recommended your disable unless you know what you’re doing.
AllowTCPForwarding“TCP Forwarding” allows you to encapsulate any other protocol (based on TCP of course) inside an already established SSH connection. There are a lot of reasons for this, but we don’t want to allow SFTP users to use this without appropriate planning.
ForceCommandThe remote system can only execute a set of statically defined commands. Specifying a command of internal-sftp will force the use of an in-process SFTP server that requires no support files when used with ChrootDirectory.

Once you add this to the SSH config file you need to restart OpenSSH:

service ssh restart

Now you need to add new SFTP users, and apply the user to the right group.

useradd -m [newsftpuser] -g sftp

Set the password:

passwd [newsftpuser]

Now you can test your SFTP connection, from a different server:

sftp [newsftpuser]@[serverIPaddress]

Happy SFTP’ing!

Sharing is caring!