Extract cert & key from PFX

To extract the private key and SSL Certificate from PFX file do the following:

openssl>pkcs12 -in filename.pfx -nocerts -out key.pem -nodes

openssl>pkcs12 -in filename.pfx -nokeys -out cert.pem

to remove the password from the file:

openssl>rsa -in key.pem -out server.key

Once you have these items extracted you can now create a new PFX file containing the SSL Intermediate certificate.  This is sometimes a requirement on some systems like load balancers that don't have a place to upload a separate SSL cert.

openssl>pkcs12 -export -out your_cert.pfx -inkey your_private.key -in your_cert.cer -certfile verisign-chain.cer


Convert a CER to PEM

Run the following command:

openssl x509 -inform pem -in certificate.cer -outform der -out certificate.pem

 

UPDATED!

It is now considered best practice to simply edit the nsswitch.conf file located under DRIVE:\cygwin64\etc\ and add the line:

db_home:    windows

Also, be sure to add "C:\cygwin64\bin" to your PATH Environment Variables.

I use cygwin openssh to allow me to ssh to *Nix machines.  One problem after initial install is that cygwin cannot save the ssl cert on your PC because the default path is wrong.  Here is how to fix that.

Find the "passwd" file usually located here "C:\cygwin64\etc" on a default 64bit install.  Edit the file in notepad and change the following line.

FROM: /home/username

TO: /cygdrive/c/users/username

where "username" is your windows login.  Please note that "cygdrive" in the above path is the actual text you need to use.  This is not the path for cygwin.

Save the file and you are good to go.

 

I have always used WinSCP to copy file to/from linux based systems.  I recently setup a VMware ESXi 5.0 server in my home lab and found myself needing to sometimes copy large files like ISOs or VMDK files to and from the server to my PC.  I have heard that FastSCP is much faster then WinSCP and some of my copies were taking 1+ hour so I decided to take a look.

What I found is that FastSCP is indeed faster.  Not just a little bit either.  I think their claim of 6X faster is actually pretty accurate.  I found that to copy about 40GB file using WinSCP took about 1 hour.  The same copy using FastSCP took only 8 - 15 minutes on average.  See image below:

As you can see from image above FastSCP is pretty fast.  It definitely uses the bandwidth available more efficiently.

 

When we talk about data transfer rates most people use kbps, Mbps, Gbps.  But a lot of programs use KB/sec.  The table below can be used as a cheat sheet for quick conversions.

The table below uses "Kilo/Mega/Giga bits" for connection speed and "Kilo/Mega/Giga bytes" for download speed.

Connection Method Connection Speed
Maximum Theoretical
Download Speed
File Transfer Time
1 GB File
28.8K Modem 28.8-kbps 3.6-KB/sec 2+ Days
33.6K Modem 33.6-kbps 4.2-KB/sec 2 Days 18 hours
56K Modem 53.3-kbps 6.6-KB/sec 2 Days
One-channel ISDN 56-kbps 7-KB/sec 1 Day 18h 36m
One-channel ISDN 64-kbps 8-KB/sec 34h 43m
Two-channel ISDN 115.2-kbps 14.4-KB/sec 21h 30m
Two-channel ISDN 128-kbps 16-KB/sec 17h 21m
Fractional T-1 256-kbps 32-KB/sec 8h 40m
384K DSL 384-kbps 48-KB/sec 6h
Satellite 400-kbps 50-KB/sec 3h 55m
Fractional T-1 512-kbps 64-KB/sec 4h 20m
DSL/Fract. T-1 768-kbps 96-KB/sec 3h
1-mbps DSL 1,000-kbps 125-KB/sec 2h 10m
T-1 (1.544-mbps) 1544-kbps 193-KB/sec 1h 26m
E1 2 Mbps 2000-kbps 250-KB/sec 1h 5m
10-Base-T 10-Mbps 1.25-MB/sec 13m
ATM25 25.6-Mbps 3.2-MB/sec 5m
E3 34-Mbps 4.25-MB/sec 3m
DS3/T3 45-Mbps 5.63-MB/sec 2m 55s
OC1 51-Mbps 6.38-MB/sec 2m 35s
100Base-T 100-Mbps 12.5-MB/sec 1m 20s
OC3 155-Mbps 19.38-MB/sec 51s
OC12 622-Mbps 77.75-MB/sec 12s
1000Base-T 1-Gbps 125-MB/sec 8s
OC48 2.4-Gbps 300-MB/sec 3s
OC192 10-Gbps 1.25-GB/sec 1s


The following factors need to be considered when measuring network speeds:

  • Latency & jitter
  • physical signaling overhead
  • TCP overhead

Typically on a clean line you will see anywhere from 10% to 25% loss due to factors mentioned above.

I'm not one to usually recommend software but I thought I would share my experience with what I consider to be a good application.

Most companies use a combination of applications to monitor the health of their network.  The usual suspects are device Monitoring with tools like What's Up Gold or IPSentry.  These tools do a great job of monitoring servers, routers, etc.  Next would be bandwidth usage monitoring.  Most companies utilize a great freely available tool MRTG to accomplish this.  Finally there are times when you need to dig deeper on network issues and tools like wireshark or ntop let you capture packets in real-time.  Enter PRTG Monitor.  This web-based monitoring software combines all three areas covered above from one central location.

Some of the highlights that I find very useful are:

  • Packet capture via port-mirroring.  Similar to tools like NTOP that can help you catch a rogue device or abuse on the network PRTG can capture packets in real time and display Top Talkers, Top Connections, and more.  Another useful feature is that this data is kept in logs for up to 1 year which allows you to go back and look at past events on the network!
  • The ability to create custom "MAPS" which are basically HTML based pages that allow users to view real-time monitoring sensors in a READ only mode.  Another advantage is that you can publish these pages with no login required.
  • PRTG also has bandwith monitoring via SNMP Counters just like MRTG.
  • Distributed approach which allows for exponential growth by allowing you to deploy more than one server/pc that will perform monitoring.

If you ever have time to check it out I highly recommend you do.  You can get more details here:

http://www.paessler.com/prtg/

Oh.  Almost forgot to mention that there is a completely FREE version which limits you to 10 sensors!

 

UPDATE!

PRTG Monitor now offers 100 FREE Sensors!  Their latest versions have also added 100's of new sensors and capabilities including HTML 5 design.