Wednesday, August 24, 2016

How to turn on "save as..." prompt on Microsoft Edge browser

I really miss the "save as" prompt in Microsoft edge browser. By default it just start to download file without asking where i want to save it. By default it save file to user's profile "download" directory, but what to do if you have no space on that drive and need to download large file? Fortunately there are solution.

  • Open command prompt or press "win"+r keys. 
  • Type in "regedit" and press "enter".
  • Navigate to key HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\
  • If there no "Download" key create it.
  • Navigate to Download key and create DWORD value "EnableSavePrompt"
  • Assign value "1" if you want "Save As..." prompt or "0" to turn off.

Tuesday, August 23, 2016

Ubuntu 16.04. How to generate self signed SSl certificate for NGINX and add it to trusted list.

First you need to generate self-signed certificate to NGINX:

Create directory for certificates:

sudo mkdir /etc/nginx/ssl

Now generate ssl certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

  • openssl: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.
  • req: This subcommand specifies that we want to use X.509 certificate signing request (CSR) management. The "X.509" is a public key infrastructure standard that SSL and TLS adheres to for its key and certificate management. We want to create a new X.509 cert, so we are using this subcommand.
  • -x509: This further modifies the previous subcommand by telling the utility that we want to make a self-signed certificate instead of generating a certificate signing request, as would normally happen.
  • -nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Nginx to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening because we would have to enter it after every restart.
  • -days 365: This option sets the length of time that the certificate will be considered valid. We set it for one year here.
  • -newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
  • -keyout: This line tells OpenSSL where to place the generated private key file that we are creating.
  • -out: This tells OpenSSL where to place the certificate that we are creating.
you will be asked for some questions:

Country Name (2 letter code) [AU]:US 
State or Province Name (full name) [Some-State]: New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Acme, Inc. 
Organizational Unit Name (eg, section) []:Research dep.
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com 
Email Address []:admin@your_domain.com  

Now self signed certificate generated, we need to configure NGINX to use SSL.

open nginx site config file. (usually /etc/nginx/sites-available/<some_name>.conf

you will find something like this:

server { 

          listen 80 default_server; 
          listen [::]:80 default_server ipv6only=on; 

          root /usr/share/nginx/html; 
          index index.html index.htm; 

          server_name your_domain.com; 

          location / { 
                    try_files $uri $uri/ =404; 
         


 Add the following lines:

server { 

          listen 80 default_server; 
          listen [::]:80 default_server ipv6only=on; 

          listen 443 ssl;

          root /usr/share/nginx/html; 
          index index.html index.htm; 

          server_name your_domain.com; 
          ssl_certificate /etc/nginx/ssl/nginx.crt;
          ssl_certificate_key /etc/nginx/ssl/nginx.key; 

          location / { 
                    try_files $uri $uri/ =404; 
         
}

save and close file, then restart nginx:

sudo service nginx restart

Then test is your site accessible via https. Open browser and select https: instead of http.
You likely get a warning that you site use untrusted certifcate. That is normal because we use self-signed certificate.

Now if we want to communicate with this server from another machine using https: we need to add our certificate to "trusted list" on another machine:

go to /usr/local/share/ca-certificates/, create new folder folder and copy .crt file.

cd /usr/local/share/ca-certificates
sudo mkdir <dir_name>


make sure that permissions are OK. 755 for the folder and 644 for file.

Next you should update certificate list:

sudo update-ca-certificates


-------- method 2 -----------

go to /usr/share/ca-certificates:

cd  /usr/share/ca-certificates

create new dir.

sudo mkdir <dir_name>

issue command:

sudo dpkg-reconfigure ca-certificates

 
sudo dpkg-reconfigure ca-certificates calls update-ca-certificates internally



P.S.

I noticed that this will not help if you use try to connect to server using python and urllib3. I always got message:

 [SSL: CERTIFICATE_VERIFY_FAILED]

this was solved to add VERIFY='path_to_certificate_file' in requests.post() function