Information

Tuesday, August 13, 2013

AMAZON - Create SSL Certificate for a Load Balancer

AMAZON - Create SSL Certificate for a Load Balancer
This section describes the process of generating a server certificate and preparing it to use with AWS products through IAM. To create a certificate, you perform a series of tasks as described by the following topics. Note: If you want to create user signing certificate that you can use to sign SOAP requests in EC2, see Creating and Uploading a User Signing Certificate Topics

Install and Configure OpenSSL
Create a Private Key
Create a Certificate Signing Request
Submit the CSR to a Certificate Authority

Install and Configure OpenSSL
Creating and uploading a certificate requires a tool that supports the SSL and TLS protocols. OpenSSL is an open-source tool that provides the basic cryptographic functions necessary to create an RSA token and sign it with your private key. If you don't already have OpenSSL installed, follow the instructions in this section.

To install OpenSSL on Windows
1. Go to OpenSSL: Binary Distributions (http://www.openssl.org/related/binaries.html).
2. Click OpenSSL for Windows.
A new page displays with links to the Windows downloads.
1. If it is not already installed on your system, select the Microsoft Visual C++ 2008 Redistributables link appropriate for your environment and click Download. Follow the instructions provided by the Microsoft Visual C++ 2008 Redistributable Setup Wizard.
2. After you have installed the Microsoft Visual C++ 2008 Redistributables, select the appropriate version of the OpenSSL binaries for your environment and save the file locally. The OpenSSL Setup Wizard launches.
3. Follow the instructions described in the OpenSSL Setup Wizard. Save the OpenSSL binaries to a folder in your working directory.
Before you use OpenSSL commands, you must configure the operating system so that it has information about the location of the OpenSSL install point.
To configure OpenSSL on Windows
1. Open a Command Prompt window.
2. Set the OpenSSL_HOME variable to the location of the OpenSSL installation:
  set Path=OpenSSL_HOME\bin;%Path%
3. Set the path to the OpenSSL installation:
  set Path=OpenSSL_HOME\bin;%Path%

Note: Any changes you make to Windows environment variables in a Command Prompt window are valid only for the current command-line session. You can make persistent changes to the environment variables by setting them as system properties. The exact procedures depend on what version of Windows you're using. (For example, in Windows 7, open Control Panel > System and Security > System. Then choose Advanced system settings > Advanced tab > Environment Variables.) For more information, see the Windows documentation.

Create a Private Key
You need a unique private key to create your Certificate Signing Request (CSR).
At the command line, use the openssl genrsa command and the following syntax:

openssl genrsa 2048 > private-key.pem For private-key.pem

specify your own file name. In the example, 2048 represents 2048-bit encryption. AWS also supports 1024-bit and 4096-bit encryption. We recommend you create an RSA key that is 2048 bits.

Create a Certificate Signing Request
The next step is to create a Certificate Signing Request (CSR). This is a file that you can send to a certificate authority (CA) to apply for a server certificate.
• Use the openssl req command to create a CSR and the following syntax:

openssl req -new -key private-key.pem -out csr.pem

The output will look similar to the following example:

You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank.
For some fields there will be a default value.
If you enter '.', the field will be left blank.

The following table can help you create your certificate request.

Name	Description	Example
Country Name	The two-letter ISO abbreviation for your country.	US = United States
State or Province	The name of the state or province where your organization is located. This name cannot be abbreviated.	Washington
Locality Name	The name of the city where your organization is located.	Seattle
Organization Name	The full legal name of your organization. Do not abbreviate your organization name.	Example Corp.
Organizational Unit	Optional, for additional organization information.	Marketing
Common Name	The fully qualified domain name for your CNAME. You will receive a certificate name check warning if this is not an exact match.	www.yourdomain.com
Email address	The server administrator's email address	someone@yourdomain.com

Note:The Common Name field is often misunderstood and is completed incorrectly. The common name is typically your host plus domain name. It will look like "www.company.com" or "company.com". You need to create a CSR using your correct common name.

Submit the CSR to a Certificate Authority
Your CSR contains information identifying you. To apply for a server certificate, send your CSR to a certificate authority (CA). The CA might require other credentials or proofs of identity.
If the request for a certificate is successful, the CA returns an identity certificate (and possibly a chain certificate) that is digitally signed.
AWS does not recommend a specific CA. For a partial listing of available CAs, see Third-Party Certificate Authorities.

Steps to update SSL Certificate on Amazon Elastic Load Balancer

Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the Amazon EC2 Getting Started page, in the EC2 Dashboard pane, under NETWORK & SECURITY, click Load Balancers.
On the Load Balancers page, select your load balancer.
The bottom pane displays the details of your load balancer.
Click the Listeners tab.
Click Change in the SSL Certificate column of the certificate you want to update.
On the Configure SSL Certificate page, select Choose from your existing SSL Certificates to use previously uploaded SSL certificate and select the certificate from the drop-down box.
Or, select Upload a new SSL Certificate if you have a SSL certificate and want to uploaded it.
Before you upload, ensure that your certificate meets the following citeria:
- Certificates must follow the X.509 PEM format.
- The current date must be between the certificate’s start and end date.
- Public and private certificate files must contain only a single certificate.
- The private key must match the public key that is in the digital server certificate.
- The private key must be an RSA private key in PEM format, where the PEM header is BEGIN RSA PRIVATE KEY and the footer is END RSA PRIVATE KEY.
- The private key cannot be encrypted with a password.
- A certificate chain starts with the immediate signing certificate and is then followed by any intermediaries in order. Intermediaries that are not involved in the trust path must not be included. The trusted root certificate can be optionally included as the last certificate.
If your certificate does not meet the criteria listed in this step, you might get an error when you upload it. Create a new SSL certificate and upload the certificate using AWS Identity and Access Management (IAM). For instructions on creating and uploading the SSL certificate, go to Creating and Uploading Server Certificates in Using AWS Identity and Access Management.

Step through the following instructions to continue uploading your SSL certificate.
- Enter the name of the certificate to upload.
- Copy and paste the contents of the private key file (PEM-encoded) in the Private Key box.
- Copy and paste the contents of the public key certificate file (PEM-encoded) in the Public Key Certificate box.
- [Optional] Copy and paste the contents of the public key certificate chain file (PEM-encoded) in the Certificate Chain box.
Note The certificate chain must be ordered such that the root certificate is the last certificate in the chain. If you use a certificate chain in a different order, you will receive an error.
Click Save.

Steps to Create SSL Certificate for Amazon Elastic Load Balancer and Update SSL Certificate on Elastic Load Balancer

his section describes the process of generating a server certificate and preparing it to use with AWS products through IAM. To create a certificate, you perform a series of tasks as described by the following topics. Note: If you want to create user signing certificate that you can use to sign SOAP requests in EC2, see Creating and Uploading a User Signing Certificate Topics

Install and Configure OpenSSL
Create a Private Key
Create a Certificate Signing Request
Submit the CSR to a Certificate Authority
To update an SSL certificate for an HTTPS load balancer
Sample server certificate

To install OpenSSL on Windows
1. Go to OpenSSL: Binary Distributions (http://www.openssl.org/related/binaries.html).
2. Click OpenSSL for Windows.
A new page displays with links to the Windows downloads.
1. If it is not already installed on your system, select the Microsoft Visual C++ 2008 Redistributables link appropriate for your environment and click Download. Follow the instructions provided by the Microsoft Visual C++ 2008 Redistributable Setup Wizard.
2. After you have installed the Microsoft Visual C++ 2008 Redistributables, select the appropriate version of the OpenSSL binaries for your environment and save the file locally. The OpenSSL Setup Wizard launches.
3. Follow the instructions described in the OpenSSL Setup Wizard. Save the OpenSSL binaries to a folder in your working directory.
Before you use OpenSSL commands, you must configure the operating system so that it has information about the location of the OpenSSL install point.
To configure OpenSSL on Windows
1. Open a Command Prompt window.
2. Set the OpenSSL_HOME variable to the location of the OpenSSL installation:
  set Path=OpenSSL_HOME\bin;%Path%
3. Set the path to the OpenSSL installation:
  set Path=OpenSSL_HOME\bin;%Path%

openssl genrsa 2048 > private-key.pem For private-key.pem

openssl req -new -key private-key.pem -out csr.pem

The output will look similar to the following example:

The following table can help you create your certificate request.

Name	Description	Example
Country Name	The two-letter ISO abbreviation for your country.	US = United States
State or Province	The name of the state or province where your organization is located. This name cannot be abbreviated.	Washington
Locality Name	The name of the city where your organization is located.	Seattle
Organization Name	The full legal name of your organization. Do not abbreviate your organization name.	Example Corp.
Organizational Unit	Optional, for additional organization information.	Marketing
Common Name	The fully qualified domain name for your CNAME. You will receive a certificate name check warning if this is not an exact match.	www.yourdomain.com
Email address	The server administrator's email address	someone@yourdomain.com

Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the Amazon EC2 Getting Started page, in the EC2 Dashboard pane, under NETWORK & SECURITY, click Load Balancers.
On the Load Balancers page, select your load balancer.
The bottom pane displays the details of your load balancer.
Click the Listeners tab.
Click Change in the SSL Certificate column of the certificate you want to update.
On the Configure SSL Certificate page, select Choose from your existing SSL Certificates to use previously uploaded SSL certificate and select the certificate from the drop-down box.
Or, select Upload a new SSL Certificate if you have a SSL certificate and want to uploaded it.
Before you upload, ensure that your certificate meets the following citeria:
- Certificates must follow the X.509 PEM format.
- The current date must be between the certificate’s start and end date.
- Public and private certificate files must contain only a single certificate.
- The private key must match the public key that is in the digital server certificate.
- The private key must be an RSA private key in PEM format, where the PEM header is BEGIN RSA PRIVATE KEY and the footer is END RSA PRIVATE KEY.
- The private key cannot be encrypted with a password.
- A certificate chain starts with the immediate signing certificate and is then followed by any intermediaries in order. Intermediaries that are not involved in the trust path must not be included. The trusted root certificate can be optionally included as the last certificate.
If your certificate does not meet the criteria listed in this step, you might get an error when you upload it. Create a new SSL certificate and upload the certificate using AWS Identity and Access Management (IAM). For instructions on creating and uploading the SSL certificate, go to Creating and Uploading Server Certificates in Using AWS Identity and Access Management.

Step through the following instructions to continue uploading your SSL certificate.
- Enter the name of the certificate to upload.
- Copy and paste the contents of the private key file (PEM-encoded) in the Private Key box.
- Copy and paste the contents of the public key certificate file (PEM-encoded) in the Public Key Certificate box.
- [Optional] Copy and paste the contents of the public key certificate chain file (PEM-encoded) in the Certificate Chain box.
Note The certificate chain must be ordered such that the root certificate is the last certificate in the chain. If you use a certificate chain in a different order, you will receive an error.
Click Save.

Sample Certificates
The following certificates show the valid format that IAM accepts for server certificates and their associated private key and certificate chain.
The server certificate associates your public key with your identity. When you submit your Certificate Signing Request (CSR) to a certificate authority (CA), a server certificate is returned to you by the CA. The following figure is a sample server certificate:
Sample server certificate

The private key allows you to decrypt messages that are encrypted with your public key. The following figure is a sample private key: Sample private key

The certificate chain includes all intermediary certificates that lead to the root certificate, as shown in the following example. Intermediaries that are not involved in the trust path must not be included. Sample certificate chain

Friday, August 2, 2013

Configure VPC with scenario 1 "VPC with a Public Subnet Only"

Set up the VPC, subnet, and Internet gateway:

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click VPC Dashboard in the navigation pane.
Locate the Your Virtual Private Cloud area of the dashboard and clicks get started creating a VPC, if you have no VPC resources, or click Start VPC Wizard.
Select the first option, VPC with a Single Public Subnet Only, and then click Continue.
The confirmation page shows the CIDR ranges and settings that you've chosen. Make any changes that you need, and then click Create VPC to create your VPC, subnet, Internet gateway, and route table.

Create WebServerSG and Adding Rules to the Security Group
The WebServerSG security group is the security group that you'll specify when you launch your web servers into your public subnet. The following table describes the recommended rules for this security group, which allow the web servers to receive Internet traffic, as well as SSH and RDP traffic from your network. The web servers can also initiate traffic to the Internet and read and write requests to the database servers in the private subnet.

Inbound
Source	Protocol	Port Range	Comments
0.0.0.0/0	TCP	80	Allow inbound HTTP access to the web servers from anywhere
0.0.0.0/0	TCP	443	Allow inbound HTTPS access to the web servers from anywhere
18.71.152.166/32	TCP	3389	Allow inbound RDP access to Windows instances from your network (over the Internet gateway)
Outbound
Destination	Protocol	Port Range	Comments
0.0.0.0/0	TCP	80	Allow web servers to initiate outbound HTTP access to the Internet (for example, for software updates)
0.0.0.0/0	TCP	443	Allow web servers to initiate outbound HTTPS access to the Internet (for example, for software updates)
The ID of your DBServerSG security group	TCP	1433	Allow outbound Microsoft SQL Server access to the database servers assigned to DBServerSG

Create the WebServerSG security group and add rules:

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
Security Groups in the navigation pane.
Click the Create Security Group button.
Specify WebServerSG as the name of the security group, and provide a description. Select the ID of your VPC from the VPC menu, and then click Yes, Create
Select the WebServerSG security group that you just created. The details pane include a tab for information about the security group, plus tabs for working with its inbound rules and outbound rules.
On the Inbound tab, do the following:
- Select HTTP from the Create a new rule list, make sure that Source is 0.0.0.0/0, and then click Add Rule.
- Select HTTPS from the Create a new rule list, make sure that Source is 0.0.0.0/0, and then click Add Rule.
- Select RDP from the Create a new rule list, make sure that Source is “Office IP Address” , and then click Add Rule
- Click Apply Rule Changes to apply these inbound rules.
On the Outbound tab, do the following:
- Locate the default rule that enables all outbound traffic, and then click Delete.
- Select HTTP from the Create a new rule list, make sure that Destination is 0.0.0.0/0, and then click Add Rule.
- Select HTTPS from the Create a new rule list, make sure that Destination is 0.0.0.0/0, and then click Add Rule.
- Select My SQL from the Create a new rule list, make sure that Destination is “ID of DBServerSG”, and then click Add Rule.
- Click Apply Rule Changes to apply these outbound rules.

Create DBServerSG and Adding Rules to the Security Group
The DBServerSG security group is the security group that you'll specify when you launch your database servers into your private subnet. The following table describes the recommended rules for this security group, which allow read or write database requests from the web servers. The database servers can also initiate traffic bound for the Internet (your route table sends that traffic to the NAT instance, which then forwards it to the Internet over the Internet gateway).
DBServerSG:Rules

Inbound
Source	Protocol	Port Range	Comments
The ID of your WebServerSG security group	TCP	1433	Allow web servers assigned to WebServerSG Microsoft SQL Server access to database servers assigned to DBServerSG
18.71.152.166/32	TCP	3389	Allow inbound RDP access to Windows instances from your network (over the Internet gateway)
Outbound
Destination	Protocol	Port Range	Comments
0.0.0.0/0	TCP	80	Allow outbound HTTP access to the Internet (for example, for software updates)
0.0.0.0/0	TCP	443	Allow outbound HTTPS access to the Internet (for example, for software updates)

To add the recommended rules to the DBServerSG security group

Select the DBServerSG security group that you created. The details pane displays the details for the security group, plus tabs for working with its inbound and outbound rules.
Add rules for inbound traffic using the Inbound tab as follows:

Select MYSQL from the Create a new rule list. In the Source box, specify the ID of your WebServerSG security group, and then click Add Rule.
Select RDP from the Create a new rule list. In the Source box, specify IP Address of office security group, and then click Add Rule.
Click Apply Rule Changes.

Add rules for outbound traffic using the Outbound tab as follows:

Select HTTP from the Create a new rule list. Make sure that Destination is 0.0.0.0/0, and then click Add Rule.
Select HTTPS from the Create a new rule list. Make sure that Destination is 0.0.0.0/0, and then click Add Rule.
Click Apply Rule Changes.

To launch First Web instance

Start the Classic wizard:
1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2. Click the Launch Instance button from the dashboard.
3. On the Create a New Instance page, select Classic Wizard, and then click Continue.
On the CHOOSE AN AMI page, the Quick Start tab displays a list of basic configurations called Amazon Machine Images (AMI). Choose the AMI that you want to use and click its Select button.
On the INSTANCE DETAILS page, under Launch Instances, select the subnet to launch the instance into. Keep the other default settings on this page and click Continue.
To use the default settings on the next INSTANCE DETAILS pages, just click Continue on each page.
Select EBS Volume
On the CREATE A KEY PAIR page, you can choose from any existing key pairs that you've created, or follow the wizard directions to create a new key pair.
On the Configure Firewall page, select the security group you want to use for the instance (WebServerSG), and then click Continue.
Review your settings. When you're satisfied with your selections, click Launch.
Before you can access an instance in your public subnet, you must assign it an Elastic IP address.

To allocate Elastic IP address and assign it to an instance

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
Click Elastic IPs in the navigation pane.
Click the Allocate New Address button.
In the Allocate New Address dialog box, in the EIP used in list, select VPC, and then click Yes, Allocate.
Select the Elastic IP address from the list, and then click the Associate Address button.
In the Associate Address dialog box, select the network interface or instance. Select the address to associate the Elastic IP address with from the corresponding Private IP Address list, and then click Yes, Associate.

To create password for this instance

Go to instance in EC2 and Right Click on instance.
Click on “Get Windows Password” , select your Private key pair file and generate password by clicking on “Decrepit Password”

To create password for this instance To launch First Web instance
We have to launch a seperate Instance for Database with the security group "DBServerSG" (specified above) on the same public subnet mask.
Now you can connect to database server from Web server by using Private IP of Database Instance.

Friday, October 19, 2012

Remove Duplicate Data from Sql-server 2005

First Declare a temp table
DECLARE @table Table(column1 INT, Column2 INT, total int)

insert duplicate data to temp table
insert INTO @table SELECT column1, Column2,count(*) FROM Catalogue.MailingListCategoryContacts GROUP BY column1, Column2 HAVING count(*) > 1

Delete from all the data from original table
DELETE FROM Catalogue.MailingListCategoryContacts WHERE column1 IN (SELECT column1 FROM @table)

again insert into the original table
INSERT INTO Catalogue.MailingListCategoryContacts(column1, Column2) SELECT column1, Column2 FROM @table

Wednesday, September 5, 2012

Getting subject added to the mailto command

<a href="mailto:test@example.com?subject=testing%20out%20mailto&body=Just%20testing">Second Example</a>
Example : click here to view the demo

Saturday, April 14, 2012

how to add A DAY IN DATE, SQL-SERVER

DATEADD(type, value, date)

date is the date you want to manipulate
value is the integere value you want to add (or subtract if you provide a negative number)
type is one of:
- yy, yyyy: year
- qq, q: quarter
- mm, m: month
- dy, y: day of year
- dd, d: day
- wk, ww: week
- dw, w: weekday
- hh: hour
- mi, n: minute
- ss or s: second
- ms: millisecond
- mcs: microsecond
- ns: nanosecond

SELECT DATEADD(dd, 1, GETDATE()) will return a current date + 1 day

Thursday, May 26, 2011

What is the difference between abstraction and encapsulation?

Abstraction:
Abstraction lets you focus on what the object does instead of how it does it

That means we use the object without knowing the source code of the class.

Encapsulation:
Encapsulation means hiding the internal details or mechanics of how an object does something.

Encapsulation is wraping data into single unit.

Wednesday, May 18, 2011

What is the difference between classes and structs in Microsoft.Net?

A struct is a value type, while a class is a reference type.
When we instantiate a class, memory will be allocated on the heap. When struct gets initiated, it gets memory on the stack.
Classes can have explicit parameter less constructors. But structs cannot have this.
Classes support inheritance. But there is no inheritance for structs. A struct cannot inherit from another struct or class, and it cannot be the base of a class. Like classes, structures can implement interfaces.
We can assign null variable to class. But we cannot assign null to a struct variable, since structs are value type.
We can declare a destructor in class but can not in struct.

Saturday, May 14, 2011

Sql-Server, find Duplicate Rows with Count

select Count(ID), Name, Email,Comment
FROM TableName
group by Name, Email,Comment
having Count(ID)>1