Posts Tagged ‘phrase’

How to make screenshot in /dev/tty console on GNU / Linux – Taking picture JPEG / PNG snapshot of text console in systems without graphical environment

Monday, April 30th, 2012

I'm used to making picture screenshots in GNOME desktop environment. As I've said in my prior posts, I'm starting to return to my old habits of using console ttys for regular daily jobs in order to increase my work efficiency. In that manner of thoughts sometimes I need to take a screenshot of what I'm seeing in my physical (TTY consoles) to be able to later reuse this. I did some experimenting and this is how this article got born.

In this post, I will shortly explain how a picture of a command running in console or terminal in GNU / Linux can be made

Before proceeding to the core of the article, I will say few words on ttys as I believe they might be helpful someone.
The abbreviation of tty comes after TeleTYpewritter phrase and is dating back somewhere near the 1960s. The TTY was invented to help people with impaired eyesight or hearing to use a telephone like typing interface.

In Unix / Linux / BSD ttys are the physical consoles, where one logs in (typing in his user/password). There are physical ttys and virtual vtys in today *nixes. Today ttys, are used everywhere in a modern Unixes or Unix like operating system with or without graphical environments.
Various Linux distributions have different number of physical consoles (TTYs) (terminals connected to standard output) and this depends mostly on the distro major contributors, developers or surrounding OS community philosophy.
Most modern Linux distributions have at least 5 to 7 physical ttys. Some Linux distributions like Debian for instance as of time of writting this, had 7 active by default physical consoles.
Adding 3 more ttys in Debian / Ubuntu Linux is done by adding the following lines in /etc/inittab:
 

7:23:respawn:/sbin/getty 38400 tty7
8:23:respawn:/sbin/getty 38400 tty8
9:23:respawn:/sbin/getty 38400 tty9

On some Linux distributions like Fedora version 9 and newer ones, new ttys can no longer be added via /etc/inittab,as the RedHat guys changed it for some weird reason, but I guess this is too broad issue to discuss ….

In graphical environments ttys are called methaphorically "virtual". For instance in gnome-terminal or while connecting to a remote SSH server, a common tty naming would be /dev/pts/8 etc.

tty command in Linux and BSDs can be used to learn which tty, one is operating in.

Here is output from my tty command, issued on 3rd TTY (ALT+F3) on my notebook:
 

noah:~# tty
/dev/tty3

A tty cmd output from mlterm GUI terminal is like so:
 

hipo@noah:~$ tty/dev/pts/9

Now as mentioned few basic things on ttys I will proceed further to explain how I managed to:

a) Take screenshot of a plain text tty screen into .txt file format
b) take a (picture) JPG / PNG screenshot of my Linux TTY consoles content

1. Take screenshot of plain text tty screen into a plain (ASCII) .txt file:

To take a screenshot of tty1, tty2 and tty3 text consoles in a txt plain text format, cat + a standard UNIX redirect is all necessery:
 

noah:~# cat /dev/vcs1 > /home/hipo/tty1_text_screenshot.txt
noah:~# cat /dev/vcs2 > /home/hipo/tty2_text_screenshot.txt
noah:~# cat /dev/vcs3 > /home/hipo/tty3_text_screenshot.txt

This will dump the text content of the console into the respective files, if however you try to dump an ncurses library like text interactive interfaces you will end up with a bunch of unreadable mess.
In order to read the produced text 'shots' onwards less command can be used …
 

noah:~# less /home/hipo/tty1_text_screenshot.txt
noah:~# less /home/hipo/tty2_text_screenshot.txt
noah:~# less /home/hipo/tty3_text_screenshot.txt

2. Take picture JPG / PNG snapshot of Linux TTY console content

To take a screenshot of my notebook tty consoles I had to first install a "third party program" snapscreenshot . There is no deb / rpm package available as of time of writting this post for the 4 major desktop linux distributions Ubuntu, Debian, Fedora and Slackware.
Hence to install snapscreenshot,I had to manually download the latest program tar ball source and compile e.g.:
 

noah:~# cd /usr/local/src
noah:/usr/local/src# wget -q http://bisqwit.iki.fi/src/arch/snapscreenshot-1.0.14.3.tar.bz2
noah:/usr/local/src# tar -jxvvvf snapscreenshot-1.0.14.3.tar.bz2

noah:/usr/local/src# cd snapscreenshot-1.0.14.3
noah:/usr/local/src/snapscreenshot-1.0.14# ./configure && make && make install
Configuring…
Fine. Done. make.
make: Nothing to be done for `all'.
if [ ! "/usr/local/bin" = "" ]; then mkdir –parents /usr/local/bin 2>/dev/null; mkdir /usr/local/bin 2>/dev/null; \
for s in snapscreenshot ""; do if [ ! "$s" = "" ]; then \
install -c -s -o bin -g bin -m 755 "$s" /usr/local/bin/"$s";fi;\
done; \
fi; \
if [ ! "/usr/local/man" = "" ]; then mkdir –parents /usr/local/man 2>/dev/null; mkdir /usr/local/man 2>/dev/null; \
for s in snapscreenshot.1 ""; do if [ ! "$s" = "" ]; then \
install -m 644 "$s" /usr/local/man/man"`echo "$s"|sed 's/.*\.//'`"/"$s";fi;\
done; \
fi

By default snapscreenshot command is made to take screenshot in a tga image format, this format is readable by most picture viewing programs available today, however it is not too common and not so standartized for the web as the JPEG and PNG.
Therefore to make the text console tty snapshot taken in PNG or JPEG one needs to use ImageMagick's convert tool. The convert example is also shown in snapscreenshot manual page Example section.

To take a .png image format screenshot of lets say Midnight Commander interactive console file manager running in console tty1, I used the command:
 

noah:/home/hipo# snapscreenshot -c1 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.png

Linux text console tty mc screenshot with snapscreenshot terminal / console snapshotting program

Note that you need to have read/write permissions to the /dev/vcs* otherwise the snapscreenshot will be unable to read the tty and produce an error:
 

hipo@noah:~/Desktop$ snapscreenshot -c2 -x1 > snap.tga && convert snap.tga snap.pngGeometry will be: 1x2Reading font…/dev/console: Permission denied

To take simultaneous picture screenshot of everything contained in all text consoles, ranging from tty1 to tty5, issue:
 

noah:/home/hipo# snapscreenshot -c5 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.png

Here is a resized 480×320 pixels version of the original screenshot the command produces:

All text Consoles tty1 to tty5 merged screenshot png image with snapscreenshot taken on Debian GNU / Linux

Storing a picture shot of the text (console) screen in JPEG (JPG) format is done analogously just the convert command output extension has to be changed to jpeg i.e.:
 

noah:/home/hipo# snapscreenshot -c5 -x1 > ~/console-screenshot.tga && convert ~/console-screenshot.tga console-screenshot.jpeg

I've also written a tiny wrapper shell script, to facilitate myself picture picture taking as I didn't like to type each time I want to take a screenshot of a tty the above long line.

Here is the wrapper script I wrote:
 

#!/bin/sh
### Config
# .tga produced file name
output_f_name='console-screenshot.tga';
# gets current date
cur_date=$(date +%d_%m_%Y|sed -e 's/^ *//');
# png output f name
png_f_name="console-screenshot-$cur_date.png";
### END Config
snapscreenshot -c$arg1 -x1 > $output_f_name && convert $output_f_name $png_f_name;
echo "Output png screenshot from tty1 console produced in";
echo "$PWD/$png_f_name";
/bin/rm -f $output_f_name;

You can also download my console-screenshot.sh snapscreenshot wrapper script here

The script is quite simplistic to use, it takes just one argument which is the number of the tty you would like to screenshot.
To use my script download it in /usr/local/bin and set it executable flag:
 

noah:~# cd /usr/local/bin
noah:/usr/local/bin# wget -q http://www.pc-freak.net/~bshscr/console-screenshot.sh
noah:/usr/local/bin# chmod +x console-screenshot.sh

Onwards to use the script to snapshot console terminal (tty1) type:
 

noan:~# console-screenshot.sh

I've made also mirror of latest version of snapscreenshot-1.0.14.3.tar.bz2 here just in case this nice little program disappears from the net in future times.

 

Share this on

Jesus is Risen – Truly he is Risen / Hristos Voskrese paschal greeting and why Orthodox Christians don’t celebrate with Roman Catholics and Jewish

Thursday, April 19th, 2012

Jesus Glorious Resurrection from the grave in the third day Orthodox Christian Icon

It is the first week after Orthodox Christian Easter. This year 2012, the Orthodox Christians Easter date was on fifteen of April.
We've not just had a feast of an Eastern, but we actually celebrated the greatest day in all human history that happened 2012 years ago – The Glories Resurrection of our Lord Jesus Christ from the Death in the Third day!

Some Roman Catholic Christians, might be wondering, why the Orthodox Church is celebrating one week after Jewish Pascha, so in short I will explain in the reason.We orthodox christians do not celebrate with Roman Catholics Easter because Roman Catholics use the gregorian calendar to calculate and decided the day in which the Eastern celebrations should occur, where we the Orthodox Christians use still the old moon calendar (which the jews used too), when Jesus was crucified.
The gregorian calendar is very precise from a scientific point of view, however from a Church stand point it is completely wrong because, plainly taking the gregorian calendar math model doesn't take in consideration, that the jews are still celebrating their pascha following the old moon calendar.

The consequence is this year Roman Catholics, celebrated with Jewish. This from our Orthodox Christian point of view is incorrect, because Christ's Cross suffering is the pascha for us christians.
We Christians consider that the old God ordained jewish pascha was a prophecy feast, simply to remind jewish people before Christ's coming that Messiah (Christ) will come to say his people.
As Jewish rejected their true Messiah and Crucified him on the Cross, they have rejected to accept Christ as being the true pascha lamb slained for our sins.

Hence the Orthodox Christian Church teaches even to this day, that it is not righteous to celebrate Christ's Glorious Resurrection with Jewish Pascha.
Prohibition to celebrate Easter and Jewish Pascha on the same day is an Orthodox Church rule, since the early church days.
The Holy Fathers in their Church councils Council of Nicaea etc. has established as unchangable Church rule that, Jesus's Resurrection day feath, should never-ever coincide with the Jewish Pascha Celebrations.

The reasons the Church fathers ordered the Church Easter day to be always 1 week after Jewish Pascha is our saviour Jesus Christ ate pascha with his desciples as we can read in the 4 gospels in Holy Bible. After Jesus ate pascha, he was caught mocked, tortured and crucified (killed on a cross shaped trees).

Jesus is Risen! Truly He is Risen!

The Slavonic Paschal Greeting, translated words, we use across the Slavonic dome: ( Bulgaria / Russia / Ukraine, Serbia) is:
 

Христос Воскресе! Войстину Воскресе!

According to our Church Tradition, Christians should great each other with the Paschal greeting Hristos Voskrese during the whole "bright week" instead of the usual Hi / Hello phrase.

The current Bulgarian version of Христос Воскресе – Войстина Воскресе! is

Христос Възкръсна! Наистина Възкръсна!

 

One great miracle that testifies about the Christ's resurrection each and every year happens on each Orthodox Christian Eastern in Jerusalem in the Temple of Holy Sepulchre (where the saviour's grave cave, before the resurrection used to be). Last year, I've written to great all Christians for the Resurrection with the joyful Paschal Greeting Jesus is Risen and the Miracle of the Holy Fire
Pitily, the number of Roman Catholics who heard or know about this amazing miracle are mostly within the clergy. Its very rare a layman Christian in Roman Catholic realm heard of the miracle. Once again as a closure I want to great everyone with the joyful paschal greeting.

Христос Воскресе!  Воистина Воскресе!


Христос Възкръсна! Наистина Възкръсна!

Share this on

How to renew self signed QMAIL toaster and QMAIL rocks expired SSL pem certificate

Friday, September 2nd, 2011

qmail_toaster_logo-fix-qmail-rocks-expired-ssl-pem-certificate

One of the QMAIL server installs, I have installed very long time ago. I've been notified by clients, that the certificate of the mail server has expired and therefore I had to quickly renew the certificate.

This qmail installation, SSL certificates were located in /var/qmail/control under the names servercert.key and cervercert.pem

Renewing the certificates with a new self signed ones is pretty straight forward, to renew them I had to issue the following commands:

1. Generate servercert encoded key with 1024 bit encoding

debian:~# cd /var/qmail/control
debian:/var/qmail/control# openssl genrsa -des3 -out servercert.key.enc 1024
Generating RSA private key, 1024 bit long modulus
...........++++++
.........++++++
e is 65537 (0x10001)
Enter pass phrase for servercert.key.enc:
Verifying - Enter pass phrase for servercert.key.enc:

In the Enter pass phrase for servercert.key.enc I typed twice my encoded key password, any password is good, here though using a stronger one is better.

2. Generate the servercert.key file

debian:/var/qmail/control# openssl rsa -in servercert.key.enc -out servercert.key
Enter pass phrase for servercert.key.enc:
writing RSA key

3. Generate the certificate request

debian:/var/qmail/control# openssl req -new -key servercert.key -out servercert.csr
debian:/var/qmail/control# openssl rsa -in servercert.key.enc -out servercert.key
Enter pass phrase for servercert.key.enc:writing RSA key
root@soccerfame:/var/qmail/control# openssl req -new -key servercert.key -out servercert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:My Org
Common Name (eg, YOUR name) []:
Email Address []:admin@adminmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

In the above prompts its necessery to fill in the company name and location, as each of the prompts clearly states.

4. Sign the just generated certificate request

debian:/var/qmail/control# openssl x509 -req -days 9999 -in servercert.csr -signkey servercert.key -out servercert.crt

Notice the option -days 9999 this option instructs the newly generated self signed certificate to be valid for 9999 days which is quite a long time, the reason why the previous generated self signed certificate expired was that it was built for only 365 days

5. Fix the newly generated servercert.pem permissions debian:~# cd /var/qmail/control
debian:/var/qmail/control# chmod 640 servercert.pem
debian:/var/qmail/control# chown vpopmail:vchkpw servercert.pem
debian:/var/qmail/control# cp -f servercert.pem clientcert.pem
debian:/var/qmail/control# chown root:qmail clientcert.pem
debian:/var/qmail/control# chmod 640 clientcert.pem

Finally to load the new certificate, restart of qmail is required:

6. Restart qmail server

debian:/var/qmail/control# qmailctl restart
Restarting qmail:
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.

Test the newly installed certificate

To test the newly installed SSL certificate use the following commands:

debian:~# openssl s_client -crlf -connect localhost:465 -quiet
depth=0 /C=UK/ST=London/L=London/O=My Org/OU=My Company/emailAddress=admin@adminmail.com
verify error:num=18:self signed certificate
verify return:1
...
debian:~# openssl s_client -starttls smtp -crlf -connect localhost:25 -quiet
depth=0 /C=UK/ST=London/L=London/O=My Org/OU=My Company/emailAddress=admin@adminmail.com
verify error:num=18:self signed certificate
verify return:1
250 AUTH LOGIN PLAIN CRAM-MD5
...

If an error is returned like 32943:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:607: this means that SSL variable in the qmail-smtpdssl/run script is set to 0.

To solve this error, change SSL=0 to SSL=1 in /var/qmail/supervise/qmail-smtpdssl/run and do qmailctl restart

The error verify return:1 displayed is perfectly fine and it's more of a warning than an error as it just reports the certificate is self signed.

Share this on

Howto create a (wildcard / multiple) SSL certificate

Thursday, June 23rd, 2011

Wildcard SSL picture

It’s the first time I’m creating a wildcard ssl certificate. It appeared there is no fundamental difference between generating a normal SSL certificate and generating a wildcard certificate.

The procedure for generating a wildcard SSL certificate is as follows:

1. Generate an SSL key file

server:~# /usr/bin/openssl genrsa -des3 -out domain.com.key 2048
Enter pass phrase for domain.com.key:

Fill in any passphrase you like, the 2048 specifies the encryption level, 2048 is good enough and is the most commonly used as of today.
I’ve saw there is also an option to use 4096 bits encryption but I never tried that myself, I would be glad if somebody can share if he has succesfully established an SSL certificate with 4096 encryption.

2. Generate the certificate request file

server:~# /usr/bin/openssl req -new -key /home/hipo/domain.com.key -out /home/hipo/domain.com.csr

Further on it’s necessery to fill in some info concerning the newly generated webserver SSL, e.g.:

Enter pass phrase for /home/hipo/domain.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Fill all the values according to your requirements, the only vital thing here is to fill in a proper Common Name (eg, YOUR name) []:

The Common Name should always be equal to *.domain.com , if something else is typed in the SSL certificate won’t be considered a valid one when placed on the multiple subdomains.

The newly generated domain.com.csr file should be looking something similar to:

server:~# less < domain.com.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC2jCCAcICAQAwgZQxCzAJBgNVBAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzAN
BgNVBAcTBkxvbmRvbjEQMA4GA1UEChMHU2FudHJleDEWMBQGA1UECwwNKi5zYW50
cmV4Lm5ldDEWMBQGA1UEAwwNKi5zYW50cmV4Lm5ldDEhMB8GCSqGSIb3DQEJARYS
bWFzcmF3eXpAeWFob28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAlm9NwcQiA+AAVuVIjg8nCCn5nN14C3rSdcRNuE6oFo9E5uhl9yz8YDIg7wNx
FNQsmw0AwMzkao5Qv9yrmHqbht8qqPfG7YpcTiAoAuSaN6Nm25/zYrSu1uRsnc4C
9lINS8Va+n0Jt+CCQmomTKSarJqNfgo3j1ZU/HuOKcCEktIe0eKigMWxFKCM8wLh
CIdj6AwburckW1/ubOGlu2XKdcY5CbFe4cNGyME3rg33ft8b6v/ORWLSBMrt3QGP
bj42uZP6NoLaZCpsquJLeziLkT4rxdArUApdaTaEFrNMnwzGmUK10qmfx8SQodUl
QXmyd+PpQtaglymjIKN0L8Y36QIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAIKe
UTXUt7XvaqVOesTmGCuVmv+Lz/GtGOEw+lfCNM4UFB950H975hHKo63YQr9Vqqqn
WlqZ0nXuwbZdfIh3xhTxzUqF/4m00OFQTbM9hwt6dyqLkmcc4J0rnTsvqjPkUsW5
U7iAIB/UIyDYUcAEky3gnokq3MLH42zXBViPM2+g/fkmJA4jaeoHGINbYMuxFh6Z
r2fIgAfGjms+hNaJvINDoBN5y6YUQbeJc+RoXMrG9clrDsUIGfmkTKCkG0BRJ2ki
Sdbm4IZMtQKU/C4a8vxZkFdleGqWeWL1SBtjjAnTtpb0uF+QmOPLcCoKnBwtEUU9
dPJlEzI+TCgAmKhZoXo=
-----END CERTIFICATE REQUEST-----

Next on this BEGIN CERTIFICATE REQUEST will have to be filled in to the certificate issuer website, whether it’s requested, let’s say in GlobeSSL.

Based on the certificate request a valid SSL certificate will be issued by the SSL provider.
Here one important note to make is that if your domain contians some prohibited keywords like, let’s say bank, finance, poker etc., a keywords which might be considered a fraud or forgery then probably the SSL certificate won’t be issued by the SSL issuer and you will have to further contact the SSL cert provider and send them some more information related to the type of business the new website is going to run.
This kind of domain keyword filter, that is implemented by SSL certificate issuer companies is made to protect internet users from possible frauds or scam websites as well as reduce the level of potential dangerous pyramid like businesses that are so modern on the net these days.

Last step before the certificate will be visible in a browser is to set it for a domain name or virtualhost in Apache, lighttpd or whatever webser is used.
As I’m personally using it with Apache webserver, below I’ll describe how to set it in Apache version 2.x.
3. Configure the newly configured SSL certificate to run on Apache virtualhost

Open up the virtualhost file which coresponds to the domain name to be secured with SSL, for example /etc/apache/sites-available/www.domain.com
Within the <Virtualhost> directives place in a code similar to:

SSLEngine on
# domain.com.crt cointains the wildcard SSL certificate generated and obtained by you from RapidSSL
SSLCertificateFile /etc/apache2/ssl/domain.com.pem

Here the file /etc/apache2/ssl/domain.com.pem should contain both the:

—-BEGIN RSA PRIVATE KEY—– issued earlier in step one with openssl command, as well as:

—–BEGIN CERTIFICATE—– which will be issued by the SSL certificate reseller.

Finally it’s necessery that Apache is restarted to load the new configured certificate:

server:~# /etc/init.d/apache2 restart

The above described steps need to be repeated for all the wildcard subdomains which will use the multiple SSL generated certificate and hopefully if all is well tuned, the certificates should start appearing to all the web domain subdomains immediately.

Share this on

How to add multiple email accounts in qmail’s vpopmail with vpasswd via ssh (console) / Little shell script to add multiple email addresses

Sunday, June 12th, 2011

I’ve been assigned the task to add on one of the qmail powered servers I administrate about 50 email addresses via command line.

Each email addresses was required to be configured to have the same mail password.
Adding the email addresses via an interface would be a killing time consuming task and will probably require at least 1 hour of time to add the emails with qmailwebmin, qadmin, qubit or the other vpopmail qmail web administration interfaces available nowdays.

To solve the task, I’ve used a line oner bash shell script which reads all my 80 emails from a file and adds them with vpopmail’s command line tool vpasswd on the mail server.

Here is the one liner shell script I’ve written to solve the task:

debian:~# while read line; do vadduser $line Email_Pass_Phrase; done < email_list_file.txt

In above’s code I’ve used the email_list_file.txt file is a text file on the server and contains list of all my 50 email addresses, where each line in the file contains one email. The Email_Pass_Phrase is actually the password I’ve set for all the new email addresses being created with vpasswd

That’s all now the 50 email addresses on the server are created and I’ve saved at least one hour of boring repeating actions in the browser 😉

Share this on

The Resurrection of Lazarus feast in the Bulgarian Orthodox Church (The day of Lazarus / Lazarus Saturday)

Saturday, April 16th, 2011

The Resurrection of Lazarus Orthodox Icon Sinai

It’s one day before the the great feast of Palm Sunday . On this day in the Bulgarian Orthodox Church we do have a reading of the glorious miracle with the raising (resurrecting) of Lazarus, that our Lord and Saviour Jesus Christ did in front of many Jewish people.

In the gospel readings, we hear that the Lord has went nearby the place where Lazarus has been buried.
The Jewish tradition of this time is that their dead be buried in a small cave, while the body is being wrapped up in a specific white clothe matter. This kind of burial ceremony is directly related to most of the ancient Jewish beliefs about the resurrection of the death which will take place.

In that time, Lazarus has been dead (or in grave) for already 4 days, even in the Gospel, we read that the rottening body has started to decay and hence the rotting flesh to smell badlhy …

The gospel also taught us, Lazarus has been a friend of our Lord Jesus Chirst, and Christ himself loved him. Very interesting fact concerning Lazarus earthly life is also that he has been a brother of the sisters Mary and Martha.
Mary is actually the same Mary which we read about in the Gospel of Luke, the same mary which bows and cries in front of Jesus’s feets, repenting and begging the saviour for a forgiveness of her sins.

Even though our Lord has been sent a word 4 days before he came, whether the overall journey to the place where Lazarus was at that point was only 2 days. The Lord has come on the 4th day to Bethany (a village near Jerusalem)

When the Lord came in Bethany he found that Lazarus is dead and has been in the tomb for 4 days. On his arrival he met Martha and Mary in turn.
Marta was loudly crying regretting that Christ haven’t arrived earlier otherwise he would have healed from the sickness and he would not die..

The Lord replied to Marta’s lamention with his majestic words: “I am the Resurrection and the Life. He who believes in Me shall live, even if he dies. And everyone who lives and believes in Me shall never die”.
As the gospel reading continues, we’re told that Christ has been sorrowful in himself and the Lord Jesus further said the famous phrase: “Jesus wept!
In the presence of a crowd of mourners (obviously many people has loved Lazarus), the Lord did his glorious miracle of Lazarus Resurrection.

After on the heavy stone which was sealing the cave with Lazarus dead body was moved away by the order of the Lord.
The Lord entered in the cave prayed and said to Lazarus: “Lazarus come forth!”
Hearing the order of the son of God and our saviour Lazarus has risen up with the funeral clothes still wrapping his body. Jesus instructed some people from the crowd to remove the grave-cloths from Lazarus and let him walk.
As many people in the grave has saw the indescribable miracle the people witnessing the miracle “believed in him”.

The meaning of the Lord’s “Come forth!” is crucial, as with the the glorious miracle of Lazarus Raising the Lord has shown his authority over death and live.
Even the death was submissive to the Lord’s order! Even the death couldn’t go against his mighty word and silently obeys!

This story was given by our God the Holy Trinity to clearly show us that he is the one in charge over death and over life on earth and hence he is the one in charge of every human being still breathing on this earth.
On the other hand the raising of Lazarus was done to show to us who still doubt in our hearts and minds and disbelief about the promised Resurrection of the Death in the glorious day of the Lord.

Our Lord has even wept, clearly showing to us that he is not indifferent to our suffering, but on the contrary is suffering with our pain himself.

After Christ’s Crucifixion, death, Resurrection and Ascension, Lazarus has become a vigilant Christ disciple. He has further compelled to seek refuge away from Jerusalem to avoid the anger of high priests and the pharisees, who wanted to kill him.
Lazarus has leaved Judea to seek refuge in another country. He found his refuge in Kittium (today called Larnaca) and situated in Cyprus.
According to Orthodox Church tradtion Lazarus has been ordained to become the first Church bishop of Kitium.

Little is known about Lazarus after Our Lord’s Resurrection and Ascension except that during his thirty year he never smiled or joked except for one occasion. One day, he saw someone stealing a clay pot and he laughed saying, “the clay steals the clay”.

Another famous tradition connected to Lazarus is the discovery of Mount Athos in 52AD.
Lazarus was very close to the Virgin Mary and he was very grieved that he could not return to Jerusalem to visit her (he was still in fear of the Jews).
The Theotokos learned of his sorrow and sent him a letter to comfort him.
She asked that he might send a ship to her that she might visit him in Cyprus.
With great joy, Lazarus sent a ship to the Holy Lands to bring the Virgin Mary and John, the beloved disciple to Cyprus for a visit.
On their journey, a great storm blew them off course and carried them to the shores of Ephesus and then the ship to the shores of Athos, Greece.
Unaware that divine providence had brought her to this area, the Virgin Mary completely taken by the beauty of the area, prayed to her son that this could be her garden devoted to prayer to “fight the good fight of faith”.
Having converted, blessed and established a new christian community from the local idolaters they set sail for Cyprus and met with Lazarus.
The day of Lazarus as we call it in Bulgaria is one of the great Christian feasts in our Orthodox Church, even though it’s not among the 12 greatest Christian feasts it’s one of the major feats throughout the Church year.
The first tomb of Lazarus in Bethany remains as a site for pilgrims to this very day. The second tomb, on the island of Cyprus, was found in Kittium sometime in A.D. 890, with his relics inside and bearing the inscription “Lazarus, the Friend of Christ.”
The commemoration of the day the Lord Jesus has risen Lazarus from the death is one of the few feasts during the great Lent which are considered days of spiritual joy in the Bulgarian Orthodox Church and all other national Orthodox Churches around the world.
The feast is also known under the name Lazarus Saturday is always commemorated in Orthodox Churches, one day before the Palm Sunday feast.
By the Holy prayers of Lazarus let our Lord Jesus be merciful to us the sinners! Amen.

Share this on

Howto install GeoTrust RapidSSL certificate on Debian Lenny / Squeeze / Wheezy Linux

Thursday, March 25th, 2010

I faced the task of generating official Validated SSL Certificates by in mydaily duties as a System Administrator at cadiaholding.com . Though generating self-signedSSL certificate is comparatively easy task. It was a pain in the ass setting Apache version 2.2.9-10+lenny6to correctly serve pages through https:// protocol over openssl version 0.9.8g-15+lenny6.I’ll try to go through the whole process of Generating the certificate in order to help some other Debianusers out there to face less setbacks in such a simple task as installing a Trusted SSL Certificate issued(bought) by RapidSSL. Even though this article will mostly deal with SSL certificate issued by RapidSSL,it should be not a problem to apply this methodogy with Verisign or some of the other Geotrust issuedSecure Socket Layer certificates.

In generating the Validated certficate I used enom which is a domain name,ssl certificates, email and hosting company whole-saler.
Fron emon’s website after logging in and using the web interface, there are two major things required to fill inin order to issue your Trusted SSL certificate.

1. Fill in in a form a CSR file, this is usually generated on the Linux server using the openssl.
To issue the CSR file required by Enom use the following commands:

a. First we generate an DES3 RSA encrypted key which we will use next to generate the opeensl CSR file required by ENOM.
debian:~# /usr/bin/openssl genrsa -des3 -out www.domain.com.key 2048
Enter pass phrase for www.domain.com.key:

You’ll be required to fill in a pass-phrase that will be later be required to fill in before Apache servers starts or restarts,so make sure you fill something you either remember or you keep the password stored in a file.
You have to change also the www.domain.com.key in accordance with your domain name.
Now as we already have a proper generated DES3 RSA key afterwards it’s necessery to generate the CSR file with the openssl command line frontend.
So here is how:

debian:~# /usr/bin/openssl req -new -key /home/hipo/www.domain.com.key -out /home/hipo/www.domain.com.csr

Again in the above example change all the paths and file names as you wish.
It’s necessery that the end user fill in a number of questions related to the Certificate Signing Request.
Herein I’ll list what kind of prompts will emerge after executing the above command:

Enter pass phrase for /home/hipo/www.domain.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note that you’ll hav eto fill in the pass phrase previously entered during the generation of the www.domain.com.key file.
In case if you’d like to read more thoroughly on the subject of howto create a Certificate Signing Request or (CSR) as we called it on multiple times, you can read About Certificate Signing Request (CSR) Generation Instructions – Apache SSL more in depth here

2. Hopefully following the above instructions you’ll now have a file named www.domain.csrJust open the www.domain.scr and copy paste it’s content to the ENOM website CSR * webform.

3. Further on select your Webserver type on Enom’s website:In our case we have to select Apache + ApacheSSL

4. What follows next is filling in your company contact information This is also required for proper certificate generation, you have to think twice before you fill in this data, take a note this can’t be changed later on without issuing a brand SSL new certificate.

Apart from the 3 major above requirements to fill in Enom there are some few more radio buttons to use to make some selections according to your personal preferences, however I won’t take time to dig in that and I’ll leave this to you.
After all the above is fulfilled you’ll have to submit your certificate details and choose an email address to which you will receive in a minute a RapidSSL Certificate Request Confirmation

Following a link from the email, will show you some basic information about the certificate about to be generated. That’s your final chance to cancel the issued Trusted Certificated.
If you’re absolutely sure the information about to enter the certificate is correct then you’ll have to follow a link and approve the certificate.

You’ll be informed that you’ll receive your certificate either through Certifier website (e.g. Enom’s website) or via another email.
I thought it’s more probable I receive it via email but anyways I was wrong. More thank 4 hours has passed since the certificate was issued and is available via Enom’s interface but I haven’t received nothing on my mail.
Therefore my friendly advice is to check about your brand new shiny Trusted Certificate on Emom’s website. I had mine ready in about 10 minutes after the CSR was issued.

Assuming that you’ve succesfully obtained the SSL Trusted certificate from RapidSSL what follows is setting up the certificate.
Initially I tried using documentation from RapidSSL website called Installing your SSL Certificate / Web Server Certificate / Secure Server Certificate from RapidSSL.com
I tried to configure one of my Virtualhost as shown in their example inserting in my /etc/apache/sites-available/www.domain.com file, few directives within the VirtualHost something like the shown below

SSLEngine on
# domain.com.crt cointains the Trusted SSL certificate generated and obtained by you from RapidSSL
SSLCertificateFile /etc/apache2/ssl/www.domain.com.crt
# www.domain.com.key contains the file used to generate the CSR file as described earlier in this post
SSLCertificateKeyFile /etc/apache2/ssl/www.domain.com.key

It is also possible insetad of using the SSLCertificateFile and SSLCertificateKeyFile directvies directives in Apache config to use:

 

Another alternative is to use

SSLCertificateFile /etc/ssl/certs/your-domain-name.crt
SSLCertificateKeyFile /etc/ssl/certs/your-domain-name.key
SSLCACertificateFile /etc/ssl/certs/gd_bundle.crt

The key file is the one generated earlier on the server and handed to the SSL regisrar, the files:

your-domain-name.crt and gd_bundle.crt files are provided by RapidSSL or from whatever SSL registrater the SSL was purchased.

After trying the above configuration and restarting apache with:

/etc/init.d/apache2 restart

Apache failed to start, it might be helpful to somebody out there the error I had in my apache error.log:
The error.log red the following:

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

After some 30 minutes or an hour of Googling on the error I came to the conclusion that the error is caused, becauseApache is supposed to work with .PEM files instead of the classical .CRT and .KEY files asnormally approached in most of the other Unix operating systems.

It took me a bit more of reading on the internet to find out that actually the .pem files so widely adopted in Debian simply contain both the www.domain.com.key file and the www.domain.com.crt key simply pasted one after another, this I also observed from the default Apache self-signed certificate that I believe comes with debian /etc/apache2/ssl/apache.pem .
So I copied both the content of my www.domain.com.key and www.domain.com.crt and store it in one file:
/etc/apache2/ssl/www.domain.com.pem

Also the following configuration:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/www.domain.com.pem

had to go in your
/etc/apache2/sites-enabled/www.domain.com

Last thing that’s left is to restart your Apache;

/etc/init.d/apache2 restart

Apache will prompt you for your certificate password entered by you during the www.domain.com.key generation. Type your password and with a bit of luck and hopefully with God’s help you’ll be having a Trusted Certificate on your webserver.

Last step is to check if the certificate is okay accessing your domain https://www.domain.com.

Well this is the end of the article, hope you enjoy.If you do please leave your comments, any corrections are also welcomed 🙂

Share this on

Feeling Bad

Saturday, January 27th, 2007

Well I’m not so sick anymore. I’m feeling bad emotionally spiritually. I’m not sure. I have no idea what’s happening in my life. I don’t see the guidance of God. I’m having sexual thoughts and wan’t to sleep with some female, I guess this is not good since I’m a christian. Actually I really don’t have idea what to do with my life. FUCK I’m so LOST! I was out with Lily for a pizza and a coffee smoked 4 cigarettes then went to a new Market here in the town. Well the market was very brighty and clean, on two stages the one was a food/bevarage market. The other with tech stuff. Some time before we went to the market. My mood got fucked up and I stopped talking. Well shit why the Hell I’m here. I have a re-exam in Monday. It was supposed to study at something today. But my state didn’t allows me too. I just want to lay somewhere and die. I’m so lost I feel spiritually broken again. How much, how much will this thing continue. When will God bless me with that which my soul desires? Will I be alive for this moment? I’m wondering more and more. I’ve read some of my bible after I went home some prophecies about the End Times, the book was Ezdra. After that listened a little of NiN feeled even more bad than before right now I’m listening again to http://www.christianindustrial.net. Lord where are you leading me too? Why don’t see a vision for my life? Does my life have really a meaning and what it is. I’ve googled for some time for a phrase like “Christianity not working for me” and found a page which claimed. There is no life after death as classical Christianity claims and that heaven and hell are internal states experienced, here on earth, I think maybe there is some truth in this to some extent. Guess time will show (Or maybe Death).

Share this on