Pages

Wednesday, September 29, 2010

A few frequently used Keytool commands

keytool does not support management of private keys inside a keystore. You need to use another tool for that. If you are using the JKS format, that means you need another java-based tool. extkeytool from the Shibboleth distribution can do this.
Create an empty keystore
keytool -genkey -alias foo -keystore truststore.jks keytool -delete -alias foo -keystore truststore.jks 
Generate a private key and an initial certificate as a JKS keystore
keytool -genkey -keyalg RSA -alias "selfsigned" -keystore KEYSTORE.jks -storepass "secret" -validity 360
you can also pass the data for the DN of the certificate as command-line parameters: -dname "CN=${pki-cn}, OU=${pki-ou}, O=${pki-o}, L=${pki-l}, S=${pki-s}, C=${pki-c}"
 
Generate a secret key that can be used for symmetric encryption. For this to work, you need to make use of a JCEKS keystore.
keytool -genseckey -alias "secret_key" -keystore KEYSTORE.jks -storepass "secret" -storetype "JCEKS
Generate a Certificate Signing Request for a key in a JKS keystore
keytool -certreq -v -alias "selfsigned" -keystore KEYSTORE.jks -storepass "secret" -file MYCSR.csr 
Import a (signed) certificate into a JKS keystore
keytool -import -keystore KEYSTORE.jks -storepass "secret" -file MYCERT.crt
add a public certificate to a JKS keystore, eg the JVM truststore
keytool -import -trustcacerts -alias "sensible-name-for-ca" -file CAcert.crt -keystore MYSTORE.jks
If the JVM truststore contains your certificate or the certificate of the root CA that signed your certificate, then the JVM will trust and thus might accept your certificate. The default truststore already contains the root certificates of most commonly used sommercial CA's. Use this command to add another certificate for trust:  
keytool -import -trustcacerts -alias "sensible-name-for-ca" -file CAcert.crt -keystore $JAVA_HOME/lib/security/cacerts
the default password of the Java truststore is "changeit". if $JAVA_HOME is set to the root of the JDK, then the truststore is it $JAVA_HOME/jre/lib/security/cacerts keytool does NOT support adding trust certificates to a PKCS12 keystore (which is very unfortunate but probably a good move to promote JKS)
 
delete a public certificate from a JAVA keystore (JKS; eg JVM truststore)
keytool -delete -alias "sensible-name-for-ca" -keystore $JAVA_HOME/lib/security/cacerts
the default password of the Java truststore is "changeit". if $JAVA_HOME is set to the root of the JDK, then the truststore is it $JAVA_HOME/jre/lib/security/cacerts  
List the certificates inside a keystore
keytool -list -v -keystore KEYSTORE.jks
-storetype pkcs12 can be used
 
Get information about a stand-alone certificate
keytool -printcert -v -file MYCERT.crt
 
Convert a JKS file to PKCS12 format (Java 1.6.x and above)
keytool -importkeystore -srckeystore KEYSTORE.jks -destkeystore KEYSTORE.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass mysecret -deststorepass mysecret -srcalias myalias -destalias myalias -srckeypass mykeypass -destkeypass mykeypass -noprompt

A few frequently used OpenSSL commands

generate a new private key and matching Certificate Signing Request (eg to send to a commercial CA)
openssl req -out MYCSR.csr -pubkey -new -keyout MYKEY.key 
add -nodes to create an unencrypted private key
add -config <openssl.cnf> if your config file has not been set in the environment 
 
decrypt private key
openssl rsa -in MYKEY.key >> MYKEY-NOCRYPT.key 
generate a certificate siging request for an existing private key
openssl req -out MYCSR.csr -key MYKEY.key -new 
generate a certificate signing request based on an existing x509 certificate
openssl x509 -x509toreq -in MYCRT.crt -out MYCSR.csr -signkey MYKEY.key 
create self-signed certificate (can be used to sign other certificates)
openssl req -x509 -new -out MYCERT.crt -keyout MYKEY.key -days 365 
sign a Certificate Signing Request
openssl x509 -req -in MYCSR.csr -CA MY-CA-CERT.crt -CAkey MY-CA-KEY.key -CAcreateserial -out MYCERT.crt -days 365
-days has to be less than the validity of the CA certificate 
convert DER (.crt .cer .der) to PEM
openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem 
convert PEM to DER
openssl x509 -outform der -in MYCERT.pem -out MYCERT.der 
convert PKCS#12 (.pfx .p12) to PEM containing both private key and certificates
openssl pkcs12 -in KEYSTORE.pfx -out KEYSTORE.pem -nodes
add -nocerts for private key only; add -nokeys for certificates only 
 
convert (add) a seperate key and certificate to a new keystore of type PKCS#12
openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat
convert (add) a seperate key and certificate to a new keystore of type PKCS#12 for use with a server that should send the chain too (eg Tomcat)
 
openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat" -CAfile MY-CA-CERT.crt -caname myCA -chain
you can repeat the combination of "-CAfile" and "-caname" for each intermediate certificate
check a private key
openssl rsa -in MYKEY.key -check
add -noout to not disclose the key 
 
check a Certificate Signing Request
openssl req -text -noout -verify -in MYCSR.csr 
check a certificate
openssl x509 -in MYCERT.crt -text -noout 
check a PKCS#12 keystore
openssl pkcs12 -info -in KEYSTORE.p12 
check a trust chain of a certificate
openssl verify -CAfile MYCHAINFILE.pem -verbose MYCERT.crt
trust chain is in directory (hash format): replace -CAfile with -CApath /path/to/CAchainDir/
to check for server usage: -purpose sslserver
to check for client usage: -purpose sslient
debug an SSL connection [server doesn't require certificate authentication]
openssl s_client -connect idp.example.be:443
 
debug an SSL connection with mutual certificate authentication
openssl s_client -connect idp.example.be:8443 -CAfile MY-CA-CERT.crt -cert MYCERT.crt -key MYKEY.key
trust chain is in directory (hash format): replace -CAfile with -CApath /path/to/CAchainDir/
send the starttls command (smtp or pop3 style): -starttls smtp or -starttls pop3
 

Importing your Certificate/Private Key (from .pfx file format)

  1. From the Start menu, select "Run...". Type "mmc" and hit Enter.
  2. Under the File menu choose Add/Remove Snap in.
  3. Click Add, then from the Add Standalone Snap-in panel choose Certificates, and click Add.
  4. Choose Computer Account and click Next, then choose Local Computer and click Finish.
  5. Close the Add Standalone Snap-In window by clicking Close.
  6. Close the Add/Remove Snap-in window by clicking Ok.
  7. Click the + to Expand the Certificates (Local Computer) Console Tree
  8. Right click on the Personal Certificates Store (folder)
  9. Choose > ALL TASKS > Import
  10. Follow the Certificate Import Wizard to import your Primary Certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.
  11. Close the MMC console. In the case that you are prompted, it is not necessary to save the changes made to the MMC console.
Configuring Your Site - IIS 5/6
  1. In your IIS manager, right-click on the site that you would like to use the certificate and select properties.
  2. Click on the Directory Security Tab and hit the Server Certificate Button. This will start the server certificate wizard.
  3. If given the option, Choose to 'Assign an existing certificate' to the site and choose the new certificate that you just imported.
    If you do not have that option, you should be asked what you want to do with the current certificate on the site, choose the option to "replace" your current certificate.
  4. Browse to the .pfx file that you created earlier.
  5. Finish the certificate wizard.
Occassionally a server or IIS restart is required before your server will recognize the new certificate.

Exporting/Backing up your certificate/Private Key (to .pfx file format)


  1. From the Start menu, select "Run...". Type "mmc" and hit Enter.
  2. Under the File menu choose Add/Remove Snap in.

  3. Click Add, then from the Add Standalone Snap-in panel choose Certificates, and click Add.


  4. Choose Computer Account and click Next, then choose Local Computer and click Finish.
  5. Close the Add Standalone Snap-In window by clicking Close.
  6. Close the Add/Remove Snap-in window by clicking Ok.
  7. Click the + to Expand the Certificates (Local Computer) Console Tree
  8. Look for the Personal directory/folder and expand Certificates.
  9. Right Click on the Certificate you would like to backup and choose > ALL TASKS > Export
  10. Follow the Certificate Export Wizard to backup your certificate to a .pfx file
  11. Choose to 'Yes, export the private key'
  12. Choose to include all certificates in certificate path if possible. (do NOT select the delete Private Key option)
  13. Leave default settings > Enter Password (if required)
  14. Choose to save file on a set location
  15. Finish
  16. You will receive a message > Export Successful
  17. The .pfx file backup is now saved in the location you selected.

Installing your SSL Certificates in Apache

If you are installing an Extended Validation SSL Certificate, use our Apache EV SSL Certificate Installation Instructions. If you are installing any other certificate, follow the instructions below.
  1. Copy the Certificate files to your server.
    Download your Intermediate (DigiCertCA.crt) and Primary Certificate (your_domain_name.crt) files from your Customer Area, then copy them to the directory on your server where you will keep your certificate and key files. Make them readable by root only.
  2. Find the Apache config file to edit.
    The location and name of this file can vary from server to server -- Especially if you use a special interface to manage your server configuration.
    Apache configuration files are typically found in /etc/httpd. The main configuration file is usually named httpd.conf. In some cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in their own files under a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf.
    If you open the file with a text editor, you should be able to find <VirtualHost> blocks which contain Apache settings.
  3. Identify the SSL <VirtualHost> block to configure.
    If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and configure it for SSL as described in step 4.
    If you only need your site to be accessed securely, configure the existing virtual host for SSL as described in step 4.
  4. Configure the <VirtualHost> block for the SSL-enabled site.
    Below is a very simple example of a virtual host configured for SSL. The parts listed in bold are the parts that must be added for SSL configuration:
    <VirtualHost 192.168.0.1:443>
    DocumentRoot /var/www/html2
    ServerName www.yourdomain.com
    SSLEngine on
    SSLCertificateFile /path/to/your_domain_name.crt
    SSLCertificateKeyFile /path/to/your_private.key
    SSLCertificateChainFile /path/to/DigiCertCA.crt
    </VirtualHost>
    Adjust the file names to match your certificate files:
    • SSLCertificateFile should be your DigiCert certificate file (eg. your_domain_name.crt).
    • SSLCertificateKeyFile should be the key file generated when you created the CSR.
    • SSLCertificateChainFile should be the DigiCert intermediate certificate file (DigiCertCA.crt) If the SSLCertificateChainFile directive does not work, try using the SSLCACertificateFile directive instead.
  5. Test your Apache config before restarting.
    It is always best to check your Apache config files for any errors before restarting, because Apache will not start again if your config files have syntax errors. Run the following command: (it is apache2ctl on some systems)
    apachectl configtest
  6. Restart Apache.
    You can use apachectl commands to stop and start Apache with SSL support:
    apachectl stop
    apachectl start

    Note: If Apache does not start with SSL support, try using "apachectl startssl" instead of "apachectl start". If SSL support only loads with "apachectl startssl" we recommend you adjust the apache startup configuration to include SSL support in the regular "apachectl start" command. Otherwise your server may require that you manually restart Apache using "apachectl startssl" in the event of a server reboot. This usually involves removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.

Troubleshooting:

  1. If your web site is publicly accessible, our SSL Certificate Tester tool can help you diagnose common problems.
  2. For help moving your certificates to additional servers or across server platforms, see our OpenSSL export instructions.
  3. If you need to disable SSL version 2 compatibility in order to meet PCI Compliance requirements, you will need to add the following directive to your Apache configuration file:
        SSLCipherSuite HIGH:+MEDIUM:!SSLv2:!EXP:!ADH:!aNULL:!eNULL:!NULL
    If the directive already exists, you will probably need to modify it to disable SSL version 2.

Moving a Certificate from Apache to a Windows IIS Server

  1. Back up your certificate: To import your certificate to Windows, you will first need to combine your primary certificate, Intermediate (CA) Certificate, and your private key file into a .pfx type backup file. To do this, use the following command:
    openssl pkcs12 -export -out DigiCertBackup.pfx -inkey your_private_key_file.txt -in your_domain_name.crt -certfile DigiCertCA.crt This creates a backup of your primary certificate called DigiCertBackup.pfx. Copy this file to your IIS Server.
  2. Once the .pfx file is copied to your Windows server, follow these instructions to import your PFX file on Windows.

Importing an IIS .pfx file certificate into Apache or other non-Windows-based servers.

Most servers use plaintext certificate files. The certificate files that you download from your digicert account are already in this format. However, the private key that was generated on your IIS server is not yet in this format. This same private key is required for your certificate to function properly on your non-Windows-based server. To export the private key from the Windows IIS server to your non-windows-based machine, you must extract the private key from a Windows .pfx backup certificate. To do this you will use the OpenSSL utility to extract the private key from the .pfx backup file:
  1. First backup the certificate you have working on your IIS server to a .pfx file using the instructions listed above.
  2. Second, use the following OpenSSL command to create a new text file from which you can separate the Private Key: openssl pkcs12 -in mypfxfile.pfx -out outputfile.txt -nodes
    where mypfxfile.pfx is the certificate backup from your IIS server.
  3. The above command would have created a text file named outputfile.txt. Open this file with a text editor and you will see the private key listed first: -----BEGIN RSA PRIVATE KEY-----
    (Block of Random Text)
    -----END RSA PRIVATE KEY-----

  4. Copy and paste all of the private key, including the BEGIN and END tags to a new text file and save it as your_domain_name.key
  5. Use the Digicert Certificate Installation Instructions to install the the .key file you just created and the other certificate files from your Digicert Account to your new server.

Convert PFX Certificate to PEM Format

For secure, trusted access you must install an SSL server certificate on the Access Gateway server. The uploaded certificate file must have the following characteristics:
  • The server certificate must be issued by a Certification Authority (CA) that is trusted by end users. For best results, use a commercial CA such as VeriSign, Thawte or GeoTrust.
  • The certificate must be in Privacy Enhanced Mail (PEM) format, a text-based format that is a Base64 encoding of the binary Distinguished Encoding Rules (DER) format.
  • The certificate file must include a private key and the private key must not be encrypted. There should be no password required to use the PEM file.
  • Any necessary intermediate certificates must also be appended to the end of the PEM file.
If you have requested and installed a certificate onto a Windows server using the Internet Information Service (IIS) certificate wizard, you can export that certificate with its private key to a Personal Information Exchange (PFX) file. To import this certificate onto the Access Gateway, you must convert the PFX file to the unencrypted PEM format.

You can use the open-source utility OpenSSL to perform the conversion from PFX to PEM. You can download a Win32 distribution of OpenSSL here:
http://www.slproweb.com/products/Win32OpenSSL.html


You might also need C++ re-distributable files if you want to use OpenSSL which can be obtained at the following URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF&displaylang=en

To convert a PFX file to a PEM file, follow these steps on a Windows machine: 
  1. Download and install the Win32 OpenSSL (Win32 OpenSSL v0.9.8i) package from http://www.slproweb.com/products/Win32OpenSSL.html 
  2. Create a folder c:\certs and copy the file yourcert.pfx into the c:\certs folder.
  3. Open a command prompt and change into the OpenSSL\bin directory: cd %homedrive%\OpenSSL\bin
  4. Type the following command to convert the PFX file to an unencrypted PEM file (all on one line): openssl pkcs12 -in c:\certs\yourcert.pfx -out c:\certs\cag.pem –nodes


  1. When prompted for the import password, enter the password you used when exporting the certificate to a PFX file. You should receive a message that says MAC verified OK.

  1. Point a browser to the Access Gateway administration portal or HTTPS port 9001: https://access-gateway-server:9001.
  2. Log on as root. The default password is rootadmin.
  3. Click the Maintenance link at the top of the page.
  4. Click the Browse button next to the Upload Private Key + Certificate (.pem) field. Browse to the c:\certs\cag.pem file and click Upload.
  5. Restart the Access Gateway for the new SSL certificate to be applied.

Sunday, September 26, 2010

How to increase traffic to your blog from google

  • First step: Go to Google and type in “Google keyword tool”. The first result is the Google Keyword Tool.
  • I recommend typing in a question word, like “how”, “how to”, or “what”, followed by a generic word that describes your blog, like “business”.



    • Sort by Global Monthly Search Volume. This is how many people, on average, search for this keyword in a month.
    • Look for keywords that have between 70 and 10,000 searches per month.
    • Important: You should only target one keyphrase with each of your blog posts.
    • Your blog post title and permalink should be this exact keyphrase. Resist the urge to add extra words.
    • Use your selected keyphrase several times in your blog post.
    • Also important: Make sure that when people link to your blog post, they use that exact keyphrase. The best way to do this is to make it the title of your blog post.
    • If you have a WordPress blog, download the free All In One SEO Pack to modify your page title, keywords, and meta description.
    • Your meta description is the sentence or two that appears below your blog post in Google search results.
      Guest posting, and linking to your blog post in the “blurb” at the end of your guest post, will help your post rank higher in the search engines.
    Use this simple system to get thousands of visitors to your blog every month!

    Have you had good results from using the Google Keyword Tool to rank your blog posts well in the search engines? Let me know in the comments.

    Monday, September 20, 2010

    What can I do if my ISP blocks the regular SMTP port 25?

    Some ISPs force their Customers to use strictly defined SMTP servers and charge them for this service. This is why they deny outgoing connections to port 25, which is the most commonly used port for the Internet SMTP servers.

    We have a solution for this - there is a SMTP server which is running on port 2525, which is most likely not to be denied. You just will have to set your local mail client (Outlook, Thunderbird, Eudora, etc) to connect on it. This is usually done in the Account configuration page.

    How to setup email in Outlook Express?

    In order to set up an Outlook Express e-mail account, you need to:
    - Start Outlook Express and click on the Tools menu. Then choose Accounts.
    - Click Add Account and select Mail.
    - On the Your Name page type your name as you want to appear to your recipients. Click Next.
    - Submit the e-mail address which the others will use to send email messages to you. Click Next.
    - On the E-mail Server Names page fill in: Incoming mail server (POP3 server): yourdomain.com
    Outgoing mail server (SMTP server): yourdomain.com
    You also need to set the SMTP port to 25 or 2525.
    - Type Username: You need to use the full e-mail account name. For instance: you@yourdomain.com.
    - Click Finish.
    You are done with setting an Outlook Express e-mail account.

    How to check if port 25 is open?

    If you get an error that your mail server is not found/not responding, and everything else on your email client is configured properly, most likely the problem is due to blocking on port 25 by your ISP.

    If you are using Microsoft Windows:
    1) Click the Start Menu button.
    2) Click Run.
    3) Type:
    "cmd" (without the quotes) and press the Enter button.
    4) When the command prompt appears, type the following:
    "telnet yourdomain.com 25" (without the quotes) and press the Enter button.

    If you are using Linux or MAC, just open a console and type "telnet yourdomain.com 25" (without the quotes) and press the Enter button.

    In both cases described above, you must see a welcome message, which states that you are connected to an SMTP server.

    Firefox 4: fast, powerful, and empowering

    Today, I presented an early product plan for Firefox 4 to the Mozilla community (live, over the web!) to share our vision for the next version of Firefox, and what projects are underway to realize it. Then I invited everyone to get involved by joining our engineering or product development efforts.
    The primary goals for Firefox 4 will be making a browser:
    • Fast: making Firefox super-duper fast
    • Powerful: enabling new open, standard Web technologies (HTML5 and beyond!),
    • Empowering: putting users in full control of their browser, data, and Web experience.
    Usually software producers don’t present these sorts of plans in public until they’re finalized, but Mozilla is a little different. We work in the open, socializing our plans early and often to gather feedback and build excitement in our worldwide community. Not everyone could attend the presentation today, though, so I’m sharing the slides and video here as well.

    That said: please understand that these plans are fluid and are likely to change. As with past releases, we use dates to set targets for milestones, and then we work together to track to those targets. We always judge each milestone release against our basic criteria of quality, performance, and usability, and we only ship when it’s ready.

    If you have Firefox or a modern web browser that supports fully open HTML video, you can watch the presentation.

    Sunday, September 19, 2010

    MIN (Mobile Identification Number)

    The MIN (Mobile Identification Number) is simply the phone number of the cellular telephone.
    Unlike the IMEI, the MIN is not an attribute of the physical phone. The MIN is stored in a database managed by the cellular provider and can be changed at any time.

    Unlocked Cell Phones

    To understand what an unlocked cell phone is, it is important to first understand what a locked cell phone is. A locked cell phone is a cell phone that can only be used with one cellular service provider. In contrast, an unlocked cell phone can be used with any cellular service provider.

    When a cell phone is locked, it will only recognize a SIM (Subscriber Identification Module) card that is issued by the cellular service provider which the cell phone is locked to (a SIM card is a microchip that stores data and provides cellular service once inserted into a cell phone). In regards to locked cell phones, a SIM card can only be transferred between cell phones that are issued by the same cellular service provider.
    If a cell phone is unlocked, it can recognize any SIM card, regardless of which cellular service provider it was issued by. Using the previous example of the Apple Glossary Link iPhone, a locked iPhone will only work with an AT&T SIM card. However, if an iPhone is unlocked, it can be used with a SIM card from any cellular service provider (such as T-Mobile).

    Advantages of Unlocked Cell Phones

    The most popular reason that people want an unlocked cell phone is that it increases their options for choosing a new cell phone. Continuing with the example of the Apple iPhone, when this phone was released, it was obviously in very high demand. However, there were many consumers who wanted to purchase the Apple iPhone but because they were already tied into a contract with a cellular service provider other than AT&T, they did not want to pay an early termination fee for breaking their current contract or become locked into a new contract with AT&T.
    For consumers who wanted an Apple iPhone but did not want to be forced to take either of the actions described above, their best option was to purchase an unlocked Apple iPhone. By doing this, they could take the SIM card out of their existing cell phone, put it into the Apple iPhone and keep their existing cellular service provider while still getting the new cell phone that they desired.
    The other reason that people want an unlocked cell phone is to keep their existing cell phone when they switch to a new cellular service provider. Because you can have your existing cell phone unlocked, if you have to switch to a new cellular service provider for any reason (such as your employer choosing to switch the cellular service provider of all the employees in your company), you can replace your old SIM card with the SIM card issued by your new cellular service provider and maintain your existing cell phone instead of settling for a phone that you don't like as much.

    Downsides to Unlocked Cell Phones

    The first downside to unlocked cell phones is that they only work with cellular service providers which run on a GSM (Global System for Mobile Communications) network. The reason is that cellular service providers which run on a Glossary Link GSM network use SIM cards in their cell phones, while cellular services providers which run on a Glossary Link CDMA network do not use SIM cards in their cell phones. Because SIM cards are necessary for a unlocked cell phone to function properly, it is simply not possible for cell phones issued byCDMA cellular service providers to be unlocked. In the US, AT&T and T-Mobile each run on GSM networks, while Sprint and Verizon run on CDMA networks.

    The second (and arguably most significant) downside to unlocked cell phones is their price Glossary Link tag. The reason that cellular service providers can sell new, popular cell phones at low prices is because they lock you into a two-year contract. By subsidizing the initial cost of a new cell phone, they can attract new customers and make a profit over the course of each customer's two-year contract. Therefore, while you may see a new phone advertised for $99, when it is purchased without a two-year contract, it may actually cost $300.
    The final drawback to unlocked cell phones is that it may result in you being unable to take advntage of certain features offered by a cellular service provider. For example, many cellular service providers install exclusive software on the cell phones that they sell directly to their customers, and if you purchase an unlocked cell phone, you will not have access to this software on your cell phone.

    Obtaining Unlocked Cell Phones

    There are four methods for obtaining an unlocked cell phone. The first method is purchasing a new unlocked cell phone. The easiest way to purchase a new unlocked cell phone is on the Internet. There are many different unlocked cell phones that are available from well-known websites like Amazon and eBay (before purchasing an unlocked cell phone from an eBay seller, take the time to review and evaluate their transaction history). If you are having trouble finding the unlocked cell phone you want on these major websites, a quick Google search of "cell phone name unlocked" should yield a retailer that sells the unlocked cell phone you want (as with eBay sellers, be sure to review the reputation of any retailer that you are not familiar with). Phone manufacturers may also sell unlocked cell phones directly through their website.

    The other three methods involve unlocking an existing cell phone. If you have completed the terms of your contract and you want to unlock your cell phone, your cellular service provider may be willing to help you unlock your cell phone. If this option is not available, you can find companies which will unlock your cell phone for a fee (ranging anywhere from $5 to $100). Finally, if you are technically savvy, you may be able to search and find a free guide online for unlocking your specific cell phone.

    How to Run as Administrator

    Running as administrator simply means that you are in logged into your Microsoft Windows computer as the administrator role which has the ability to install programs and do anything else. The administrator is the account that can make all changes to the computer. However, security experts warn against running in an administrator account because if a virus gets into the computer, it typically functions off of a permission based system. In other words, because the administrator can do anything on a computer, a virus can execute anything if it comes in through the administrator account.

    Therefore, the other way to "run as" administrator without having to be an administrator is to use the "run as" feature. What this allows you to do is install software even when you're not on the administrator account. The way it works is you punch in the administrator name and password when it asks for it and that verifies that you have permission to install. This way, you aren't logging into the administrator, but still have administrator powers. And doing it is very simple.

    The first step is to right click on the file that you want to run. For example, if you downloaded AOL Instant Messenger and you want to install it, right click on the file of Glossary Link AIM. You'll see a list of different tabs you could click. The one that you're looking for is the "Run as Administrator." When you click this, it prompts the computer to install the program because you have permission.

    However, before it will install, you need to put in the administrator password and username. Punch those in and then Glossary Link hit enter. This specific program at this specific time will recognize the administrator and begin installation. However, that doesn't mean that you've made your account an administrator account. If you tried to install another program without clicking "Run as Administrator," it wouldn't work. You have to do this each and every time.

    Protecting the computer is important. The Run as Administrator feature allows you to protect your computer, still have the ability to install programs, and limit the amount of times you need to log out of one account and into the administrator account. It's a simple trick to keep your computer safe.

    An Overview of Shared Folders and Shared-Folder Permissions

    Shared folder permissions are used to restrict access to a folder or file that is shared over the network. Folder sharing is normally used to grant remote users access to file and folders over the network. Web sharing is used to grant remote users access to files from the Web if Internet Information Services (IIS) is installed.
    Members of the Administrators or Power Users group can share folders on a Windows member server. You have to be a member of the Administrators or Server Operators group to share folders on a domain controller of a domain. Users that have the Create Permanent Shared Objects user right are able to share folders as well. To share folders on Glossary Link NTFS volumes, you have to minimally have the Read permission.
    When folders are shared, it is important to keep in mind that you can share folders only, and not files. For users that are locally logged on to a computer, shared folder permissions are irrelevant. Shared folders that are moved are no longer shared. When shared folders are copied, the copy is not shared. The original shared folder however remains shared.
    A few disadvantages associated with share permissions are listed below:
    • Shared folder permissions do not have as many permission options as NTFS permissions. The only shared folder permissions that can be assigned to users/groups are Read, Change, or Full Control.
    • Share permissions are not inheritable.
    • You cannot back up or audit shared folder permissions.
    • If you move or even rename a shared folder, the shared folder permissions for that particular folder no longer exist.
    Because of these disadvantages, shared folder permissions are typically utilized on drive volumes that are FAT or Glossary Link FAT32 volumes.
    You can use Windows Explorer to share only local folders. If you want to share local folders and remote folders, you would have to use Computer Management. You can use the File Server Management MMC snap-in to manage shared folders.
    The shared folder options that can be set when sharing a folder are listed below:
    • Do Not Share This Folder: The folder can only be accessed locally.
    • Share This Folder: The folder can be accessed locally and over the network.
    • Share Name: The name users would see and utilize to access the folder.
    • Description: Additional information on the shared folder.
    • User Limit: The maximum number of connections that are concurrently permitted to the shared folder.
    • Permissions: The manner in which users are allowed to access the folder.
    • Offline Settings: The manner in which folders are cached at times when the folder is offline.
    Shared folders basically enable users to access folders over the network. Shared folder permissions are used to specify those users that are allowed to access or connect to a shared folder over the network. Unlike NTFS permissions, shared folder permissions do not utilize access control lists (ACLs) to limit access to resources, and cannot be assigned to both folders and files. Shared folder permissions can only be specified for folders but can be specified for folders stored on volumes formatted with a file system other than NTFS.
    The shared folder permissions that can be configured are summarised below:
    • Read: The Read permission allows users to view folder and file names, and file data and the attributes of files. Users are also able to access the shared folder's subfolders, and run program files and scripts.
    • Change: that are granted the Change permission can perform all of the functions granted by the Read permissions as well as create and delete files and subfolders. Users are also able to change file attributes, change the data in files, and append data to files.
    • Full Control: Users that are granted the Full Control permission can perform all the tasks enabled by the Change permissions as well as take ownership of files, and change file permissions.

    How to share a folder

    Before you can set shared folder permissions, you have to share the particular folder over the network, that is, you have to create shared folders.
    Use the steps below to share a folder using Windows Explorer:
    • Right-click the folder that you want to share over the network and select Properties from the shortcut menu.
    • When the Properties dialog box of the folder opens, click the Sharing tab.
    • The Sharing tab is where you either enable or disable the share for the folder.
    • Click the Share this folder option to create a shared folder.
    • In the Share name box, enter a name for the share. This is the name that users will see or use to access the shared folder.
    • In the Description box, enter a description for the shared folder or any other additional information.
    • In the User limit section, the default setting is Maximum allowed. What this means is that the user limit is determined by the number of client access licenses available.
    • You can alternatively click the Allow this number of users option, and then specify the user limit.
    • Click OK.
    Use the steps below to share a folder using Computer Management:
    1. In Computer Management, right-click Computer Management in the console tree and click Connect to Another Computer from the shortcut menu.
    2. Select the computer using the Select Computer dialog box.
    3. Expand System Tools, Shared Folders and choose Shares in the console tree.
    4. All existing shares are displayed.
    5. Right-click Shares and click New Share from the shortcut menu.
    6. The Share A Folder Wizard launches now.
    7. Click Next on the initial screen of the wizard.
    8. In the Folder Path box, enter the folder path that should be shared.
    9. You can alternatively click Browse to locate the folder that should be shared. Use the Browse For Folder dialog box for this. Click Next.
    10. In the Share Name box, enter a unique name for the share.
    11. In the Share Description box, enter a description for the shared folder.
    12. Click Change if you want to configure Offline Files settings or options. The default setting is that files which users define for offline use is available offline.
    13. You can now set basic share permissions for the shared folder.
    14. Click Finish.
    How to publish shares in Active Directory using the File Server Management console to make it simpler for users to easily find shared folders in large networks, you should consider publishing the shared folder in Active Directory:
    1. Open the File Server Management console.
    2. Click Shares, right-click the shared folder that you want work with, and select Properties from the shortcut menu.
    3. Click the Publish tab.
    4. Enable the Publish This Share In Active Directory checkbox to publish the shared folder in Active Directory.
    5. Enter a description for the share in the Description box.
    6. In the Owner box, insert the e-mail address of the owner of the share.
    7. Click OK.

    How to view existing shared folder permissions using Computer Management

    Use the steps below to view existing shared folder permissions:
    1. Navigate to Computer Management.
    2. Proceed to connect to the particular computer where the shared folder resides on.
    3. Right-click the share, and choose Properties from the shortcut menu.
    4. When the Properties dialog box opens, click the Share Permissions tab.
    5. You can now view the users which can access the share. You can also view the type of access granted to users.

    How to configure shared folder permissions via Windows Explorer

    1. Open Windows Explorer.
    2. Right-click the folder that you want to set shared folder permissions for and choose Properties from the shortcut menu.
    3. When the Properties dialog box of the folder opens, click the Sharing tab.
    4. In the Sharing tab, click the Permissions button.
    5. When the Permissions for dialog box opens, click Add.
    6. The Select Users,​ Computers, or Groups dialog box opens next.
    7. Click Object Types, and check the Users checkbox. Click OK.
    8. Enter the name of the user/group in the Enter the object names to select section. Click OK.
    9. In the Group or user names box of the Permissions for dialog box, select the user/group.
    10. Next, either Allow or Deny the shared folder permissions.
    11. Click OK.

    How to set shared folder permissions via Computer Management

    1. In Computer Management, right-click the shared folder you want to configure permissions for and select Properties from the shortcut menu.
    2. Click the Share Permissions tab.
    3. Click Add.
    4. When the Select Users, Computers, Or Groups dialog box opens, enter the name of the user/group you want to set shared folder permissions for. Click Check Names.
    5. Click OK to add the user(s)/group(s) to the Name list box.
    6. You can now proceed to set shared folder permissions for the user/group.
    7. Click OK.

    How to change existing shared folder permissions via Computer Management

    1. In Computer Management, right-click the shared folder you want to change shared folder permissions for, and select Properties from the shortcut menu.
    2. Click the Share Permissions tab.
    3. Select the user/group whose permissions you want to modify in the Name list box.
    4. Proceed to change the permissions granted for the user/group using the Allow and Deny checkboxes.
    5. Click OK.

    How to remove shared folder permissions for users or groups

    1. In Computer Management, right-click the shared folder you want to remove shared folder permissions for; and select Properties from the shortcut menu.
    2. Click the Share Permissions tab.
    3. Select the user/group whose permissions you want to remove in the Name list box.
    4. Click Remove.
    5. Click OK.

    How to stop a folder from being shared

    1. In Computer Management, connect to the computer where the share resides on.
    2. Navigate to the Shares Glossary Link node.
    3. Right-click the share that you want to permanently remove; and select Stop Sharing from the shortcut menu.
    4. Click Yes to verify that the share should no longer exist.

    How to configure Web shares and Web shared folder permissions

    1. Open Windows Explorer.
    2. Right-click the folder that you want to share on the Web and select Properties from the shortcut menu.
    3. Next, click the Web Sharing tab.
    4. Use the Share On drop-down box to specify the particular Web site that you want to share the folder on.
    5. In the Access Permissions area, specify the access permissions for the shared Web folder.
    6. In the Application Permissions area, select permissions for applications in the folder.
    7. Click OK.

    Wednesday, September 15, 2010

    Horizontal Scrolling Menu made with CSS and jQuery

    There are a lot of cool flash scrolling menus out there, but I decided to make a similarly looking menu with just CSS and jQuery. I couldn't achieve the same smoothness in animation, but anyway I'm really satisfied with the result. My menu works fine in all major browsers and degrades gracefully when Javascript is turned off.
    In case you need a vertical version of a scrolling menu, please go to my newer tutorial.

    View the Result

    Creating markup

    Let's begin by creating the necessary HTML structure. We will use an unordered list with each list item containing an image and a caption. We will also add an additional wrapper element.
    <div class="sc_menu">
      <ul class="sc_menu">
        <li><a href="#">
          <img src="img/1.jpg" alt="Menu"/><span>Menu</span>
        </a></li>
        <li><a href="#">
          <img src="img/2.jpg" alt="Navigation"/><span>Navigation</span>
        </a></li>
        <li><a href="#">
          <img src="img/3.jpg" alt="Scrolling"/><span>Scrolling</span>
        </a></li>
        <li><a href="#">
          <img src="img/4.jpg" alt="jQuery"/><span>jQuery</span>
        </a></li>
      </ul>
    </div>

    Adding basic styling

    Now we need to add some some CSS rules.
    div.sc_menu {
      /* Set it so we could calculate the offsetLeft */
      position: relative;
      height: 145px;
      width: 500px;
      /* Add scroll-bars */
      overflow: auto;
    }
    ul.sc_menu {
      display: block;
      height: 110px;
      /* Max width here, for users without Javascript */
      width: 1500px;
      padding: 15px 0 0 15px;
      /* Remove default margin */
      margin: 0;
      background: url('navigation.png');
      list-style: none;
    }
    .sc_menu li {
      display: block;
      float: left;
      padding: 0 4px;
    }
    .sc_menu a {
      display: block;
      text-decoration: none;
    }
    .sc_menu span {
      /* We want a caption to display on the next line */
      display: block;
      margin-top: 3px;
      text-align: center;
      font-size: 12px;
      color: #fff;
    }
    The "width" and "overflow" properties are used to add a scroll-bar to the wrapper div. We set the "position" property for easier offset calculation with Javascipt. Don't forget that offset is always calculated relative to the positioned parent. You can view what we've done so far here

    Adding hover effects and borders

    The "display: none" property hides captions, and we will add "display:block" to ":hover" rule to show them when the mouse is above images.
    The "-webkit-border-radius" and "-moz-border-radius" properties add a rounded corners for Firefox, Safari and Chrome. Unfortunately, Internet Explorer doesn't support it and will display regular corners instead.
    That's how menu will look if Javascript is disabled.
    .sc_menu span {
      display: none;
      margin-top: 3px;
      text-align: center;
      font-size: 12px;
      color: #fff;
    }
    .sc_menu a:hover span {
      display: block;
    }
    .sc_menu img {
      border: 3px #fff solid;
      -webkit-border-radius: 3px;
      -moz-border-radius: 3px;
    }
    .sc_menu a:hover img {
      filter:alpha(opacity=50);
      opacity: 0.5;
    }

    jQuery

    We will need to add a jQuery to our document first. I use version hosted on Google API, because it is often already saved in the browser cache which noticeably reduces page load time.
    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js" type="text/javascript"></script>
    Here is what you should know to understand the code:
    $() is a shorthand for $(document).ready(), the most commonly used jQuery function. It allows you to bind a function to be executed when the DOM document has finished loading.
    $(function(){
      // Your code here
    });
    We will use the "mousemove" event to bind a function to be fired when the mouse is moved over menu.
    The "ul.width()" doesn't return real width of all images, because we have set an unordered list's width with CSS to make all images display in 1 line. We can get the real width adding last list item's width to it's left offset.
    We will use "lastLi[0]" to get the DOM element from the jQuery collection and "offsetLeft" to get the position of the upper left edge of the list item relatively to wrapper div.
    The event's "pageX" attribute returns the horizontal coordinate of the mouse relative to the whole document, but we need position relative to the wrapper div, so we will subtract "div.offset().left" from it.
    List must scroll faster than the mouse is moved to make that we use "(ulWidth-divWidth) / divWidth" proportion.
    Here is the Javascript:
    $(function(){
        //Get our elements for faster access and set overlay width
        var div = $('div.sc_menu'),
                     ul = $('ul.sc_menu'),
                     // unordered list's left margin
                     ulPadding = 15;
    
        //Get menu width
        var divWidth = div.width();
    
        //Remove scrollbars
        div.css({overflow: 'hidden'});
    
        //Find last image container
        var lastLi = ul.find('li:last-child');
    
        //When user move mouse over menu
        div.mousemove(function(e){
    
          //As images are loaded ul width increases,
          //so we recalculate it each time
          var ulWidth = lastLi[0].offsetLeft + lastLi.outerWidth() + ulPadding;
    
          var left = (e.pageX - div.offset().left) * (ulWidth-divWidth) / divWidth;
          div.scrollLeft(left);
        });
    });
    
    We are done! You can now view the final result.