Configuring client/server SSL authentication on Tomcat

Generate the client and server keystores, entering the hostname as CN (common-name):

$ keytool -genkeypair -alias serverkey -keyalg RSA -keystore server.jks
$ keytool -genkeypair -alias clientkey -keyalg RSA -keystore client.jks

Export the client’s public certificate and import it in the server’s keystore:

$ keytool -exportcert -keystore client.jks -alias clientkey -file client-public.cer
$ keytool -importcert -keystore server.jks -alias clientcert -file client-public.cer

Export the server’s public certificate and import it in the client’s keystore:

$ keytool -exportcert -keystore server.jks -alias serverkey -file server-public.cer
$ keytool -importcert -keystore client.jks -alias servercert -file server-public.cer

Enable SSL Connector on {tomcat.home}/conf/server.xml:

        clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
        enableLookups="true" disableUploadTimeout="true"
        acceptCount="100" maxThreads="200"
        scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS"
        keystoreType="JKS" keystorePass="changeit"
        truststoreType="JKS" truststorePass="changeit"

Create a client keystore in PKCS12 format to use in Google Chrome:

$ keytool -importkeystore -srckeystore client.jks -destkeystore client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcalias clientkey -destalias clientkey

In case of “ No subject alternative names present” on client side, generate key with address ip info:

$ keytool -genkeypair -alias serverkey -keyalg RSA -keystore server.jks -ext san=ip:

Post to Twitter Post to Delicious Post to Facebook Post to Google Buzz Send Gmail

diff & patch

The command diff can compare two files and it can, by using the -r option, walk entire directory trees, recursively checking differences between subdirectories and files that occur at comparable points in each tree.
In some case, it’s useful to know only whether (and which) files differ, not the details of the differences (-q option). For example:

diff -bBqr dirA/ dirB/

-b and -B are tricks options to ignore white space and blank lines.

By using unified output format (-u option) is also possible to create a patch:

diff -bBNru dirA/ dirB/ > fix.patch

-N includes added and removed files.

To Apply patches to entire directories it’s necessary to pay attention about setting a “p level”. The p level instructs patch to ignore parts of the path name so that it can identify the files correctly.
For example, with a name like:


…and a working directory that contains:


…the patch process requires the following command:

patch -p5 < fix.patch

In general, count up one for each path separator (slash character) that you remove from the beginning of the path, until what's left is a path that exists in your working directory. The count you reach is the p level.

Post to Twitter Post to Delicious Post to Facebook Post to Google Buzz Send Gmail

Reverting to a previous Subversion revision

Reverting to a previous version of your software in Subversion, you merge the changes from your current revision back to the revision you want to revert to.
So, for example, if you want to revert the trunk of your application from revision 682 to 680, you would do the following:

svn merge -r 682:680

Subversion calculates the changes between revision 682 and revision 680 of the trunk and applying them to your working copy.
If you want to see exactly what changes will be applied, do a diff:

svn diff -r 682:680

Finally, since the merge happens on your local working copy, you need to commit it to the repository.

Post to Twitter Post to Delicious Post to Facebook Post to Google Buzz Send Gmail

Subversion keywords on Java files

Subversion has the ability to substitute keywords—pieces of useful, dynamic information about a versioned file—into the contents of the file itself. The list of keywords available for substitution are:

  • Date – describes the last time the file was known to have been changed in the repository.
  • Revision – describes the last known revision in which this file changed in the repository.
  • Author – describes the last known user to change this file in the repository.
  • Id – is a compressed combination of the other keywords.

Now combine svn-keywords with JavaDoc of a Java Class. A tipically header template can be:

 * @author Pasquale Marcoccia
 * @version $Revision$ on $Date$ by $Author$


 * @author Pasquale Marcoccia
 * @version $Id$

To tell Subversion whether or not to substitute keywords on a particular file, we can use propset subcommand. The svn:keywords property, when set on a versioned file, controls which keywords will be substituted on that file. The value is a space-delimited list of the keyword names.

svn propset svn:keywords "Date Revision Author Id"

We can set keywords on all java files in a directory:

find myProject/ -type f -name '*.java' -exec svn propset svn:keywords "Date Revision Author Id" {}  \; -print

Instead, for files added later, we can automatically set keywords changing svn config file (~/.subversion/config):

enable-auto-props = yes
*.java = svn:keywords=Date Revision Author Id

Post to Twitter Post to Delicious Post to Facebook Post to Google Buzz Send Gmail

Resize a VMWare disk

To resize a VMWare disk there is an easy way: VMWare vCenter Converter. Unfortunately a linux version is not available. Additionally, this process seems to be very slow and at the end VMWare Tools needs to be re-installed.

So here a manual procedure:

  • turn off the virtual machine
  • remove all snapshots (or revert to one)
  • run
    vmware-vdiskmanager -x {size} {disk}

    {size} is the new size of the disk (for example 8GB) and
    {disk} is the full path of the file .vmdk.

This procedure only expands the disk and not the partition. If the virtual disk is partitioned, you will need to use a third-party utility to resize the expanded partitions (Partition Magic, GParted Live CD, Paragon Partition Manager). If you are using the Windows DiskPart utility, it can only extend data volumes; if you use the DiskPart utility to extend a system or boot volume, you may get an error.

Post to Twitter Post to Delicious Post to Facebook Post to Google Buzz Send Gmail