Extract the Certs (All of Them)

Quick way to extract the main cert, and the intermediate CA and ROOT ca from a host.

echo "" | openssl s_client -showcerts -prexit -connect HOSTNAME:443 2> /dev/null | sed -n -e '/BEGIN CERTIFICATE/,/END CERTIFICATE/ p'

One sees a PEM as output (just capture into a file one can use)

Changing a Keystore and Key’s Password

The following set of commands walks through HOW to execute a change to a keystore passwords and key.

Create a list of keystores

cat << EOF > keystore-list.txt
Iterate over the list to check status and process 
for KEYSTORE in `cat keystore-list.txt`
[ ! -f $KEYSTORE ] && echo NOT 

VAL="`cat $KEYSTORE | wc -l`"
[ ${VAL} -eq "1" ] && echo NOT_RIGHT

# show the private key / trust key 
keytool -keystore $KEYSTORE -list -storepass ACTUAL_PASS 2>&1 | grep -v Warn | grep -v PKCS12 | grep -i PrivateKey
keytool -keystore $KEYSTORE -list -storepass ACTUAL_PASS 2>&1 | grep -v Warn | grep -v PKCS12 | grep -i Trust


Change the Passwords for the Key

keytool -keypasswd -alias default -keypass OLDKEYPASS -new NEWpassword -keystore testKeystore.jks -storepass OLDPassword
keytool -storepasswd -keystore ./fhir-server-test/src/test/resources/fhirClientKeystore.jks -new change-password -storepass password


MacOSX: Fast Navigation in a Terminal

After writing a long command, navigate back to a point using the mouse and option key. OPTION + MOUSE-CLICK on the location point to edit.

Formatting JSON with VIM

I am working on an analytics project where we generate very complicated medical analysis and put it in a hierarchical data model.

{ "test" : { "test1" : "val1" } }

Open the JSON in vim and use python -m json.tool

:%!python -m json.tool


    "test": {
        "test1": "val1"

Note: jq (jq is another option, but… not always available on every system, python tends to work everywhere).


Using jjs to confirm issue with DatatypeConverter in WebSphere Liberty

I kept running into a funky ‘java.lang.NullPointerException’ with the WebSphere Liberty included DataValidator. To debug the issue, I used the jjs – nashorn engine

If you need, to figure out where the class is located

try {
Class c = Class.forName("javax.xml.bind.DatatypeConverter");
System.out.println("Location " + c.getProtectionDomain().getCodeSource().getLocation());
} catch (ClassNotFoundException e1) {
TODO Auto-generated catch block

You’ll get output like this:

Location /opt/ibm/wlp/dev/api/spec/com.ibm.ws.javaee.jaxb.2.2_1.0.12.jar

Then you can look at the default JDK – Java SDK – 1.8

jjs> javax.xml.bind.DatatypeConverter.printHexBinary("get".getBytes())

Then you can look at the specific jar with jdk Java SDK – 1.8 + Liberty Jaxb

/opt/ibm/ibm-java-sdk-8.0-4.5/jre/bin/jjs --dump-on-error -classpath "/opt/ibm/wlp/dev/api/spec/com.ibm.ws.javaee.jaxb.2.2_1.0.12.jar:." 
jjs> javax.xml.bind.DatatypeConverter.printHexBinary("get".getBytes())

From this, I determined that I needed to update in com.ibm.websphere.javaee.jaxb.2.2_1.0.20.jar