Preparing an SSL certificate for use with AWS Elastic Load Balancer

Today I was tasked with re-keying our SSL certificate in preparation for the implementation of Amazon Web Service’s Elastic Load Balancer service.  In order to properly implement the load balancer into our existing architecture, it must be able to handle SSL connections.  We current employ GoDaddy’s Premium SSL Certificate, which gives you the familiar green bar in the address bar of your browser.  After copying and pasting the private key, certificate, and certificate chain data into the provided inputs, Amazon returned the following message: “Invalid private key.”

When I generate SSL certificate signing requests, I generally use the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Unfortunately, the resultant format is not compatible with AWS’s Elastic Load Balancer.  In order to counter the “Invalid private key” error, I issued the following commands:

openssl genrsa -des3 -out yourdomain.key 2048
openssl req -new -key yourdomain.key -out yourdomain.csr

After that, copy and paste the CSR contents into the CSR input provided by GoDaddy.  After doing this, I attempted to restart Apache HTTP Server, and noticed the following errors in /etc/httpd/logs/error_log.

[Mon Oct 07 17:55:24.779930 2013] [ssl:emerg] [pid 23786] AH02204: Init: Pass phrase incorrect for key of yourdomain:443
[Mon Oct 07 17:55:24.779981 2013] [ssl:emerg] [pid 23786] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

[Mon Oct 07 17:55:24.780076 2013] [ssl:emerg] [pid 23786] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 07 17:55:24.780093 2013] [ssl:emerg] [pid 23786] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)

Unfortunately, the new private key required a passphrase and Apache didn’t like that. While there are a number of approaches to resolve the issue between Apache and private key passphrases, I chose to remove it, both for the sake of simplicity, and because the Elastic Load Balancer will not accept a private key containing a passphrase. To remove the passphrase, use the following command:

openssl rsa -in yourdomain.key -out yourdomain.key.nopass

At this point, the HTTP server can be restarted, and the SSL certificate’s private key will work with Amazon Web Service’s Elastic Load Balancer.

Redirect from base URL using Apache HTTP Server

What I was trying to accomplish was quite simple—redirection from the base URL (e.g. http://webjawns.com) to a specified path within the same domain.  Even with a lot of experience, one can easily fall prey to assumptions about proper Redirect usage.  Instead of working as expected, the code below caused the repeated concatenation of the destination URL term (“tools” in this example).

# The WRONG way to redirect from the base URL
Redirect / /tools
Redirect / http://webjawns.com/tools

Traditionally, the Redirect directive is used as a simple method of redirection from one page to another. In the following example, the HTTP server will redirect the end user from old-index.html to new-index.html.


# Redirect from old-index.html to new-index.html
Redirect /old-index.html /new-index.html

If there is a way to use a Redirect directive to accomplish redirection from the base URL, I have not figured it out. To solve this problem, I used the rewrite engine, which works flawlessly.


RewriteEngine On
RewriteRule ^/$ http://tools.caffeinatedaviator.com/xgoflight [R=302,L]

Benchmark: Amazon EC2 vs. GoDaddy VPS

I recented started looking into Amazon EC2 as a potential replacement for my GoDaddy VPS servers, specifically for serving basic PHP-driven web sites. I used the standard ./Run command for UnixBench to obtain the results.  The GoDaddy VPS seems to deliver benchmark results closer to the dedicated server numbers I’ve seen, so I’m a little skeptical.  Also, remember that these tests do not consider network or database performance.  The results merely show raw performance metrics for general system functions, the filesystem, and processing.  The pricing for the AWS m1.small on-demand instance is close to that of the m1.medium high utilization reserved instance, and GoDaddy’s Value VPS.

Amazon EC2 (m1.small)

1 CPU; 1 parallel process

Test Score Unit Time Iters. Baseline Index
Dhrystone 2 using register variables 10319739.8 lps 10.0 s 7 116700.0 884.3
Double-Precision Whetstone 598.2 MWIPS 10.0 s 7 55.0 108.8
Execl Throughput 503.4 lps 29.9 s 2 43.0 117.1
File Copy 1024 bufsize 2000 maxblocks 99004.0 KBps 30.0 s 2 3960.0 250.0
File Copy 256 bufsize 500 maxblocks 26650.5 KBps 30.0 s 2 1655.0 161.0
File Copy 4096 bufsize 8000 maxblocks 320858.3 KBps 30.0 s 2 5800.0 553.2
Pipe Throughput 136761.9 lps 10.0 s 7 12440.0 109.9
Pipe-based Context Switching 27738.9 lps 10.0 s 7 4000.0 69.3
Process Creation 995.9 lps 30.0 s 2 126.0 79.0
Shell Scripts (1 concurrent) 798.2 lpm 60.0 s 2 42.4 188.2
Shell Scripts (8 concurrent) 107.8 lpm 60.1 s 2 6.0 179.6
System Call Overhead 114607.8 lps 10.0 s 7 15000.0 76.4
System Benchmarks Index Score: 164.4

Amazon EC2 (m1.medium)

1 CPU; 1 parallel process

Test Score Unit Time Iters. Baseline Index
Dhrystone 2 using register variables 20679983.9 lps 10.0 s 7 116700.0 1772.1
Double-Precision Whetstone 1203.0 MWIPS 10.0 s 7 55.0 218.7
Execl Throughput 1007.9 lps 29.8 s 2 43.0 234.4
File Copy 1024 bufsize 2000 maxblocks 200955.9 KBps 30.0 s 2 3960.0 507.5
File Copy 256 bufsize 500 maxblocks 52142.0 KBps 30.0 s 2 1655.0 315.1
File Copy 4096 bufsize 8000 maxblocks 645663.0 KBps 30.0 s 2 5800.0 1113.2
Pipe Throughput 271624.2 lps 10.0 s 7 12440.0 218.3
Pipe-based Context Switching 49830.7 lps 10.0 s 7 4000.0 124.6
Process Creation 2039.6 lps 30.0 s 2 126.0 161.9
Shell Scripts (1 concurrent) 1635.5 lpm 60.0 s 2 42.4 385.7
Shell Scripts (8 concurrent) 221.6 lpm 60.2 s 2 6.0 369.4
System Call Overhead 221863.8 lps 10.0 s 7 15000.0 147.9
System Benchmarks Index Score: 327.1

GoDaddy VPS (Value)

8 CPUs; 1 parallel process

Test Score Unit Time Iters. Baseline Index
Dhrystone 2 using register variables 9835137.0 lps 10.0 s 7 116700.0 842.8
Double-Precision Whetstone 1950.9 MWIPS 10.0 s 7 55.0 354.7
Execl Throughput 2848.4 lps 29.5 s 2 43.0 662.4
File Copy 1024 bufsize 2000 maxblocks 349825.6 KBps 30.0 s 2 3960.0 883.4
File Copy 256 bufsize 500 maxblocks 110633.5 KBps 30.0 s 2 1655.0 668.5
File Copy 4096 bufsize 8000 maxblocks 826791.7 KBps 30.0 s 2 5800.0 1425.5
Pipe Throughput 729108.2 lps 10.0 s 7 12440.0 586.1
Pipe-based Context Switching 139871.3 lps 10.0 s 7 4000.0 349.7
Process Creation 6944.0 lps 30.0 s 2 126.0 551.1
Shell Scripts (1 concurrent) 2804.8 lpm 60.0 s 2 42.4 661.5
Shell Scripts (8 concurrent) 1118.6 lpm 60.0 s 2 6.0 1864.4
System Call Overhead 574243.2 lps 10.0 s 7 15000.0 382.8
System Benchmarks Index Score: 674.6

8 CPUs; 8 parallel processes

Test Score Unit Time Iters. Baseline Index
Dhrystone 2 using register variables 64631491.4 lps 10.0 s 7 116700.0 5538.3
Double-Precision Whetstone 15359.3 MWIPS 10.2 s 7 55.0 2792.6
Execl Throughput 13342.2 lps 29.5 s 2 43.0 3102.8
File Copy 1024 bufsize 2000 maxblocks 299406.7 KBps 30.0 s 2 3960.0 756.1
File Copy 256 bufsize 500 maxblocks 91395.5 KBps 30.0 s 2 1655.0 552.2
File Copy 4096 bufsize 8000 maxblocks 720403.8 KBps 30.0 s 2 5800.0 1242.1
Pipe Throughput 4444252.9 lps 10.0 s 7 12440.0 3572.6
Pipe-based Context Switching 1509897.0 lps 10.0 s 7 4000.0 3774.7
Process Creation 32437.4 lps 30.0 s 2 126.0 2574.4
Shell Scripts (1 concurrent) 13964.5 lpm 60.0 s 2 42.4 3293.5
Shell Scripts (8 concurrent) 1931.7 lpm 60.3 s 2 6.0 3219.5
System Call Overhead 2955368.4 lps 10.0 s 7 15000.0 1970.2
System Benchmarks Index Score: 2263.1

Enabling fullscreen Flash on dual monitors with Adobe Flash 10.1.102.64 on Windows 7

The following steps will allow Adobe Flash to be in fullscreen mode while working on more than one monitor.  You can download Adobe Flash 10.1.102.64 via Adobe’s web site.  Although they are similar, these directions will not work with older versions of Flash.  Please check our archives for directions on dealing with older versions; however, ensuring Flash is kept up to date is imperative in dealing with security risks, and performance issues, so it is recommended that you update immediately.

  1. Download a free hex editor if you don’t already have one.
  2. Exit your web browser, and any other applications.
  3. Open NPSWF32.dll in your hex editor. If you are using Windows 7 or Vista, you will have to run the application as an administrator. (Right-click on application executable and click Run as administrator)
    • 32-bit: C:WindowsSystem32MacromedFlash
    • 64-bit: C:WindowsSysWOW64MacromedFlash
  4. Before proceeding, make a backup, just in case something goes wrong. Placing an underscore before the filename will be sufficient (_NPSWF32.dll).
  5. Search for 180E40 (in XVI32, go to Address menu and click Go to).
  6. Look for the following sequence: 48 74 39 83 E8 07 …
  7. Change 74 39 to 90 90.
  8. Save file as NPSWF32.dll.

Viola!  This will enable fullscreen mode on YouTube, and other video sites while working on two monitors. You are able to work within Word, Firefox, etc., while watching Flash videos in fullscreen!

How to allow fullscreen on dual monitors with Flash 10.1.85.3

NPSWF32.DLLBecause Adobe Flash does not allow the user to move outside the animation or video while in fullscreen mode, slight alterations are needed with each release.  If you are interested in allowing Flash to be in fullscreen mode while working on other things, follow the steps below.  This will only work for Adobe Flash 10.1.85.3. If you have an earlier version, it is highly recommended that you upgrade due to a recently discovered security vulnerability. (upgrade to Adobe Flash 10.1.85.3)

  1. Download a free hex editor if you don’t already have one.
  2. Exit your web browser, and any other applications.
  3. Open NPSWF32.dll in your hex editor. If you are using Windows 7 or Vista, you will have to run the application as an administrator. (Right-click on application executable and click Run as administrator)
    • 32-bit: C:WindowsSystem32MacromedFlash
    • 64-bit: C:WindowsSysWOW64MacromedFlash
  4. Search for 180DA7 (in XVI32, go to Address menu and click Go to).
  5. Look for the following sequence: 48 74 39 83 E8 07 …
  6. Change 74 39 to 90 90.
  7. Before you save this file, you may want to make a backup, just in case something goes wrong.
  8. Save NPSWF32.dll.

Once you are finished, open up a video in fullscreen mode on YouTube or another video site.  You should now be able to work within Word, Firefox, etc., while watching any Flash video in fullscreen!

21st Century Browser Wars: Firefox 3.7 pursues 64-bit support, Aero integration, and more

From time to time, I like to download the latest and greatest version of Firefox and other software, which allows me to get a sneak peek at some of the new features.  I was very happy to see that Mozilla has decided to pursue development of Firefox specifically for 64-bit Windows-based systems.  To my knowledge, 64-bit Firefox has been available for Linux and Mac for some time, but not Windows.

Almost immediately upon loading the nightly build of Firefox 3.7, I noticed that developers had given the web browser a much needed facelift.  The facelift includes integration with Windows Aero which gives us a translucent glassy effect, and the ability to move tabs above the location bar, similar to Google Chrome.  This is a huge step forward from being forced to utilize Glasser, among other plugins.

I absolutely love the Add-ons Manager, which a huge step up from the tiny dialog given in FF 3.6 and earlier versions.  The intuitive Add-ons Manager is the central location for controlling languages, search engines, extensions, themes, and plugins.  Much like the Programs and Features (Add/Remove Programs) section of Control Panel in Windows, the user can sort by name, size, and last updated, as well complete a custom search using keywords.  Visual indicators make life easier by singling out add-ons marked for removal, and those to be disabled.  From the Add-On Manager interface, users can also rate extensions, contribute to development, check for updates, or even stop automatic updates from occurring.

I was impressed with some of the improvements made in the Firefox 3.7a5 release, but it is obvious that they have a long road ahead before this is ready for release.  I’m hoping that Mozilla can add some of the polish that will thrust this browser to the #1 spot, and into the 21st century.  The Browser Wars have only just begun.  The newest version of Opera offers some of the smoothest browsing I’ve ever experienced with an excellently-designed user interface.  Google Chrome offers simplicity, but with speed unmatched by any other browser.  Chrome also offers seamless integration into most Google services.  I am a loyal Mozilla Firefox user, but a user with a wish list.  My only hope is that Mozilla never stops pursuing the #1 spot, as I believe they have the best browser platform on the market, and an unmatched arsenal of extensions.

Removing Facebook Fan Page admin permissions for yourself

I recently changed jobs, and ended up still being connected to a Facebook fan page.  Because there was no real admin section dedicated to defining permissions, I thought that if I unliked the page, it would properly remove me as an administration; thus stopping all email notifications for the page.  This turned out to be false, and after a lot of time trying to figure this out, I hit the search engines.  After some research I found that you can remove admin permissions via the Fans dialog, but I was not listed.  Although not the least bit intuitive, there is a solution; this is what I had to do in order to revoke all administrator-level permissions:

  1. If you are not listed as a Fan, click the Like button at the top of the page.
  2. Scroll to the Fans section, and click See All.
  3. Find yourself within the Fans dialog (I appeared first in the list after re-liking the page).
  4. Click Remove Admin, located next to your name.
  5. If you so desire, you may now use the Unlike button at the bottom of the page to remove yourself as a Fan.

That’s all it took for me!  I hope this helps some of you still struggling with this issue.

Thoughts on using Windows 7 with a touch screen

Not too long ago, I wrote about the first affordable consumer touch screen monitor that I’ve seen to date, the Acer T230H.  A few days ago, I actually went out and bought one of these for myself.  Computing with a touch screen monitor is quite different than the experience one receives with a mouse and keyboard.  There are many advantages to using a touch interface, but also a few disadvantages. Continue reading Thoughts on using Windows 7 with a touch screen

Track mobile carriers, devices with Google Analytics

I might be a little late to the game with this news, but I just noticed that Google Analytics now has a section devoted to mobile phones within the Visitors portion of the interface.  Within the Mobile subcategory, users can now track mobile device, and even mobile carrier.  This answers a huge question a lot of people have had recently – how many of my users are mobile users?

Finally, an affordable touch screen monitor to use with Windows 7 Touch

Somewhat recently, Acer released the first affordable touch screen monitor for use with Windows 7’s touch capabilities.  The 23″ Acer T230H has an average price of $370, and is available from most major retailers at that price.  While Acer’s monitors are typically cheaper in price than others, my personal experience with Acer’s products has been very good.  All of our favorite features become much easier to use when coupled with Windows 7 Touch.

  • Shake – shake window back and forth, all other windows are minimized
    In my experience, this feature has made little sense when used with a mouse.  With the power of touch, shake makes more sense.
  • Jump lists – click, hold, and slide up to reveal Windows 7’s jump lists, which include shortcuts to various tasks for the selected application on the task bar
  • An article from Microsoft: My favorite ways to use touch

To put this into perspective, a 19″ touch screen monitor from Planar costs around $929 (Source: newegg.com); that’s kind of cost-prohibitive for the average consumer.  Prices for touch technology are coming down rapidly, and I think it is safe to assume that other computer monitor manufacturers will join the game soon.  Acer T230H tech specs are listed below:

  • Connectors: HDMI, DVI, D-Sub
  • Contrast Ratio: 80,000:1 (ACM)
  • Max. Resolution: 1920 x 1080 (16:9 widescreen)
  • Pixel Pitch: 0.265 mm
  • # of Colors: 16.7 million
  • Brightness: 300 cd/m2
  • Response Time: 2 ms (GTG)
  • HDCP support: Yes
  • Built-in Speakers: Yes
  • Warranty: 3 years parts/labor limited