01 - IoT Tech Security/Compliance Corner

00-toc.md

Toc

citrix-install.md

The installation of the client

• First you need to down load your certs. For me this meant loggin into the secure gateway. (vpn gateway).

https://remoteaccess.aib.ie

• Right clicking on the "green lock" icon from the browser, and exporting all three certiicates. I saved them in a tmp folder.

ae@ae-Unknow:~/ICAClient/linuxx86/util$ sudo cp ~/tmp/*.crt  /opt/Citrix/ICAClient/keystore/cacerts/
ae@ae-Unknow:~/ICAClient/linuxx86/util$ sudo cp ~/tmp/*.crt  ~/ICAClient/linuxx86/keystore/cacerts/

• link the mozilla folder to

sudo ln -s /usr/share/ca-certificates/mozilla /opt/Citrix/ICAClient/keystore/cacerts

• then rehash both folders

sudo c_rehash /usr/share/ca-certificates/mozilla/  ~/ICAClient/linuxx86/keystore/cacerts/

Notes

• Full ubuntu doc here
  https://help.ubuntu.com/community/CitrixICAClientHowTo

• Verisign trusted root store is available here...

wget http://www.symantec.com/content/en/us/enterprise/verisign/roots/roots.zip  

Instead of exporting from browser, you could get the certs here? and copy them over to /opt/Citrix/ICAClient/keystore/cacerts/

linux-on-windows.md

https://thenewstack.io/finally-linux-containers-really-will-run-windows-linuxkit/

ssl-certs.md

Backbround

There are many SSL provides.

• Let’s Encrypt

Idea is that the provider will provide a client that you install on the server, pi in this case, and the client will then retrieve the certs for you, via the browser.

Theres two kinds, the self signed , and the trusted authority kind.

Ingredients :

https://www.youtube.com/watch?v=yjZOyANmKWU Excellent Turoiral

• https://www.youtube.com/watch?v=YR6-6XUC3sY https://youtu.be/YR6-6XUC3sY

1. Domain Name : iot-tech.ie
2. IP Address or web server:
3. Public key : local.crt
4. Private key : local.key

Steps

Browser: Get Certs from provider

Prerequiste

• domain name already set up! AND it is pointing at your IP address

Note

• IP Address cannot have a certified SSL Certificate.

Providers

• https://www.blacknight.com/security/ssl/?cn-reloaded=1
• Lets encrypt.

What If

1. Before you start what ports is your server listing on netstat -tupan
2. mod_ssl is not installed? then do and restart htppd. yum install mod_ssl
3. Is 433 open on your router.

virtualise-windows.md

Windows Native Go to windows features, enable the linux subsystem

or Install from windows store https://msdn.microsoft.com/en-us/commandline/wsl/install_guide

Docker Approach https://www.docker.com/products/docker-toolbox https://docs.docker.com/get-started/

LXC Approach

windows-on-linux.md

http://itswapshop.com/tutorial/how-install-windows-version-firefox-ubuntu-linux-wine
http://ubuntuhandbook.org/index.php/2015/12/install-wine-1-8-stable-new-ppa/