Friday, November 06, 2020

Migrating a website to shopify, while keeping your email working

Recently a site I was hosting on my shared host decided to move their online presence off Joomla to the shopify platform.  The website was originally on a shared host; which is fine but when the site was moved to shopify, I was asked to update the A and cname records for the domain to the shopify ip and url.

My host on CPANEL when you setup a domain, puts in a bunch of default settings for the domain, as they should.  Here is a sample of a default setup.


This client is forwarding domain emails to a gmail account, they don't have google apps or anything like that and it isn't required for them.  So when I updated one mx record pointing to my main a record and when I updated the A record to point to the new IP and change the cnames to point to shops.myshopify.com, my client being unaware that shopify doesn't provided email service email just stopped working because the mx record was pointing to the main A record.  This caused all email pointing to domain.ca to stop which was being forwarded by the server to a web email service.


The solution was to make a new A record with the old ip address in this case making a name record mail.domain.ca A = sharedhost IP and putting a new cname domain.ca MX = mail.domain.ca


Now you can see here I removed the mail.domain.ca cname record I felt it was redundant but if I have problems I can always put it back in especially since the mail.domain.ca was not being used.  I do have to setup DMARC but that is something else that I'm not doing at the moment.

Tuesday, November 03, 2020

Creating and Installing a SSL/TLS Certificate on a Windows Papercut Server

Papercut has a pretty good tutorial for updating/installing an SSL Certificate on papercut but I found it a little hard to follow, if you want to see the origionanl post go to https://www.papercut.com/kb/Main/SSLWithKeystoreExplorer.  As in their post I also recommend using KeyStore Explorer for installing the SSL Certificate as it makes it much easier.  

I am using an existing wildcard cert for securing this server.  I have also setup the server to use port 80 and 443.  I am working directly on the papercut server to create the cert, you can create the cert on another machine then copy the cert over and begin the import process using KeyStore Explorer, or even copy the file you create using keystore explorer to the papercut server.

To start if you haven't install the openssl tools, and create a compatible certificate if you haven't https://wiki.openssl.org/index.php/Binaries


Create you certificate (I'm working out of the OpenSSL Directory - "C:\Program Files\OpenSSL-Win64\bin") and my source is a wildcard cert for an apache webserver.

openssl pkcs12 - export -out $PATH\To\Save\$mycertname.pfx -inkey "$Path\to\privatekey\$cert.key" -in "$Path\to\crt\" enter export password and verify

I saved this to the OPENSSL directory.


To install the certificate into papercut open KeyStore Explorer

1. Click Create a new Key Store


2. Select JKS, then click OK


3. Click the Import Key Pair icon


4. Select the type of certificate you are using, then click OK, I'm using PKCS Certificate which we created earlier


This is normally PKCS12 (.pfx, .p12), but it depends on where your certificate came from.

5. Click Details to verify the certificate. If you get an error, it could be the password or the wrong certificate type

pkcs12 import
pkcs8 import

6. In the Enter Alias field, enter an alias for the newly imported Certificate, this can be anything, but in this case we are putting print.papercut.com, then click OK


7. Save your KeyStore


8. Set the password for your KeyStore 
then click OK, Remember to make a note of this, as you will need to re-enter this later when you set the value for the “server.ssl.keystore-password” value in the server.properties file.


9. 
I saved it in 2 places, my documents folder and to the papercut custom directory located in the PaperCutMF Server Folder ie (C:\Program Files\PaperCutMF\server\custom) which we will use later.



10. Edit the papercut server.properties file typically located in the server folder and change the values below to match your filename and passwords and remember to remove the # signs to enable these keys



server.ssl.keystore=custom/$papercut-keystore (in my case it is called papercut)
server.ssl.keystore-password=$PASSWORD
server.ssl.key-password=$PASSWORD




11. Restart the PaperCut Application Server service and check https://your.fully.qualified.domain.name:$port/admin, in my case it is https://print.papercut.com/admin

How to fix CURL call imporitng an RSS feed on a site blocking CURL calls

There is a 3rd party service provider that my organization uses called bibliocommons.  They have these nice book carousels.  However the car...