Friday, November 17, 2017

Sending ESC/P Commands to a USB Barcode Printer on Windows 7

Assume we have a binary file with ESC/P commands, barcode.bin.

Some of the DOS commands you would try are:

C:\>type barcode.bin > COM1
C:\>copy barcode.bin COM1
C:\>copy barcode.bin USB001

If one these work for you, congratulations! They didn't work on my Windows 7 64 bit OS. Windows 7 does not assign COM port to USB device. Checking the printer properties shows that it is connected to port USB001. But executing the last command above does not work. Windows 7 DOS command does not recognize USB001 as a device. I have to do this instead.

C:\>NET USE LPT1: \\COMPUTERNAME\PRINTERNAME /PERSISTENT:YES

C:\>copy barcode.bin LPT1


TADA.. It works.

Posted by at 3 comments:
Labels: , , , , ,

Thursday, November 2, 2017

Oracle 11g Web Interface and Microsoft Web Security

If you experience problem accessing the Oracle web interface (https://localhost:1158/em), most probably is because the Microsoft security is blocking it.

 Microsoft announces that the use of RSA certificates that have keys that are less than 1024 bits long will be blocked.

 The RSA root certificate issued by Oracle is 512 bits and is considered weak by Microsoft. The proper solution is for Oracle to create and issue a proper certificate. Since, in my opinion, this is Oracle's fault on overlooking the security issues. However, there is a work-around, and it is to reduce the security of Microsoft Windows (not advisable but if you have no other choice).

RSA Minimum Public Key Length

By default, this key does not exist in the windows registry and default to 1024 bits. You can change it by using the certutil command.

certutil -setreg chain\minRSAPubKeyBitLength 512

 You may revert to the default by deleting the registry key:

 certutil -delreg chain\minRSAPubKeyBitLength

Enable Weak Root Certificate

certutil -setreg chain\EnableWeakSignatureFlags 2

 The flag number 2 tells windows to allow weak certificate signature and disable logging. If you feel there is a need to log weak signatures, use flag number 8. The following are the flag number and meaning:

 2 - unblock and do not log
4 - block and log, WeakSignatureLogDir required
6 - block and log, WeakSignatureLogDir required
8 - unblock and log, WeakSignatureLogDir required

 certutil -setreg chain\WeakSignatureLogDir "c:\weaksignaturelog"

 Ensure c:\weaksignaturelog has proper permissions set.

Allow signatures that was signed before January 2010

The WeakRsaPubKeyTime is an 8 byte REG_BINARY value that contains a Windows FILETIME data type stored as UTC/GMT. This value is available primarily to reduce potential problems by blocking keys that have a length of less than 1024 bits for Authenticode signatures. Certificates that are used to sign code before the configured date and time are not checked for keys that have a length of less than 1024 bits. By default this registry value is not present and is treated as early morning January 1, 2010 at midnight UTC/GMT.

 Note: This setting is only applicable to when a certificate was used to Authenticode sign a time stamped file. If the code is not time stamped, then the current time is used and the WeakRsaPubKeyTime setting is not used. 

 The WeakRsaPubKeyTime setting allows for the configuration of the date for which to consider older signatures valid. If you have reason to set a different date and time for the WeakRsaPubKeyTime, you will can use certutil to set a different date. For example, if you wanted to set the date to August 29, 2010, you could use the following command: 

 certutil -setreg chain\WeakRsaPubKeyTime @08/29/2010

 If you must set a specific time, such as 6:00 PM on July 4, 2011, then add the number of days and hours in the format +[dd:hh] to the command. Because 6:00 PM is 18 hours after midnight on July 4, 2011, you would run the following command:
certutil -setreg chain\WeakRsaPubKeyTime @01/15/2011+00:18

Trusted Root Certificate

You should install the certificate into Windows as Local Machine and Trusted Authority Root Certificate. This is how you do it. When the web interface is accessed with IE, click on the certificate error, then click View Certificate and click Install.

 If you need to delete old Oracle certificates that was accidentally installed, use the Manage Certificate console.

Security Zone Problem

If you have done all of the above and still receive a blank web page when you access https://pcname:1158/em, it is very likely the Web Security Zone is wrong if you can access via https://localhost:1158/em because localhost is in the Intranet Zone.

 If you accessed via https://localhost, there is a certificate error stating mismatch address because Oracle trusted certificate is for http://pcname.

 By default, URL https://pcname is put under the Internet Zone. In order to force this url to the intranet zone, add it into the Trusted Site of the Intranet Zone in the Internet Setting.


Other reference:

http://www.careexchange.in/install-and-configure-certificate-authority-in-windows-server-2016/

 https://support.microsoft.com/en-us/help/2661254/microsoft-security-advisory-update-for-minimum-certificate-key-length

Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)