Category Archives: AWS

Install Firefox on Amazon Linux x86_64 Compiling GTK+

Amazon Linux doesn’t offer the Gimp Tool Kit (GTK+) so if you want to run Firefox on an Amazon Linux system, say for Selenium testing, you are left having to compile the system yourself.  Luckily you have found this post.  Create the script below, run it as root and it will build all the components needed for GTK+ and its dependencies for Firefox to run just fine on the system.

vi ./gtk-firefox
chmod 755 ./gtk-firefox
sudo ./gtk-firefox

After you have built the packages, add the /usr/local/bin to your path by updating your .bashrc file.

cat << EOF >> ~/.bashrc
PATH=/usr/local/bin:\$PATH
export PATH
EOF

Here is the gtk-firefox file for your pleasure.

If you are running OSX Mountain Lion or above and cannot get Firefox to run via the SSH -X command, make sure you have XQuartz installed as Apple removed X11 by default.

Edited to make Firefox latest release more reliable. Updated with Gist.

Edit 11/21/2012: Added dbus-glib dependency to gist. Added notes about running on OSX

Creating a X.509 or Signing Certificate for AWS EC2 using Powershell and Windows SDK

Currently Amazon AWS only allows Base-64 encoded certificates to be used as an EC2 credential.  Further when creating a user in IAM, Amazon doesn’t provide a convenient certificate generator which it does allow for the root user.  If you want to create these type of certificates on Windows you will find that it is not easy to get the certificate out of a binary (DER) format.  Many will point you to OpenSSL to do the conversion and that is fantastic however some may not be able to use OpenSSL.

I am going to lay out some steps that will help you quickly create an X.509 certificate and private key using the Windows SDK makecert.exe utility and Powershell.

First download the Windows SDK.  When installing, only the Tools option is necessary.  Usually the SDK installs to C:\Program Files\Windows SDK\version\bin.  I would suggest that you modify your path to include the SDK bin directory if you are going to make a lot of these certificates.  These instructions assume that makecert is in your path.

Makecert has a number of functions, but the feature we are interested in is its ability to generate self signed certificates with a straightforward command.  All certificates output are in a DER binary format so they are currently unsuitable for AWS consumption.  We will use powershell to convert from a binary object to a Base-64 string.  Note that makecert normally creates a single file containing both the private key and the public key.  Since we want these elements in separate files, we use the -sv toggle which saves the private key to a .pvk file.  One last gotcha to note is that the tool seems to want you to specify the resulting files with the extensions as show in the help and examples.  If you don’t use the .pvk and .cer extensions it might not output the file.

Assuming that you have the SDK install and can run makecert, here are the steps to get your certificate AWS ready.

Create the self signed certificate and corresponding private key file using makecert:

makecert -sv privatekey.pvk certificate.cer

Next we are going to use powershell and some .NET magic to process the binary files into a text friendly BASE-64 format (PEM).

Process the certificate first:

[byte[]] $x = get-content -encoding byte -path .\certificate.cer

[System.Convert]::ToBase64String($x) > .\cer-ec2creds.PEM

Next Process the private key:

[byte[]] $x = get-content -encoding byte -path .\privatekey.pvk

[System.Convert]::ToBase64String($x) > .\pk-ec2creds.PEM

You can now examine the resulting files in notepad to confirm that they are indeed in a BASE-64 format.

notepad .\cer-ec2creds.PEM

notepad .\pk-ec2creds.PEM

The files should work fine even if they are missing the proper headers and footers.  If you want to include them, they should be as follows.  Remember to add an end line character to the file as well.

For the certificate PEM file:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

For the private key PEM file:

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

I hope this is useful.  Please feel free to comment and share other methods.

Here are some references:

-Joe