The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,953 other followers

Archive for the ‘CertUtil’ Category

Chocolatey: installing Oracle SQL Developer and updating the chocolatey package

Posted by jpluimers on 2021/05/13

Sometimes an install is not just as simple as C:\>choco install --yes oracle-sql-developer.

Edit 20210514:

Note that most of the below pain will be moot in the future as per [] Jeff Smith 🍻 on Twitter: “we’re working on removing the SSO requirement, it’s already done for @oraclesqlcl – see here … “ referring to [Wayback] SQLcl now under the Oracle Free Use Terms and Conditions license | Oracle Database Insider Blog

SQLcl, the modern command-line interface for the Oracle Database, can now be downloaded directly from the web without any click-through license agreement.

It means the Oracle acount restriction will be lifted, and downloads will be a lot simpler.

I started with the below failing command, tried a lot of things, then finally almost gave up: Oracle stuff does not want to be automated, which means I should try to less of their stuff.

First of all you need an Oracle account (I dislike companies doing that for free product installs; I’m looking at Embarcadero too) by going to

[WayBack] Chocolatey Gallery | Oracle SQL Developer 18.4.0 (also:


  • This version supports both 32bit and 64bit and subsequently does not have a JDK bundled with it. It has a
    dependency on the jdk8 package to meet the application’s JDK requirement.
  • An Oracle account is required to download this package. See the “Package Parameters” section below for
    details on how to provide your Oracle credentials to the installer. If you don’t have an existing account, you can
    create one for free here:

Package Parameters

The following package parameters are required:

/Username: – Oracle username
/Password: – Oracle password

(e.g. choco install oracle-sql-developer --params "'/Username:MyUsername /Password:MyPassword'")

To have choco remember parameters on upgrade, be sure to set choco feature enable -n=useRememberedArgumentsForUpgrades.

Then the installation failed fail again: ERROR: The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.


The reason is that the package uses Invoke-WebRequest which requires Internet Explorer and PowerShell 3. Chocolatey packages however need to be able to run on just PowerShell 2 without Invoke-WebRequest.

Maybe using cURL can remedy that; adding a dependency to is is possible, as cURL can be installed via chocolatey: [WayBack] How to Install cURL on Windows – I Don’t Know, Read The Manual. Another alternative might be [WayBack] Replace Invoke-RestMethod in PowerShell 2.0 to use [WayBack] WebRequest Class (System.Net) | Microsoft Docs.

Read the rest of this entry »

Posted in CertUtil, Chocolatey, CommandLine, Database Development, Development, DVCS - Distributed Version Control, git, Hashing, OracleDB, Power User, PowerShell, Security, SHA, SHA-1, Software Development, Source Code Management, Windows, XML, XML/XSD | Leave a Comment »

“error: invalid object 100644” “git svn”

Posted by jpluimers on 2020/07/14

A while back, while using “git svn”, on a Windows system, I got [“error: invalid object 100644” “git svn” – Google Search after statements like this:

# git svn rebase
error: refs/remotes/git-svn does not point to a valid object!
error: invalid object 100644 ac7df132f5bd7d639fc525f1f0204a546658d0c5 for 'Source/ToDoList/GX_ToDo.pas'
fatal: git-write-tree: error building trees
write-tree: command returned error: 128

# git svn fetch
error: refs/remotes/git-svn does not point to a valid object!
error: invalid object 100644 ac7df132f5bd7d639fc525f1f0204a546658d0c5 for 'Source/ToDoList/GX_ToDo.pas'
fatal: git-write-tree: error building trees
write-tree: command returned error: 128

In my case, regular git operations (like branching, committing, pushing, etc) worked fine, but git svn would fail.

One problem was that [“error: refs/remotes/git-svn does not point to a valid object” – Google Search only returned one un-meaningful result: [WayBack] gist:87613 · GitHub.

Luckily, I had a backup (though it was from a while ago as that VM had not been in use for quite some time) which is the first part in [WayBack] Git FAQ – Git SCM Wiki: How to fix a broken repo?.

Since I was still interested finding out how to resurrect, just in case this happens at a time the backups do not go back far enough, I tried the steps below.

The very first fixing step is to ensure you can quickly restore things, or even better: operate on a copy of the broken pieces. On Windows, robocopy /mir is my friend for this, in Linux rsync -avloz (although on some systems, -z crashes).

TL;DR from the fixing steps

Find out what problems you have, and in which order to fix them. Otherwise you will break more stuff and take longer to fix it.

In this case, two things failed: one on the git side, and one on the git svn side. Since git svn depends on git, the best approach is to fix the git problem first, then the git svn thing.

Fixing this manually try 1

Read the rest of this entry »

Posted in CertUtil, Development, DVCS - Distributed Version Control, git, Hashing, md5, Power User, Security, SHA, SHA-1, SHA-256, SHA-512, Software Development, Source Code Management, Subversion/SVN, Windows | Leave a Comment »

security – How do I view the contents of a PFX file on Windows? – Super User

Posted by jpluimers on 2015/07/27

Dumping any kind of certificate file gives you access to more details than the Windows UI usually shows you.

This is especially handy when checking out errors or issues (which can be very difficult to track down).

For binary PFX files, the certutil and openssl commands come in very handy:

Some options to view PFX file details:Open a command prompt and type: certutil -dump Install OpenSSL and use the commands to view the details, such as: openssl pkcs12 -info -in unverified.

OpenSSL is a separate download (from my OpenSSL category of articles, see Some command-line tips for OpenSSL and file format pfx, p12, cer, crt, key, etc. conversion of certificates, keys) to get it.

CertUtil now ships with Windows by default (it wasn’t in the Windows XP era, I’m not sure about Windows Server 2003).

Here is the CertUtil help for dumping certificate information;

Dump certificate file information CertUtil [Options] [-dump] [File] Options: [-f] [-silent] [-split] [-p Password] [-t Timeout]


  • the [-v] option is not listed, but does work; it will give a more verbose dump.
  • [-dump] also works other certificate file extensions like .p7b files.

Here is the OpenSSL help for dumping pkcs12 information:

openssl pkcs12 [-export] [-chain] [-inkey filename] [-certfile filename] [-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver] [-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes] [-noiter] [-maciter | -nomaciter | -nomac] [-twopass] [-descert] [-certpbe cipher] [-keypbe cipher] [-macalg digest] [-keyex] [-keysig] [-password arg] [-passin arg] [-passout arg] [-rand files] [-CAfile file] [-CApath dir] [-CSP name]


The pkcs12 command allows PKCS#12 files sometimes referred to as PFX files to be created and parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook.


There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the -export option see below.


-in filenameThis specifies filename of the PKCS#12 file to be parsed. Standard input is used by default.

-infooutput additional information about the PKCS#12 file structure, algorithms used and iteration counts.

and the OpenSSL help for dumping pkcs7 information:

openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print_certs] [-text] [-noout] [-engine id]


The pkcs7 command processes PKCS#7 files in DER or PEM format.


-inform DER|PEM; This specifies the input format. DER format is DER encoded PKCS#7 v1.5 structure.PEM the default is a base64 encoded version of the DER form with header and footer lines.

-print_certs; prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format.

-text; prints out certificates details in full rather than just subject and issuer names.


  • do not forget the -inform DER option to specify a binary .p7b file.
  • the -text option gives you more verbose information

via OpenSSL: Documents, pkcs71.



Posted in CertUtil, OpenSSL, PKI, Power User, Public Key Cryptography, Security, Windows | Leave a Comment »

%d bloggers like this: