Enable iglx on Mac OS (XQuartz) or Linux for JavaFX Applications








When executing a Java FX application on a remote SSH server by forwarding display to local X11(XQuartz), I got this error:

libGL error: No matching fbConfigs or visuals found
libGL error: failed to load driver: swrast
X Error of failed request:  BadValue (integer parameter out of range for operation)
  Major opcode of failed request:  149 (GLX)
  Minor opcode of failed request:  24 (X_GLXCreateNewContext)
  Value in failed request:  0x0
  Serial number of failed request:  25
  Current serial number in output stream:  26

searched and found this solution: https://github.com/ControlSystemStudio/cs-studio/issues/1828


Solution:

  • On Mac OS(XQuartz), execute the command below in Terminal:
    defaults write org.macosforge.xquartz.X11 enable_iglx -bool true
    and restart X11(XQuartz)
  • On Linux, try this


see also




Install SSL certificate on Mediaflux server








  1. Generate certificate request and private key. (The private key can be reused to generate new requests for renewing the certificate.)
    • Create a request configuration file named your-domain-name.csr.conf like below:
      [req]
      prompt=no
      default_bits=2048
      encrypt_key=no
      default_md=sha1
      distinguished_name=dn
      # PrintableStrings only
      string_mask=MASK:0002
      x509_extensions=x509_ext
      req_extensions=req_ext
      [dn]
      C=AU
      ST=Your State
      L=Your City
      O=Your Organization
      OU=Your Organisation Unit
      CN=mediaflux.your-domain.org
      [x509_ext]
      subjectAltName=DNS:name1.your-domain.org.au,URI:https://mediaflux.your-domain.org.au/1234/shibboleth,DNS:name2.your-domain.org.au,URI:https://daris.your-domain.org.au/1234/shibboleth
      subjectKeyIdentifier=hash
      [req_ext]
      subjectAltName=DNS:name1.your-domain.org.au,DNS:name2.your-domain.org.au
      
    • Generate certificate request using the command below:
      openssl req -config your-domain-name.csr.conf -new -days 3650 -keyout your-domain-name.key -out your-domain-name.csr
      
      You should now have the generated private key file: your-domain-name.key and request file: your-domain-name.csr. Keep the private key file in safe for future certificate renewal requests.
  2. Submit the generated your-domain-name.csr file to be signed by CA (You only need to sumit the csr file.) And you should get CA signed certificate: your-domain-name.crt
  3. Install the CA signed certificate:
    • Convert private key to .p8 format:
      openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in your-domain-name.key -out your-domain-name.key.p8
      You only need to do this once and keep the your-domain-name.key.p8 file together with your-domain-name.key for future certificate installations.
    • Install the CA signed certificate using the command below in Aterm:
      server.certificate.identity.import :in file:/path/to/your-domain-name.key.p8 :in file:/path/to/your-domain-name.crt :replacement true
      
      It should return the imported certificate identity entry. Remember the id of the identity to be used in the next step.
    • Set default certificate alias the the newly installed certificate identity (assume its id is 2):
      server.property.set :property -name server.default.certificate.alias 2



openssl commands to check certificate, request and private key








  • Check a certificate: Check a certificate and return information about it (signing authority, expiration date, etc.):
    openssl x509 -text -noout -in server.crt
  • Check a key: Check the SSL key and verify the consistency:
    openssl rsa -check -in server.key
  • Check a CSR: Verify the CSR and print CSR data filled in when generating the CSR:
    openssl req -text -noout -verify -in server.csr
  • Verify a certificate and key matches: These two commands print out md5 checksums of the certificate and key; the checksums can be compared to verify that the certificate and key match.
    openssl x509 -noout -modulus -in server.crt | openssl md5
    openssl rsa -noout -modulus -in server.key | openssl md5