Install SSL Certification

1> Create Private Key
openssl genrsa -des3 -out server.key 2048
(make a note, the 1024 is no longer be used)

2> Create CSR (Certification Signing Request)
openssl req -new -key server.key -out server.csr

3> Remove the passphase
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

4> Request the SSL certification

5> Receive the SSL certification

6> Modify the mod_SSL to point the SSL private key, Intermdiate, and Certificate

7> Restart the apache

example of san.cnf

 [root@wordpressord tls]# cat san.cnf
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt = no
[ req_distinguished_name ]
countryName                 = US
stateOrProvinceName         = <STATE>
localityName               = <CITY>
organizationName           = <COMPANY>
commonName                 = <WEB NAME>
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = <NAME 1>

DNS.2   = <NAME 2>

Comments

Post a Comment

Popular posts from this blog

VIOS TIPs

HMC image locates: /extra/viosimages/2.2.3.4 To install VIO server from HMC: installios To erase the previous setting: installios -u hscroot@P7504HMC:~> cat /etc/nimol.conf # nimol.conf file NIMOL_SERVER 9.22.217.30 ORIGINAL_FILES_DIR /var/tmp/nimol_original RPCBIND_STARTED yes NFS_STARTED yes REMOTE_ACCESS_METHOD /usr/bin/rsh NIMOL_TFTPBOOT /tftpboot TFTP_ENABLED yes REMOTE_SYSLOG_ENABLED yes HMC_SYSLOG_CONF_MODIFIED yes NIMOL_SYSLOG_FACILITY local2 NIMOL_SUBNET 9.22.217.0 NIMOL_BOOTREPLYD yes LABEL default1 /extra/default1 processing hscroot@P7504HMC:~>  installios -F -e -R default1 Logging session output to /tmp/installios.24173.log. nimol_config WARNING: error from command /bin/awk nimol_config MESSAGE: Executed /usr/sbin/exportfs -ua. nimol_config MESSAGE: Executed /usr/sbin/exportfs -a. nimol_config MESSAGE: Removed /tftpboot/default1.chrp.mp.ent. nimol_config MESSAGE: Removed /extra/default1. nimol_config MESSAGE: Removed "LABEL def...
Read more

Configure Solaris 10 LDOM on Solaris 11.4

root@comglv1:~# ldm add-memory 16G htcsun1 root@comglv1: # zfs destroy zones cannot destroy 'zones': operation does not apply to pools use 'zfs destroy -r zones' to destroy all datasets in the pool use 'zpool destroy zones' to destroy the pool itself root@comglv1: # zfs destroy -r zones root@comglv1: # zpool create LDOM mirror c0t5000CCA03C0E89D8d0s0 c0t5000CCA03C2F3BB4d0s0 root@comglv1: # zfs create LDOM/htcsun1 root@comglv1: # zfs create -V 150g LDOM/htcsun1/disk0 root@comglv1: # ldm rm-vdisk vdisk0 htcsun1 root@comglv1: # ldm rm-vdsdev htcsun1-vd0@primary-vds0 root@comglv1: # ldm rm-vdsdev  vol0@primary-vds0 root@comglv1: # ldm rm-vdsdev iso@primary-vds0 root@comglv1: # add-vdsdev options=ro sol-10-u11-ga-sparc-dvd.iso htcsun1-iso@primary-vds0 root@comglv1: # ldm add-vdsdev /dev/zvol/dsk/LDOM/htcsun1/disk0 htcsun1-vd0@primary-vds0 root@comglv1: # ldm add-vdisk vdisk0 htcsun1-vd0@primary-vds0 htcsun1...
Read more

HA in Linux is pretty easy

NOTICE: -- Very important: Please do NOT FAT FINGER. Check your IP address/hostname correct first before configuring PCS. If any service(s) do(es) not startup correctly, please check the service log under /var/log/cluster or /var/log/pcsd. systemctl -xe does not help at all 1> Install PCS  yum isntall pcs -y 2>  Configure PCS. Please run the following commands on ALL nodes: systemctl start pcsd systemctl enable pcsd passwd hacluster 3> Configure PCS, Run he following commands on ONE node: pcs cluster auth <NODE-1> <NODE-2> <...> pcs cluster setup --name <CLUSTER_NAME> <NODE-1> <NODE-2> <...> pcs cluster start --all pcs cluster enable --all pcs resource create virtual_ip ocf:heartbeat:IPaddr2 ip=<IP_ADDR> cidr_netmask=32 op monitor interval=30s pcs resource create <APPLICATION_MON> ocf:heartbeat:nginx configfile=/etc/nginx/nginx.conf op monitor timeout="5s" interval="5s"  ...
Read more