ssl

Lets Encrypt

LetsEncrypt
On CentOS 7, enable the optional channel for the EPEL repository:

yum -y install yum-utils
yum -y install epel-release

Then install certbot:

yum install certbot

Pound as SSL proxy
Edit /usr/local/etc/pound.cfg to redirect Certbot verifications:

Technology:

Read more about Lets Encrypt
Log in to post comments

Pound SSL Proxy

https://secwise.nl/lets-encrypt-certifcates-and-pound-load-balancer/

SSL Encryption
Create a private key to encrypt a site:

mkdir -p ~/.ssl/pound
cd ~/.ssl/pound

Generate an RSA private key for the server:

openssl genrsa -out server.key 2048

Then create the Certificate Signing Request file, or CSR.

Technology:

Read more about Pound SSL Proxy
Log in to post comments

Self-Signed SSL Certificates

A self-signed certificate is an identity certificate that is signed by its own creator, rather than paying a certified third-party to sign it.

Instructions adapted from http://www.tc.umn.edu/~brams006/selfsign.html.

Rather than paying for an SSL certificate from a signing authority, we'll use a self-signed certificate to provide encryption in Apache. The client's web browser will prompt them to whether the certificate should be accepted or not - if that is going to be a problem, then you'll need to get a certificate from a recognized signing authority.

Create a directory, readable only by root to hold our working files:

mkdir ~/cert
chmod 600 ~/cert
cd ~/cert

Technology:

Read more about Self-Signed SSL Certificates
Log in to post comments

Wildcard Certficates

SSL certificates that cover multiple hostnames in the same domain.

http://www.onlamp.com/pub/a/apache/2005/02/17/apacheckbk.html
http://www.cb1inc.com/2008/09/11/virtual-hosts-and-wildcard-ssl-certificates-with-apache-2.2
http://wiki.cacert.org/wiki/VhostTaskForce

Technology:

Read more about Wildcard Certficates
Log in to post comments

SSL with Lighttpd

Use SSL encryption on your Lighttpd webserver.

Lighttpd installation
Lighttpd needs to be configured and compiled with SSL enabled:

./configure --with-openssl
make
make install

After lighty has been installed, you can confirm that it has been compiled with ssl enabled:

lighttpd -v

SSL Configuration

Technology:

Read more about SSL with Lighttpd
Log in to post comments

Secure Drupal login

Make Drupal encrypt your login with SSL.

http://drupal.org/node/53567

Technology:

Read more about Secure Drupal login
Log in to post comments

Port 465

An SSL-encrypted SMTP service so your users can send mail through your server without passing clear-text passwords across the network.

Set up the service directory, download John Simpson's SMTP run script, and set it's permissions:

cd /var/service
mkdir -m 1755 smtp-ssl
cd smtp-ssl
wget http://qmail.jms1.net/scripts/service-qmail-smtpd-run 
mv service-qmail-smtpd-run run
chmod 700 run

Edit /var/service/smtp-ssl/run and set the appropriate options:
IP= PORT=465 SSL=1

Technology:

Read more about Port 465
Log in to post comments

SSL Encryption

Secure communication with your web server by using self-signed SSL certificates.

The typical method of enabling SSL encryption in Apache is to use mod_ssl. A downside of that approach is that SSL does not work with name-based Virtual Hosts (Why can't I use SSL with name-based/non-IP-based virtual hosts?).

Technology:

Read more about SSL Encryption
Log in to post comments

Recent Updates

Apache

2 years 3 months ago
Apache

2 years 3 months ago
lighttpd

2 years 3 months ago

php 8.x
MariaDB

2 years 3 months ago

10.6.7
CentOS

2 years 3 months ago

Drop Centos 5/6 stuff

Recent Links

SquidGuard

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
NCurses Disk Usage

A disk usage analyzer with an ncurses interface, aimed to be run on a remote server where you don't have an entire gaphical setup, but have to do with a simple SSH connection. ncdu aims to be fast, simple and easy to use, and should be able to run in any minimal POSIX-like environment with ncurses installed.
WPKG

WPKG is an automated software deployment, upgrade and removal program for Windows.

It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server (for example, Samba or Active Directory) to a number of workstations.

It can run as a service to install software in the background (silent install), without user interaction.

It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation.

WPKG is open source software.
opsi

opsi (Open PC Server Integration) the Open Source client management system
Vagrant

Vagrant is a tool for building complete development environments. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases development/production parity, and makes the "works on my machine" excuse a relic of the past.

Main menu

You are here

ssl

Technology:

Technology:

Technology:

Technology:

Technology:

Technology:

Technology:

Technology:

Recent Updates

Recent Links