Create Certificate Signing Request with Multiple Subject Alternative Names

by Ramses Soto-Navarro ramses@sotosystems.com, 2/8/2022

Overview
Create CNF
Create CSR
Verify CSR


Overview

Brief on how to create a certificate request with multiple subject alternative name.

Create CNF

Create an OpenSSL configuration file:

# mkdir /etc/ssl/mycerts && cd /etc/ssl/mycerts

# vi example.com.cnf
[ req ]
default_bits        = 2048
distinguished_name  = req_distinguished_name
req_extensions      = v3_req
distinguished_name  = req_distinguished_name
prompt              = no
output_password     = mypass

[ req_distinguished_name ]
countryName		= US
stateOrProvinceName	= Florida
localityName		= Example County
organizationName	= Example Corporation
organizationalUnitName  = IT Department
commonName		= example.com
emailAddress		= admin@example.com

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage         = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth,serverAuth
subjectAltName   = @alt_names

[alt_names]
DNS.1   = *.example.com
DNS.2   = example.com

Create CSR

Create the certificate signing request:

# openssl req -out example.com.csr -newkey rsa:2048 -nodes -keyout example.com.priv.key -config example.com.cnf

Verify CSR

Verify that the CSR has the correct subject alternative names:

# openssl req -noout -text -in example.com.csr | grep DNS


The End.

Squashfs Backup Demo

by Ramses Soto-Navarro ramses@sotosystems.com, 2/1/2022


Overview
Mount squashfs file
Interactive shell
Release session
Prepare Server for Backup
SSHFS remote mount
Squash Backup


Overview

What is squashfs:

  • Squashfs is an archiver like tar.
  • Archives data onto backup file.
  • Allows quick read access of file backups.
  • High compression.
  • Can be mounted.
  • Can be appended.
  • Random seek, rather than linear.
  • Very quick access.
  • Used in embedded systems, cellphones, routers, livecd.
  • 7-zip supports squashfs.

The squashfs mount enables us to:

  • Archive the entire old server in a compressed file.
  • Mount the squashfs file and easily review files and directories.
  • Copy files from the old servers.
  • Run an interactive shell session of the old server.
  • Append more files to the backup file as needed.

Audience is experienced Linux administrators.

[Read more…]

Apache Compile Stand-alone

by Ramses Soto-Navarro ramses@sotosystems.com, 2/1/2022


Overview
Download Source
Disable Apache
Restore OS OpenSSL
Compile OpenSSL Stand-alone
Compile APR and APR-Util
Compile Apache Stand-alone
Compile Tomcat Connectors
Configure Apache
Configure Apache Startup Scripts
Test New Apache Startup
Test Commands
Server Status and Info Page
Rename Old Apache Binaries
Systems Affected by OpenSSL


Overview

Brief notes about compiling Apache and Openssl stand-alone on /usr/local/, on SUSE 15 SP3. Previously Apache was installed on top of the binaries installed by the SUSE packages. However, that method disabled the possibility of using the newest OpenSSL libraries; because updating OpenSSL would break other system utilities. Hence, compiling stand-alone in /usr/local/. The audience is experienced Linux administrators.

[Read more…]

Apache Compile

by Ramses Soto-Navarro ramses@sotosystems.com, 10/5/2021


Overview
Dependencies
Firewall
Download and Extract
OpenSSL Compile
Revert OpenSSL
Apache Compile
Tomcat Connectors
Apache Modules
Apache Startup Scripts
Apache Enable
Apache Verify

Overview

Brief notes about installing the latest compile of Apache and OpenSSL. This compile was done on SUSE 15 SP3. Audience is experienced Linux SysAdmins.

[Read more…]

SuSE 15 SP3 BMR Restore and Disaster Recovery

by Ramses Soto-Navarro ramses@sotosystems.com, 8/16/2021


Overview
Rescue Boot
Rescue Network
Backup Rsync
Backup Squashfs
Recovery Format


Overview

Brief bulletpoints on BMR backup restore and disaster recovery for SuSE 15 SP3. The procedure is the same for the previous release SuSE 12 SP5. Audience is experienced Linux systems administrators.

[Read more…]