Create Certificate Signing Request with Multiple Subject Alternative Names
by Ramses Soto-Navarro ramses@sotosystems.com, 2/8/2022
Overview
Create CNF
Create CSR
Verify CSR
Overview
Brief on how to create a certificate request with multiple subject alternative name.
Create CNF
Create an OpenSSL configuration file:
# mkdir /etc/ssl/mycerts && cd /etc/ssl/mycerts # vi example.com.cnf [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_req distinguished_name = req_distinguished_name prompt = no output_password = mypass [ req_distinguished_name ] countryName = US stateOrProvinceName = Florida localityName = Example County organizationName = Example Corporation organizationalUnitName = IT Department commonName = example.com emailAddress = admin@example.com [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth,serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = *.example.com DNS.2 = example.com
Create CSR
Create the certificate signing request:
# openssl req -out example.com.csr -newkey rsa:2048 -nodes -keyout example.com.priv.key -config example.com.cnf
Verify CSR
Verify that the CSR has the correct subject alternative names:
# openssl req -noout -text -in example.com.csr | grep DNS
The End.
Squashfs Backup Demo
by Ramses Soto-Navarro ramses@sotosystems.com, 2/1/2022
Overview
Mount squashfs file
Interactive shell
Release session
Prepare Server for Backup
SSHFS remote mount
Squash Backup
Overview
What is squashfs:
- Squashfs is an archiver like tar.
- Archives data onto backup file.
- Allows quick read access of file backups.
- High compression.
- Can be mounted.
- Can be appended.
- Random seek, rather than linear.
- Very quick access.
- Used in embedded systems, cellphones, routers, livecd.
- 7-zip supports squashfs.
The squashfs mount enables us to:
- Archive the entire old server in a compressed file.
- Mount the squashfs file and easily review files and directories.
- Copy files from the old servers.
- Run an interactive shell session of the old server.
- Append more files to the backup file as needed.
Audience is experienced Linux administrators.
Apache Compile Stand-alone
by Ramses Soto-Navarro ramses@sotosystems.com, 2/1/2022
Overview
Download Source
Disable Apache
Restore OS OpenSSL
Compile OpenSSL Stand-alone
Compile APR and APR-Util
Compile Apache Stand-alone
Compile Tomcat Connectors
Configure Apache
Configure Apache Startup Scripts
Test New Apache Startup
Test Commands
Server Status and Info Page
Rename Old Apache Binaries
Systems Affected by OpenSSL
Overview
Brief notes about compiling Apache and Openssl stand-alone on /usr/local/, on SUSE 15 SP3. Previously Apache was installed on top of the binaries installed by the SUSE packages. However, that method disabled the possibility of using the newest OpenSSL libraries; because updating OpenSSL would break other system utilities. Hence, compiling stand-alone in /usr/local/. The audience is experienced Linux administrators.
Apache Compile
by Ramses Soto-Navarro ramses@sotosystems.com, 10/5/2021
Overview
Dependencies
Firewall
Download and Extract
OpenSSL Compile
Revert OpenSSL
Apache Compile
Tomcat Connectors
Apache Modules
Apache Startup Scripts
Apache Enable
Apache Verify
Overview
Brief notes about installing the latest compile of Apache and OpenSSL. This compile was done on SUSE 15 SP3. Audience is experienced Linux SysAdmins.
SuSE 15 SP3 BMR Restore and Disaster Recovery
by Ramses Soto-Navarro ramses@sotosystems.com, 8/16/2021
Overview
Rescue Boot
Rescue Network
Backup Rsync
Backup Squashfs
Recovery Format
Overview
Brief bulletpoints on BMR backup restore and disaster recovery for SuSE 15 SP3. The procedure is the same for the previous release SuSE 12 SP5. Audience is experienced Linux systems administrators.