Create Certificate Signing Request with Multiple Subject Alternative Names

by Ramses Soto-Navarro, 2/8/2022

Create CNF
Create CSR
Verify CSR


Brief on how to create a certificate request with multiple subject alternative name.

Create CNF

Create an OpenSSL configuration file:

# mkdir /etc/ssl/mycerts && cd /etc/ssl/mycerts

# vi
[ req ]
default_bits        = 2048
distinguished_name  = req_distinguished_name
req_extensions      = v3_req
distinguished_name  = req_distinguished_name
prompt              = no
output_password     = mypass

[ req_distinguished_name ]
countryName		= US
stateOrProvinceName	= Florida
localityName		= Example County
organizationName	= Example Corporation
organizationalUnitName  = IT Department
commonName		=
emailAddress		=

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage         = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth,serverAuth
subjectAltName   = @alt_names

DNS.1   = *
DNS.2   =

Create CSR

Create the certificate signing request:

# openssl req -out -newkey rsa:2048 -nodes -keyout -config

Verify CSR

Verify that the CSR has the correct subject alternative names:

# openssl req -noout -text -in | grep DNS

The End.

Squashfs Backup Demo

by Ramses Soto-Navarro, 2/1/2022

Mount squashfs file
Interactive shell
Release session
Prepare Server for Backup
SSHFS remote mount
Squash Backup


What is squashfs:

  • Squashfs is an archiver like tar.
  • Archives data onto backup file.
  • Allows quick read access of file backups.
  • High compression.
  • Can be mounted.
  • Can be appended.
  • Random seek, rather than linear.
  • Very quick access.
  • Used in embedded systems, cellphones, routers, livecd.
  • 7-zip supports squashfs.

The squashfs mount enables us to:

  • Archive the entire old server in a compressed file.
  • Mount the squashfs file and easily review files and directories.
  • Copy files from the old servers.
  • Run an interactive shell session of the old server.
  • Append more files to the backup file as needed.

Audience is experienced Linux administrators.

[Read more…]

Apache Compile Stand-alone

by Ramses Soto-Navarro, 2/1/2022

Download Source
Disable Apache
Restore OS OpenSSL
Compile OpenSSL Stand-alone
Compile APR and APR-Util
Compile Apache Stand-alone
Compile Tomcat Connectors
Configure Apache
Configure Apache Startup Scripts
Test New Apache Startup
Test Commands
Server Status and Info Page
Rename Old Apache Binaries
Systems Affected by OpenSSL


Brief notes about compiling Apache and Openssl stand-alone on /usr/local/, on SUSE 15 SP3. Previously Apache was installed on top of the binaries installed by the SUSE packages. However, that method disabled the possibility of using the newest OpenSSL libraries; because updating OpenSSL would break other system utilities. Hence, compiling stand-alone in /usr/local/. The audience is experienced Linux administrators.

[Read more…]

Apache Compile

by Ramses Soto-Navarro, 10/5/2021

Download and Extract
OpenSSL Compile
Revert OpenSSL
Apache Compile
Tomcat Connectors
Apache Modules
Apache Startup Scripts
Apache Enable
Apache Verify


Brief notes about installing the latest compile of Apache and OpenSSL. This compile was done on SUSE 15 SP3. Audience is experienced Linux SysAdmins.

[Read more…]

SuSE 15 SP3 BMR Restore and Disaster Recovery

by Ramses Soto-Navarro, 8/16/2021

Rescue Boot
Rescue Network
Backup Rsync
Backup Squashfs
Recovery Format


Brief bulletpoints on BMR backup restore and disaster recovery for SuSE 15 SP3. The procedure is the same for the previous release SuSE 12 SP5. Audience is experienced Linux systems administrators.

[Read more…]