Apache SSL TLS Certificate Creation Script
Overview
Brief notes on how to create an Apache OpenSSL certificate using a bash script under Debian 10. A website that is not encrypted can become a threat to visitors, and often many providers block websites that are not SSL/TLS enabled. The audience is experienced Linux administrators.
Definitions
-
* Root CA certificate = the main self-signed certificate from the Root certificate authority that signs all other certificates or intermediate certificates.
* Intermediate CA certificate = a certificate created by an intermediate certificate authority (CA), signed by the Root CA.
* CA Bundle certificate = the merge of Root CA certificate an the Intermadiate CA certificate, valid as a root certificate.
* Certificate = the certificate received and signed by the Intermediate CA certificate.
* Certificate Chain = the end certificate, along with the CA Bundle certificate.
* The intermediate method has more security, so that intrusion of one intermediate certificate authority does not affect the entire root.
The Script
The OpenSSL script below is simple; the variables need to be modified inside. It creates the following (4) four files:
-
* Raw private key.
* RSA private key.
* CSR, certificate signing request.
* Self-signed certificate, for testing.
Creating the private key in at least two formats seems like a good idea. Always keep private keys truly private and secure.
Tiny Core Linux Customization
Overview
Brief notes for the Tiny Core Linux rescue Kernel; customized and minimized to a 25MB; containing many useful administrative utilities; very useful for rescue, offline cold backups, restores, troubleshooting boot problems, disaster recovery. It can launch from a local Linux boot loader, an external USB hard disk, or a USB stick, or a virtual/physical CDROM ISO. The distro is very well maintained with the latest kernels. The Tiny Core Linux Team did a great job with this mini distro and the Linux community celebrates their work.
Main site: http://tinycorelinux.net/
The utilities that I most used: LVM, mount, sshd, rsync, scp, netcat, netstat, tar, chroot.
Download
http://tinycorelinux … yCorePure64-11.0.iso [28MB]
GRUB2 Boot
Add to an existing GRUB2 system, to enable rescue boot from a regular local hard disk. Copy the Tiny Core kernel and ramdisk:
# mount -o loop TinyCorePure64-11.0.iso /mnt # mkdir -p /boot/tce/optional # cp /mnt/boot/vmlinuz64 /boot/tcvmlinuz64 # cp /mnt/boot/corepure64.gz /boot/tccorepure64.gz # cp -r /mnt/boot/cde/* /boot/tce/ # chmod 0444 /boot/tcvmlinuz64 # chmod 0444 tccorepure64.gz # chmod 0750 /boot/tce
Add the GRUB2 entry:
# cat /etc/grub.d/40_custom
menuentry "Tiny Core 11.1 Rescue" {
linux /tcvmlinuz64 noswap nozswap nohdcp superuser vga=791 tz=GM-5 host=foo
initrd /tccorepure64.gz
}
Rebuild the GRUB2 configuration, then test it:
# grub2-mkconfig -o /boot/grub2/grub.cfg # reboot