Apache SSL TLS Certificate Creation Script


Brief notes on how to create an Apache OpenSSL certificate using a bash script under Debian 10. A website that is not encrypted can become a threat to visitors, and often many providers block websites that are not SSL/TLS enabled. The audience is experienced Linux administrators.


    * Root CA certificate = the main self-signed certificate from the Root certificate authority that signs all other certificates or intermediate certificates.
    * Intermediate CA certificate = a certificate created by an intermediate certificate authority (CA), signed by the Root CA.
    * CA Bundle certificate = the merge of Root CA certificate an the Intermadiate CA certificate, valid as a root certificate.
    * Certificate = the certificate received and signed by the Intermediate CA certificate.
    * Certificate Chain = the end certificate, along with the CA Bundle certificate.
    * The intermediate method has more security, so that intrusion of one intermediate certificate authority does not affect the entire root.

The Script

The OpenSSL script below is simple; the variables need to be modified inside. It creates the following (4) four files:

    * Raw private key.
    * RSA private key.
    * CSR, certificate signing request.
    * Self-signed certificate, for testing.

Creating the private key in at least two formats seems like a good idea. Always keep private keys truly private and secure.

[Read more…]

Tiny Core Linux Customization


Brief notes for the Tiny Core Linux rescue Kernel; customized and minimized to a 25MB; containing many useful administrative utilities; very useful for rescue, offline cold backups, restores, troubleshooting boot problems, disaster recovery. It can launch from a local Linux boot loader, an external USB hard disk, or a USB stick, or a virtual/physical CDROM ISO. The distro is very well maintained with the latest kernels. The Tiny Core Linux Team did a great job with this mini distro and the Linux community celebrates their work.

Main site: http://tinycorelinux.net/

The utilities that I most used: LVM, mount, sshd, rsync, scp, netcat, netstat, tar, chroot.


http://tinycorelinux … yCorePure64-11.0.iso [28MB]

GRUB2 Boot

Add to an existing GRUB2 system, to enable rescue boot from a regular local hard disk. Copy the Tiny Core kernel and ramdisk:

# mount -o loop TinyCorePure64-11.0.iso /mnt
# mkdir -p /boot/tce/optional
# cp /mnt/boot/vmlinuz64 /boot/tcvmlinuz64
# cp /mnt/boot/corepure64.gz /boot/tccorepure64.gz
# cp -r /mnt/boot/cde/* /boot/tce/
# chmod 0444 /boot/tcvmlinuz64
# chmod 0444 tccorepure64.gz
# chmod 0750 /boot/tce

Add the GRUB2 entry:

# cat /etc/grub.d/40_custom
menuentry "Tiny Core 11.1 Rescue" {
linux /tcvmlinuz64 noswap nozswap nohdcp superuser vga=791 tz=GM-5 host=foo
initrd /tccorepure64.gz

Rebuild the GRUB2 configuration, then test it:

# grub2-mkconfig -o /boot/grub2/grub.cfg

# reboot

[Read more…]