Create Certificate Signing Request with Multiple Subject Alternative Names

by Ramses Soto-Navarro, 2/8/2022

Create CNF
Create CSR
Verify CSR


Brief on how to create a certificate request with multiple subject alternative name.

Create CNF

Create an OpenSSL configuration file:

# mkdir /etc/ssl/mycerts && cd /etc/ssl/mycerts

# vi
[ req ]
default_bits        = 2048
distinguished_name  = req_distinguished_name
req_extensions      = v3_req
distinguished_name  = req_distinguished_name
prompt              = no
output_password     = mypass

[ req_distinguished_name ]
countryName		= US
stateOrProvinceName	= Florida
localityName		= Example County
organizationName	= Example Corporation
organizationalUnitName  = IT Department
commonName		=
emailAddress		=

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage         = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth,serverAuth
subjectAltName   = @alt_names

DNS.1   = *
DNS.2   =

Create CSR

Create the certificate signing request:

# openssl req -out -newkey rsa:2048 -nodes -keyout -config

Verify CSR

Verify that the CSR has the correct subject alternative names:

# openssl req -noout -text -in | grep DNS

The End.

Squashfs Backup Demo

by Ramses Soto-Navarro, 2/1/2022

Mount squashfs file
Interactive shell
Release session
Prepare Server for Backup
SSHFS remote mount
Squash Backup


What is squashfs:

  • Squashfs is an archiver like tar.
  • Archives data onto backup file.
  • Allows quick read access of file backups.
  • High compression.
  • Can be mounted.
  • Can be appended.
  • Random seek, rather than linear.
  • Very quick access.
  • Used in embedded systems, cellphones, routers, livecd.
  • 7-zip supports squashfs.

The squashfs mount enables us to:

  • Archive the entire old server in a compressed file.
  • Mount the squashfs file and easily review files and directories.
  • Copy files from the old servers.
  • Run an interactive shell session of the old server.
  • Append more files to the backup file as needed.

Audience is experienced Linux administrators.

[Read more…]

Apache Compile Stand-alone

by Ramses Soto-Navarro, 2/1/2022

Download Source
Disable Apache
Restore OS OpenSSL
Compile OpenSSL Stand-alone
Compile APR and APR-Util
Compile Apache Stand-alone
Compile Tomcat Connectors
Configure Apache
Configure Apache Startup Scripts
Test New Apache Startup
Test Commands
Server Status and Info Page
Rename Old Apache Binaries
Systems Affected by OpenSSL


Brief notes about compiling Apache and Openssl stand-alone on /usr/local/, on SUSE 15 SP3. Previously Apache was installed on top of the binaries installed by the SUSE packages. However, that method disabled the possibility of using the newest OpenSSL libraries; because updating OpenSSL would break other system utilities. Hence, compiling stand-alone in /usr/local/. The audience is experienced Linux administrators.

[Read more…]