This article will guide you through generating and signing a CSR and at the same time including SubjectAltName within the request. There is a requirement within all latest browsers that the website cert needs to have a SAN otherwise it complains of error with the certificate.
Let’s start with generating a certificate request. Run this one liner command which includes SubjectAltName
This article will guide you through Enabling https on WebPasswordSafe v1.3. The assumption is that you already have a 100% working WebPasswordsafe setup in-place. If you don’t, then you can follow this article for Setup of WebPasswordSafe on CentOS7/RHEL7.
The Prerequisites are as follows.
Apache and mod_ssl 2.4.6 or higher
This article will guide you on installing/setup of WebPasswordsafe v1.3 (WPS) on CentOS7/RHEL7. This is a Password safe vault/manager which has got many enterprise feature which includes but not limited to authentication via RSA token and also very good auditing facilities which includes the below and many more access control features.
This article will guide through installing MariaDB server and its configuration on CentOS7/RHEL7. The assumption for this article is that you are using a clean build of CentOS7. Let’s start with setting up the repo for MariaDB.
Go ahead and setup MariaDB repo for the download.
When dealing with signed certs the usual practise is to validate it with the private key. This command will allow you to verify the signed cert matches the private key generated during CSR (Certficate Signing Request) request. Run the below command and make sure the stdin outpot string is same for both.
# openssl x509 -noout -modulus -in signed_cert.crt | openssl md5 && openssl rsa -noout -modulus -in private_ca_server_key.key | openssl md5
This article will show you how to generate a CSR request and get it signed on a linux CA (CentOS/Red Hat). Follow this link if you have not already installed and configured CA server. We can run the below command to generate the CSR (Certificate Signing Request).
# mkdir /tmp/certs
# openssl req -new -nodes -sha256 -out certificate_request.csr -newkey rsa:2048 -keyout /tmp/certs/certificate_key.key -extensions v3_req
Setting up a Linux CA server is quick and easy and is a direct replacement for Microsoft CA. This article applies to both CentOS/Red Hat 6.x and 7.x versions. Let’s start with installing the required packages for the CA server setup.
First need to install openssl.
# yum -y install openssl
SED is a very powerful utility which allows find and replace/insert text functionality. It should be used with Caution and is recommended to use dry-run before committing the changes. Below are the various commands for text manipulation.
Note:
\n = for newline
\t = for TAB space
Dry run = just remove ‘-i‘ form the below command
Find the pattern and Insert text AFTER
# sed -i 's/.*search 1st Line.*/&\nInsert 2nd line/' file1There are instances wherein you want to generate random passwords for setting up MySQL/User credentials or use for kickstarts. There is a very simple random password generator in-built into Red Hat/CentOS. Just run the below command.
# cat /dev/urandom | tr -dc ‘a-zA-Z0-9’ | fold -w 24 | head -n24 | head -n1
When you come across this error “LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer” enrolling a client to FreeIPA/IDM server, it means that the existing certificate does not match the one on the IDM server and can be fixed quite easily with just one command. The scenario in which this can happen is that you might have had the client enrolled to a different IDM server previously and the old cert is still lying around.