Categories
Red Hat Enterprise Linux / CentOS

Generate/sign CSR with subject Alternative Name (SAN) – CentOS7/RHEL7

This article will guide you through generating and signing a CSR and at the same time including SubjectAltName within the request. There is a requirement within all latest browsers that the website cert needs to have a SAN otherwise it complains of error with the certificate.

Let’s start with generating a certificate request. Run this one liner command which includes SubjectAltName

Categories
Red Hat Enterprise Linux / CentOS

Enable https on WebPasswordSafe (WPS) on CentOS7/RHEL7

This article will guide you through Enabling https on WebPasswordSafe v1.3. The assumption is that you already have a 100% working WebPasswordsafe setup in-place. If you don’t, then you can follow this article for Setup of WebPasswordSafe on CentOS7/RHEL7.

The Prerequisites are as follows.

Apache and mod_ssl 2.4.6 or higher

Categories
Red Hat Enterprise Linux / CentOS

Setup/Install WebPasswordsafe (WPS) on CentOS7/RHEL7

This article will guide you on installing/setup of WebPasswordsafe v1.3 (WPS) on CentOS7/RHEL7.  This is a Password safe vault/manager which has got many enterprise feature which includes but not limited to authentication via RSA token and also very good auditing facilities which includes the below and many more access control features.

  • Users/Groups Reports
  • Password Access/Expiration/Permissions Reports
  • Current Passwords Export
Categories
Red Hat Enterprise Linux / CentOS

Setup MariaDB on CentOS7/RHEL7

This article will guide through installing MariaDB server and its configuration on CentOS7/RHEL7. The assumption for this article is that you are using a clean build of CentOS7. Let’s start with setting up the repo for MariaDB.

Go ahead and setup MariaDB repo for the download.

Categories
Red Hat Enterprise Linux / CentOS

Verify/validate signed cert with private key – CentOS/RHEL 6.x/7.x

When dealing with signed certs the usual practise is to validate it with the private key. This command will allow you to verify the signed cert matches the private key generated during CSR (Certficate Signing Request) request. Run the below command and make sure the stdin outpot string is same for both.

# openssl x509 -noout -modulus -in signed_cert.crt | openssl md5 && openssl rsa -noout -modulus -in private_ca_server_key.key | openssl md5

Categories
Red Hat Enterprise Linux / CentOS

Generate CSR and sign using Linux CA – CentOS/Red Hat 6.x/7.x

This article will show you how to generate a CSR request and get it signed on a linux CA (CentOS/Red Hat). Follow this link if you have not already installed and configured CA server. We can run the below command to generate the CSR (Certificate Signing Request).

# mkdir /tmp/certs
# openssl req -new -nodes -sha256 -out certificate_request.csr -newkey rsa:2048 -keyout /tmp/certs/certificate_key.key -extensions v3_req

Categories
Red Hat Enterprise Linux / CentOS

Setup Linux CA Sever – CentOS/Red Hat 6.x/7.x

Setting up a Linux CA server is quick and easy and is a direct replacement for Microsoft CA. This article applies to both CentOS/Red Hat 6.x and 7.x versions. Let’s start with installing the required packages for the CA server setup.

First need to install openssl.

# yum -y install openssl

Categories
Red Hat Enterprise Linux / CentOS

Sed – Insert Text before or after a string in a newline w/o TAB Space

SED is a very powerful utility which allows find and replace/insert text functionality. It should be used with Caution and is recommended to use dry-run before committing the changes. Below are the various commands for text manipulation.

Note:

\n = for newline

\t = for TAB space

Dry run = just remove ‘-i‘ form the below command

 Find the pattern and Insert text AFTER

# sed -i 's/.*search 1st Line.*/&\nInsert 2nd line/' file1
Categories
Red Hat Enterprise Linux / CentOS

Generate Random Password – Red Hat/CentOS

There are instances wherein you want to generate random passwords for setting up MySQL/User credentials or use for kickstarts. There is a very simple random password generator in-built into Red Hat/CentOS. Just run the below command.

# cat /dev/urandom | tr -dc ‘a-zA-Z0-9’ | fold -w 24 | head -n24 | head -n1

Categories
Red Hat IDM

Get rid of Error “LDAP Connect error You are attempting to import a cert with the same issuer”

When you come across this error “LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer” enrolling a client to FreeIPA/IDM server, it means that the existing certificate does not match the one on the IDM server and can be fixed quite easily with just one command. The scenario in which this can happen is that you might have had the client enrolled to a different IDM server previously and the old cert is still lying around.