Categories
RHEL / CentOS

Generate/sign CSR with subject Alternative Name (SAN) – CentOS7/RHEL7

This article will guide you through generating and signing a CSR and at the same time including SubjectAltName within the request. There is a requirement within all latest browsers that the website cert needs to have a SAN otherwise it complains of error with the certificate.

Let’s start with generating a certificate request. Run this one liner command which includes SubjectAltName

Categories
RHEL / CentOS

Setup/Install WebPasswordsafe (WPS) on CentOS7/RHEL7

This article will guide you on installing/setup of WebPasswordsafe v1.3 (WPS) on CentOS7/RHEL7.  This is a Password safe vault/manager which has got many enterprise features which includes but not limited to authentication via RSA token and also very good auditing facilities which includes the below and many more access control features.

  • Users/Groups Reports
  • Password Access/Expiration/Permissions Reports
  • Current Passwords Export
Categories
RHEL / CentOS

Enable https on WebPasswordSafe (WPS) on CentOS7/RHEL7

This article will guide you through Enabling https on WebPasswordSafe v1.3. The assumption is that you already have a 100% working WebPasswordsafe setup in-place. If you don’t, then you can follow this article for Setup of WebPasswordSafe on CentOS7/RHEL7.

The Prerequisites are as follows.

Apache and mod_ssl 2.4.6 or higher

Categories
RHEL / CentOS

Setup MariaDB on CentOS7/RHEL7

This article will guide through installing MariaDB server and its configuration on CentOS7/RHEL7. The assumption for this article is that you are using a clean build of CentOS7. Let’s start with setting up the repo for MariaDB.

Go ahead and setup MariaDB repo for the download.

Categories
RHEL / CentOS

Verify/validate signed cert with private key – CentOS/RHEL 6.x/7.x

When dealing with signed certs the usual practise is to validate it with the private key. This command will allow you to verify the signed cert matches the private key generated during CSR (Certficate Signing Request) request. Run the below command and make sure the stdin outpot string is same for both.

It needs both .crt and .key file for verification

# openssl x509 -noout -modulus -in signed_cert.crt | openssl md5 && openssl rsa -noout -modulus -in private_ca_server_key.key | openssl md5
Categories
RHEL / CentOS

Generate CSR and sign using Linux CA – CentOS/Red Hat 6.x/7.x

This article will show you how to generate a CSR request and get it signed on a linux CA (CentOS/Red Hat). Follow this link if you have not already installed and configured CA server. We can run the below command to generate the CSR (Certificate Signing Request).

# mkdir /tmp/certs
# openssl req -new -nodes -sha256 -out certificate_request.csr -newkey rsa:2048 -keyout /tmp/certs/certificate_key.key -extensions v3_req

Categories
RHEL / CentOS

Setup Linux CA Sever – CentOS/Red Hat 6.x/7.x

Setting up a Linux CA server is quick and easy and is a direct replacement for Microsoft CA. This article applies to both CentOS/Red Hat 6.x and 7.x versions. Let’s start with installing the required packages for the CA server setup.

First need to install openssl.

# yum -y install openssl
Categories
RHEL / CentOS

Sed – Insert Text before or after a string in a newline w/o TAB Space

SED is a very powerful utility which allows find and replace/insert text functionality. It should be used with Caution and is recommended to use dry-run before committing the changes. Below are the various commands for text manipulation.

Note:

\n = for newline

\t = for TAB space

Dry run = just remove ‘-i‘ form the below command

 Find the pattern and Insert text AFTER

# sed -i 's/.*search 1st Line.*/&\nInsert 2nd line/' file1
Categories
RHEL / CentOS

Generate Random Password – Red Hat/CentOS

There are instances wherein you want to generate random passwords for setting up credentials. There is a very simple random password generator in-built into Linux. Just run the below command.

# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 24 | head -n24 | head -n1
Categories
RHEL / CentOS

Generate/Create a SHA2/SHA256 self-signed cert – RedHat/CentOS

To generate a SHA256 certficate in linux all you need to do is run this openssl command and you will be ready with a PCI compliant cert. This is a standard requirement nowadays in any PCI compliant environment. This is implemented with Apache backend. Run the below command to generate .crt and .key files.