Generating SSL certificates

by on Aug.29, 2011, under Guide

Generate server private key

The first task is to create a server private key. In this example, a key of 1024 bits is created and the passphrase is encrypted using tripple DES:

openssl genrsa -des3 -out server.key 1024

To create a  key without a passphrase (so there is no need to enter a passphrase when the Apache server starts for example):

openssl genrsa -out server.key 1024

or to remove a passphrase in an already existent file:

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

Generate certificate signed request (CSR)

The CSR is the file required by the certificate issuer to sign and issue a certificate and is generated as follows:

openssl req -new -key server.key -out server.csr

This requires certain bits of data to be entered:

Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: Yorks
Locality Name (eg, city) []: York
Organization Name (eg, company) [Internet Widgits Pty Ltd]: BSDnexus
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: www.bsdnexus.com
Email Address []:

The completed file server.csr is ascii based and can be submitted to the CA in a variety of forms who will then issue the server.crt file

Self signed certificate

If the website is a private one, it is possible to self-sign a certificate, however, this leads to browsers complaining until an exception is applied. Currently, the following pages are displayed by two well known browsers:

Firefox indicating an SSL certificate issue

Firefox and SSL cert issue

Firefox indicating an SSL certificate issue

IE and SSL cert issue

SHould you still wish to sign your own CSR to generate the server.crt file, the following command can be used:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Install certificates

The files can be stored anywhere on the system, however, under /etc/ssl seems customary. Ensure the files are only readable by root. If a CA has signed your CSR they will provide two files (names may be slightly different) “server.crt” and “server.ca-bundle”. If you have self-signed, merely omit the reference to the .ca-bundle file.

For apache a virtual host entry could look as follows (notice the references to the files):

<VirtualHost _default_:443>
  ServerAdmin webmaster@bsdnexus.com
  DocumentRoot /usr/local/apache/share/htdocs
  ServerName www.bsdnexus.com
  SSLEngine on
  SSLCertificateKeyFile /etc/ssl/bsdnexus/server.key
  SSLCertificateFile /etc/ssl/bsdnexus/server.crt
  SSLCertificateChainFile /etc/ssl/bsdnexus/server.ca-bundle
</VirtualHost>
, , Comments Off more...

Files without comments

by on Aug.22, 2011, under Oneliner

Use *awk to remove comment lines that start with a ‘#’ making it easier to view the actual configurations/settings

cat /path/to/file | awk '!/^#/ {print $0}'

[Edit]

To remove the blank lines as well as the comments, alter the awk command to

awk '!/^#|^$/ {print $0}'
, , Comments Off more...

Batch convert audio files

by on Aug.10, 2011, under Oneliner

Simple one-liner to batch convert one type of audio file to another using ffmpeg. The example converts .ogg to .mp3 files:

for x in *.ogg; do ffmpeg -i "$x" "`basename "$x" .ogg`.mp3"; done
, 1 Comment more...

dpkg tips

by on Aug.05, 2011, under Guide

dpkg is package manager for Debian, and found in most of its derivatives. Programs such as apt and aptitude are front-ends to dpkg. Following are some handy to know dpkg commands.

Package Listing

To display all currently installed packages (including version numbers) or a specfic package:

dpkg -l [package_name]

Package Querying

To show details about a specific package:

dpkg -p {package_name}

To find out which files are installed by a package:

dpkg -L {package_name}

To find out which package installs a particular file:

dpkg -S {/path/to/file | part_of_filename}

Package Removal

To remove a package but retain the configuration files:

dpkg -r {package_name}

To remove a package including the configuration files:

dpkg -P {package_name}
, , , Comments Off more...

AcerAspireOne Touchpad on Debian

by on Jul.10, 2011, under Guide

When installing Debian “Testing” on the AcerAspireOne the touchpad does not register a single tap of the pad as a left mouse click. To rectify this add the following line to the file /etc/modprobe.d/psmouse.conf

options psmouse proto=imps

According to this Ubuntu source, some setups may be better with exps instead of imps.

, , , Comments Off more...

apt autoclean

by on Jul.05, 2011, under Guide

To have apt-get/aptitude auto-clean all the downloaded .deb files after running an “update” (to keep as much free space as possible) simply add the following to /etc/apt/apt.conf.d/00autoclean

Aptitude::Autoclean-After-Update;
, , , Comments Off more...

ownCloud private web storage

by on Jun.07, 2011, under Guide

ownCloud is a webdav based application allowing you to store files on your own personal server on the Internet and access them via http or webdav. Installation is as follows:

Ensure apache2, php and mysql are installed

$ apt-get install apache2 php5 mysql-server php5-mysql sqlite php5-sqlite

Download the latest stable (or the experimental version via git if preferred). At time of writing, the latest stable version is stable version 1.2 and install to the webserver directory:

$ wget 'http://owncloud.org/releases/owncloud-1.2.tar.bz2'
$ bunzip2 owncloud-1.2.tar.bz2
$ tar xvf owncloud-1.2.tar
$ mv owncloud /var/www/

Appropriate permissions need to be set so that the webserver has full control of the directory. On debian or ubuntu this is:

$ chown -R www-data:www-data /var/www/owncloud

Next you need to decide upon the database used, the administrator user and password. This is done through the “first run wizard” which will appear the first time the owncloud directory is browsed. Sqlite requires no configuration, while selecting MySQL will require additional information to build the tables.

ownCloud first run wizard

ownCloud first run wizard

After configuration, the standard login will be presented:

ownCloud login page

ownCloud login page

once logged in files are displayed and options to upload or create directories are available under “More Actions”:

ownCloud file listing

ownCloud file listing

The web interface is now functioning as well as access via webdav. Since KDE supports webdav it is possible to configure access to the server storage space via the “Network” place as follows:

Select "Add Network Folder"

Select "Add Network Folder"

Select the “webdav”access method:

Select WebFolder (webdav)

Select WebFolder (webdav)

fill in the details, notice that the folder field is set to “/owncloud/webdav/owncloud.php” (this assumes the installation was to /var/www/owncloud on a debian or ubuntu system)

Enter configuration details

Enter configuration details

Upon saving the details a prompt for the password will appear and an option to “Remember password” so you don’t have to re-enter it whenever accessing the folder:

Enter password

Enter password

The share will now appear in the “Network” places:

ownCloud in Network places

ownCloud in Network places

And can be used like any other folder on the system within KDE:

ownCloud access via webdav in KDE

ownCloud access via webdav in KDE

The files themselves are stored in a per-user directory in a sub-folder of the owncloud directory entitled “data”

, , , 1 Comment more...

Copyright © 1996-2010 BSDnexus. All rights reserved.
Jarrah theme by Templates Next | Powered by WordPress