Generating SSL certificates
Generate server private key
The first task is to create a server private key. In this example, a key of 1024 bits is created and the passphrase is encrypted using tripple DES:
openssl genrsa -des3 -out server.key 1024
To create a key without a passphrase (so there is no need to enter a passphrase when the Apache server starts for example):
openssl genrsa -out server.key 1024
or to remove a passphrase in an already existent file:
openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key
Generate certificate signed request (CSR)
The CSR is the file required by the certificate issuer to sign and issue a certificate and is generated as follows:
openssl req -new -key server.key -out server.csr
This requires certain bits of data to be entered:
Country Name (2 letter code) [AU]: GB State or Province Name (full name) [Some-State]: Yorks Locality Name (eg, city) []: York Organization Name (eg, company) [Internet Widgits Pty Ltd]: BSDnexus Organizational Unit Name (eg, section) []: IT Common Name (eg, YOUR name) []: www.bsdnexus.com Email Address []:
The completed file server.csr is ascii based and can be submitted to the CA in a variety of forms who will then issue the server.crt file
Self signed certificate
If the website is a private one, it is possible to self-sign a certificate, however, this leads to browsers complaining until an exception is applied. Currently, the following pages are displayed by two well known browsers:
Firefox and SSL cert issue
IE and SSL cert issue
SHould you still wish to sign your own CSR to generate the server.crt file, the following command can be used:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Install certificates
The files can be stored anywhere on the system, however, under /etc/ssl seems customary. Ensure the files are only readable by root. If a CA has signed your CSR they will provide two files (names may be slightly different) "server.crt" and "server.ca-bundle". If you have self-signed, merely omit the reference to the .ca-bundle file.
For apache a virtual host entry could look as follows (notice the references to the files):
<VirtualHost _default_:443>
ServerAdmin webmaster@bsdnexus.com
DocumentRoot /usr/local/apache/share/htdocs
ServerName www.bsdnexus.com
SSLEngine on
SSLCertificateKeyFile /etc/ssl/bsdnexus/server.key
SSLCertificateFile /etc/ssl/bsdnexus/server.crt
SSLCertificateChainFile /etc/ssl/bsdnexus/server.ca-bundle
</VirtualHost>Files without comments
Use *awk to remove comment lines that start with a '#' making it easier to view the actual configurations/settings
cat /path/to/file | awk '!/^#/ {print $0}'
[Edit]
To remove the blank lines as well as the comments, alter the awk command to
awk '!/^#|^$/ {print $0}'
Batch convert audio files
Simple one-liner to batch convert one type of audio file to another using ffmpeg. The example converts .ogg to .mp3 files:
for x in *.ogg; do ffmpeg -i "$x" "`basename "$x" .ogg`.mp3"; done
dpkg tips
dpkg is package manager for Debian, and found in most of its derivatives. Programs such as apt and aptitude are front-ends to dpkg. Following are some handy to know dpkg commands.
Package Listing
To display all currently installed packages (including version numbers) or a specfic package:
dpkg -l [package_name]
Package Querying
To show details about a specific package:
dpkg -p {package_name}
To find out which files are installed by a package:
dpkg -L {package_name}
To find out which package installs a particular file:
dpkg -S {/path/to/file | part_of_filename}
Package Removal
To remove a package but retain the configuration files:
dpkg -r {package_name}
To remove a package including the configuration files:
dpkg -P {package_name}