1. Assume xyz is the company and supplychain.xyz.com is website.
2. Change to the SSL directory (go for appropriate driectory for your company)
cd /etc/apache2/ssl.key
3. Create Key for the server
#openssl genrsa –out supplychain.xyz.com-server.key 2048
4. Create a certificate signing request in the following directory (go for appropriate driectory for your company)
cd /etc/Apache2/ssl.csr
#openssl req –new –x509 –days 365 –key supplychain.xyz.com.key –out supplychain.xyz.com.csr
It will ask the following parameters
Parameters: -C “supplychain.xyz.com” –c US –s Kentucky –l Louisville -o “XYZ LLC” -u “eBusiness Services” -n “supplychain.xyz.com”
5. Test the certificate contents by using “openssl x509 –text –in supplychain.xyx.com.csr –noout”
6. Send the csr file to vendor to get the new certificate
7. When CA provides certificate, rename the certificate as supplychain.crt
8. Copy this file to the following directory /etc/Apache2/ssl.crt
9. Change group memebship to Apache with “chgrp apache supplychain.crt”
10. Edit the following file :
/etc/apache2/vhosts.d/supplychain-ssl.conf
SSLEngine on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time.
SSLCertificateFile /etc/apache2/ssl.crt/supplychain.crt
# Point SSLCertificateKeyFile at the private key.
SSLCertificateKeyFile /etc/apache2/ssl.key/supplychain.xyz.com-server.key
# If your CA tells you that you need the Intermediate or Root
# certificate, install and specify it as here:
SSLCACertificateFile /etc/apache/ssl.crt/ca-bundle.crt (in our case no need to change it)
11.Restart Apache if needed
/etc/init.d/apache2 restart
Thursday, October 14, 2010
Tuesday, October 12, 2010
Enable SSH in Soalris 10
Enable ssh root login in Solaris 10
1. Change the file /etc/ssh/sshd_config with PermitRootLogin no to replace PermitRootLogin yes
2. restart the services
#svcadm restart svc:/network/ssh:default
1. Change the file /etc/ssh/sshd_config with PermitRootLogin no to replace PermitRootLogin yes
2. restart the services
#svcadm restart svc:/network/ssh:default
Configuring Telnet/FTP on Solaris
Configuring Telnet/FTP to login as root in Solaris
Make sure that you NEVER configure your production servers for this type of login because its bad security practice:
Configure Telnet for root logins
Simply edit the file /etc/default/login and comment out the following line as follows: # If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
# CONSOLE=/dev/console
Configure FTP for root logins
First remove the 'root' line from /etc/ftpd/ftpusers.
Also, don't forget to edit the file /etc/ftpd/ftpaccess and comment out the 'deny-uid' and 'deny-gid' lines. If the file doesn't exist, there is no need to create it.
Have a nice day!
Make sure that you NEVER configure your production servers for this type of login because its bad security practice:
Configure Telnet for root logins
Simply edit the file /etc/default/login and comment out the following line as follows: # If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
# CONSOLE=/dev/console
Configure FTP for root logins
First remove the 'root' line from /etc/ftpd/ftpusers.
Also, don't forget to edit the file /etc/ftpd/ftpaccess and comment out the 'deny-uid' and 'deny-gid' lines. If the file doesn't exist, there is no need to create it.
Have a nice day!
Subscribe to:
Posts (Atom)