How to create a self-signed certificate using OpenSSl?

Posted by Jason Web Hosting Sunday 16 November 2008 8:40 pm

The openssl toolkit is used to generate an RSA Key and CSR (Certificate Signing Request). The CSR and the KEY can then be used to generate a self-signed certificates which can be used for a website OR any of your service on the server. Follow the below steps to generate a self-signed certificate:

Step 1: Creating a RSA private key
root@localhost [~]# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
………………….++++++
……………++++++
e is 65537 (0×10001)

You have now created a RSA key with 1024 bit encryption which is stored under server.key file.

Step 2: Creating a CSR (Certificate Signing Request)
root@localhost [~]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:Berkshire
Locality Name (eg, city) [Newbury]:Newbury
Organization Name (eg, company) [My Company Ltd]:My Company Ltd
Organizational Unit Name (eg, section) []:section
Common Name (eg, your name or your server’s hostname) []:localhost
Email Address []:email@section

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Using the server.key (RSA key created in the first step) we are now generating a CSR (Certificate Signing Request) which is used for generating a SSL certificate. The CSR is stored in server.csr file. You need to provide all your information like Country, City State etc while generating the CSR.

Step 3: Creating a Certificate
root@localhost [~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd/OU=section/CN=localhost/emailAddress=email@section
Getting Private key

You have now generated a x509 Self Signed Certificate for a period of 365 days using the above generated RSA and CSR key. The certificate is now stored in server.crt file. Make sure you use server.crt (certificate) and server.key (private key) while installing it on any service of website.

0 Comments Leave a comment

phpMyAdmin - Error #2002 - MySQL server’s socket is not correctly configured

Posted by Jason Web Hosting Sunday 16 November 2008 8:10 pm

In order to get rid of this issue, edit the file, /usr/local/cpanel/base/3rdparty/phpMyAdmin/config.inc.php

and search for
$cfg['Servers'][$i]['socket'] = ”;

change to
$cfg['Servers'][$i]['socket'] = ‘/var/lib/mysql/mysql.sock’;

next line
$cfg['Servers'][$i]['connect_type'] = ‘tcp’;

change to
$cfg['Servers'][$i]['connect_type'] = ’socket’;

If this doesn’t fix the issue, make sure Mysql is running on your server and you have a symlink for mysql.sock under /tmp. To create a symlink, execute:

ln -s /varlib/mysql/mysql.sock /tmp

0 Comments Leave a comment

iptables: Unknown error 4294967295

Posted by Jason Web Hosting Friday 14 November 2008 8:21 pm

You may receive the following error message while restarting iptabes in your VPS:

error message: from firewall software ~ iptables: Unknown error 4294967295

this usually occurs when the required iptables modules are not loaded in the host server kernel. Login to your host server and load the following iptable modules:

modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe tun
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT

You can safely start iptables on your VPS now.

0 Comments Leave a comment

« Older Entries
Newer Entries »

Categories

Archives

Web Hosting Blogroll