Posts Tagged ‘Name’

Create your own Certificate Authority using OpenSSL on CentOS

OpenSSL is an implementation of the SSL and TLS protocols. It is open-source and is the de-facto standard toolkit for Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It is written in C and also contains a general purpose cryptography library. Being written in C allows for various wrappers for other programming languages to exist.

Installing OpenSSL on CentOS is actually quite easy. All you have to do is enter the following command:

yum install openssl

Note: Depending on your installation configurations OpenSSL may already be installed on your system.

Note: This tutorial uses OpenSSL 1.0.0.

After we install OpenSSL, we need to setup our own Certificate Authority. To do so we first navigate to /etc/pki/CA:

cd /etc/pki/CA

Now we will make a directory where our certificates will be stored:

mkdir certs

Another necessary directory is for the revocation list:

mkdir crl

Note: crl stands for Certificate Revocation List.

Now we must create a directory for storing the unencrypted certificates:

mkdir newcerts

Next, create an empty file index.txt (you may use touch). The index.txt file is the database for certificates. Additionally, create two files containing the next serial number for a certificate and the next serial number for the revocation list:

echo ’01’ > serial

echo ’01’ > crlnumber

Almost ready. Copy the standard openssl config file to you current directory:

cp /etc/pki/tls/openssl.cnf openssl.cnf

And edit the config file (the one stored at /etc/pki/CA/openssl.cnf):

Change this line:

dir             = /etc/pki/CA           # Where everything is kept

to

dir             = .           # Where everything is kept

Change this line:

certificate     = $dir/cacert.pem       # The CA certificate

to

certificate     = $dir/certs/ca.crt       # The CA certificate

And this line:

private_key     = $dir/private/cakey.pem# The private key

to

private_key     = $dir/private/ca.key # The private key

And last, but certainly not least, make /etc/pki/CA/openssl.cnf readable only for you:

chmod 0600 openssl.cnf

After that, the process of creating a certificate authority is actually quite easy. Navigate to /etc/pki/CA:

cd /etc/pki/CA

Enter the following command:

openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650

if you want to create a CA valid for 10 years. You will be prompted:

Generating a 2048 bit RSA private key
........+++
.......+++
writing new private key to 'private/ca.key'
Enter PEM pass phrase:<password>
Verifying - Enter PEM pass phrase:<password>
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:<country>
State or Province Name (full name) []:<state>
Locality Name (eg, city) [Default City]:<city>
Organization Name (eg, company) [Default Company Ltd]:<organization>
Organizational Unit Name (eg, section) []:<department>
Common Name (eg, your name or your server's hostname) []:<common_name>
Email Address []:<email>

Where common_name is usually formed like ca.<your_domain>, and <email> is usually ca@<your_domain>

Finally, don’t forget to restrict the access to your private key:

chmod 0400 private/ca.key

For more on OpenSSL checkout how to create and sign certificates.

VN:F [1.9.18_1163]
Rating: 10.0/10 (3 votes cast)

Creating, updating and deleting views in MS SQL

This tutorial is about how to create, update and delete views in MS SQL 2008.

In SQL views are basically virtual tables based on the result of some SQL statement. Each view contains rows and columns, exactly like a real table. Each field in a view is a field from a real table in the database.

Even though views can contain fields from different tables, users can use WHERE and JOIN statements along with SQL functions to present the data as a single table. The syntax for creating a view is: Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 0.0/10 (0 votes cast)

Tighten Your Wireless Network Security In 3 Steps

Tutorial that will help you make sure your wireless network is secure. Tutorial describes how to use WPA2-AE for level of security and encryption. The three main points talked about are Password Protection, Hidden Network Name and the MAC Address Allow List Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 0.0/10 (10 votes cast)

Configure multiple vlan support on single network interface

In this tutorial I will guide you with the configurations and settings you need to make a normal Linux system to connect to a managed switch on a trunk port. You may need such functionality it in corporate environment and business platforms, not for your home network.

The tutorial is for RedHat based systems and more specifically we have used RedHat Enterprise Linux 4 update 4. It also has been tested on RedHat Enterprise Linux 5 and Fedora 10 platforms.

The fist step to enable the VLAN support in Linux. The config file is /etc/sysconfig/network. What you need there is : Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 1.3/10 (11 votes cast)

Bonding and Vlan configuration files example

The information is taken from a working system. For better understanding of the bellow configuration files we recommend you to read the following tutorials first

Configure multiple vlan support on bonded interfaces

Bonding Ethernet interfaces in RHEL4.

Prerequisite files for enabling bonding and enabling network support

The file that defines the loaded modules
/etc/modprobe.conf

  1. alias bond0 bonding
  2. alias bond1 bonding
  3. options bond0 max_bonds=2 mode=activebackup miimon=100

The general network configuration file.
/etc/sysconfig/network

  1. NETWORKING=yes
  2. HOSTNAME=ussdbr2
  3. GATEWAY=10.76.80.1
  4. VLAN=yes
  5. VLAN_NAME_TYPE=DEV_PLUS_VID_NO_PAD

These are the configuration files of the physical interfaces for the bonding

/etc/sysconfig/network-scripts/ifcfg-eth0

  1. DEVICE=eth0   # device name
  2. BOOTPROTO=none    # could be set to static too
  3. HWADDR=00:24:81:E6:40:14   # the actual MAC address of the device
  4. USECTL=no   # do not allow user control
  5. MASTER=bond0   # define the master bonding device
  6. SLAVE=yes   # confirms that this is part of a virtual interface

/etc/sysconfig/network-scripts/ifcfg-eth1

  1. DEVICE=eth1   # device name
  2. BOOTPROTO=none    # could be set to static too
  3. HWADDR=00:24:81:E6:40:16   # the actual MAC address of the device
  4. USECTL=no   # do not allow user control
  5. MASTER=bond0   # define the master bonding device
  6. SLAVE=yes   # confirms that this is part of a virtual interface

This is the bonding interface itself

/etc/sysconfig/network-scripts/ifcfg-bond0

  1. DEVICE=bond0   # device name
  2. BOOTPROTO=none   # could be set to static too or could be missing
  3. ONBOOT=yes   # enable this device on boot
  4. VLAN=yes   # enable vlan support on this interface<br/></p><p>And finally the two VLAN config files.

/etc/sysconfig/network-scripts/ifcfg-bond0.30

  1. DEVICE=bond0.30   # device name
  2. BOOTPROTO=none   # could be set to static too or could be missing
  3. ONBOOT=yes   # enable this device on boot
  4. IPADDR=10.76.80.69  # the IP address in the VLAN secment
  5. NETMASK=255.255.255.240  # the network mask for the specified network.
  6. VLAN=yes   # enable vlan support on this interface

/etc/sysconfig/network-scripts/ifcfg-bond0.33

  1. DEVICE=bond0.33   # device name
  2. BOOTPROTO=none   # could be set to static too or could be missing
  3. ONBOOT=yes   # enable this device on boot
  4. IPADDR=10.76.80.8  # the IP address in the VLAN secment
  5. NETMASK=255.255.255.224  # the network mask for the specified network.
  6. VLAN=yes   # enable vlan support on this interface

VN:F [1.9.18_1163]
Rating: 1.3/10 (11 votes cast)

What is Mental Ray in 3D Programs

Mental Ray is a production quality rendering, engine developed by mental images(Germany – Berlin). As the name hints, it supports ray tracing to generate images. Features like global illumination, reflections, refractions, etc. also are supported. Read the rest of this entry »

VN:F [1.9.18_1163]
Rating: 0.0/10 (0 votes cast)