Search Results

Configuring MySQL over SSL for client connections

Useful for setting up encrypted connections between client and server.  Parts of this can be substituted if you wished to get a certificate issued from a trusted CA. 1. Check that SSL has been compiled in MySQL on the server: SHOW VARIABLES LIKE ‘have_openssl’; or mysql –ssl –help If it says disabled or yes then […]

Exchange 2007 – Renewing self signed SSL

If your running Exchange 2007 and you don’t really have the need for an SSL that’s issued by a valid CA, then you can just renew the self signed one that’s automatically generated on server build.  Most devices are happy to connect to an unsigned SSL once an exceptions been made, but they may well […]

Convert SSL from pem to pfx

Convert an SSL certificate from Apache pem to IIS pfx format. Copy the private key and certificate parts, from the PEM to their own files. Then: openssl pkcs12 -export -out ssl.pfx -in ssl.crt -inkey ssl.key This gave me a .pfx file i could import into IIS. If it’s an EV SSL, you can add the […]

PHP IMAP SSL error

if you are getting a certificate error when using the PHP IMAP function, add the /notls flag: ie: $mbox = imap_open (“{localhost:995/pop3/notls}”, “user_id”, “password”);

openssl unable to write random state

openssl genrsa -out test.pem 1024 -rand $HOME/httpdocs/cert/.rnd Generating RSA private key, 1024 bit long modulus …………………….++++++ …………………..++++++ unable to write ‘random state’ e is 65537 (0x10001) Causing non-random keys to be generated This is because openssl tries to create a .rnd file in the users home directory by default to create the random file.  The […]

MySQL Replication over SSL

##Tutorial for MySQL Replication over SSL (one-way)## ##################################################### ##Check that SSL has been compiled in SSL on both the master and the client: SHOW VARIABLES LIKE ‘have_openssl'; or mysql –ssl –help If it says disabled or yes then its fine.  If it says no then an SSL enabled version of MySQL needs to be installed. […]

Curl Error: openssl missing CA

This seems to happen with different versions on libcurl on el4. Just make sure that there is a ca-bundle in the right place: mkdir -p /etc/pki/tls/certs && ln -s /usr/share/ssl/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt You can find where its looking for the bundle using curl -v : curl -v https://www.google.co.uk * About to connect() to www.google.co.uk port 443 […]

Convert SSL from pfx to pem

Convert an SSL certificate from IIS pfx to Apache pem format: # Export the private key file from the pfx file openssl pkcs12 -in filename.pfx -nocerts -out key.pem # Export the certificate file from the pfx file openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem # This removes the passphrase from the private key so […]

Distributed Monitoring in Nagios with check_mk multisite

For some time now, I’ve been exploring the best ways of configuring a distributed Nagios setup. With the “federated” configuration that Nagios recommend, you can pass data from remote Nagios instances back to a central Nagios server with the use of passive checks combined with NSCA or NRDP. Whilst this works well, the duplicate configuration […]

Export Java Keystore Certificate & Private Key to PEM

I always find Java Keystores a total ballache to work with, would rather manage individual PEM files any day of the week. If you need to export the contents for use with something else you can use the following commands: Export from JKS to PKCS #12. keytool -importkeystore -srckeystore oldkeystore.jks -destkeystore cert.p12 -deststoretype PKCS12 -srcalias […]