HOW-TO: Install Certificate And Verify

Hi,

Friends,

Good Morning to all. I have some queries about openssl. I googled for by query but i did not got the relevant answer, hence I came here and i am guaranteed that you gyes will help me definitely as you helped me before as well.

My scenario is I had one centOS 6 server which had openssl version as
Code:

 rpm -qa|grep openssl
openssl-1.0.1e-30.el6_6.5.x86_64
openssl-devel-1.0.1e-30.el6_6.5.x86_64

CentOS 6 provides php5.3 as default
Code:

yum list php
Loaded plugins: downloadonly, fastestmirror, presto
Determining fastest mirrors
base                                                                                                                                    | 3.7 kB     00:00
epel                                                                                                                                    | 4.4 kB     00:00
epel/primary_db                                                                                                                         | 6.4 MB     00:00
extras                                                                                                                                  | 3.4 kB     00:00
panopta                                                                                                                                 |  951 B     00:00
updates                                                                                                                                 | 3.4 kB     00:00
updates/primary_db                                                                                                                      | 2.1 MB     00:00
Available Packages
php.x86_64                                                                5.3.3-40.el6_6                                                                updates

But I need php5.2, so i preferd to go compilation. It gave me some errors while doing make regarding openssl. I googled for it, gave solution of downgrading openssl.

As default openssl can't be removed, I prefered installing openssl-0.9.x through compilation with --prefix option. After doing I was able to compile php-5.2 successfully.

Now in my server there are followings installed.

Code:

[next02admin@NEXT02VMD02 ~]$ /usr/bin/openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 (the default one)

[next02admin@NEXT02VMD02 ~]$ /usr/local/bin/openssl version
OpenSSL 0.9.8e 23 Feb 2007 (the compiled one)

[next02admin@NEXT02VMD02 ~]$ php -v
PHP 5.2.10 (cli) (built: Jul  1 2014 00:39:27)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

[next02admin@NEXT02VMD02 ~]$ rpm -qa|grep httpd
httpd-tools-2.2.15-39.el6.centos.x86_64
httpd-2.2.15-39.el6.centos.x86_64
httpd-devel-2.2.15-39.el6.centos.x86_64

Now My question is,
1) Is it safe to use both openssl versions simultaneously.
2) Will it cause any vulnerability on my site (prod ENV), if it will affect to prod env, then to what extend.

Your replies will be very very appreciable. I will be very thankful to you.

Regards,

SSR

Firebug displays the following error when viewing my site:
Quote:
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
My approach to generate self-signed SSL keys is shown below. I didn't think I was using SHA-1, but thought I was using SHA-256.

What should I do to eliminate this warning?

Thank you

Code:

# generate mysite.coms's RSA keypair with 3072 bits and encrypt it
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -aes-128-cbc -out mysite_key.pem

# generate a certificate signing request.  Used FQDN of server (i.e. mysite.com).  Use email with dot to prevent spam.  Didn't include an "extra" password
openssl req -new -key mysite_key.pem -sha256 -days 365 -out mysite_csr.pem

# Remove pass-phrase from the key
cp mysite_key.pem mysite_key.pem.tmp
openssl rsa -in mysite_key.pem.tmp -out mysite_key.pem
rm -f mysite_key.pem.tmp

# sign the certificate with the key itself.  Skip this step if using a CA
openssl x509 -req -in mysite_csr.pem -signkey mysite_key.pem -sha256 -days 365 -out mysite_crt.pem

# Copy the files to the correct locations (don't move since it will cause problems with selinux). Be sure to keep at read only by root
cp mysite_key.pem /etc/pki/tls/private/mysite_key.pem
cp mysite_csr.pem /etc/pki/tls/private/mysite_csr.pem
cp mysite_crt.pem /etc/pki/tls/certs/mysite_crt.pem
rm -f mysite_key.pem
rm -f mysite_csr.pem
rm -f mysite_crt.pem

# update /etc/httpd/conf.d/ssl.conf as follows:
# SSLCertificateFile /etc/pki/tls/certs/mysite_crt.pem
# SSLCertificateKeyFile /etc/pki/tls/private/mysite_key.pem

/etc/init.d/httpd restart

I have CentOS 7 64 bit. I have installed open-vm-tools on it.
I have installed vmplayer using
Code:

./VMware-Player-6.0.1-1379776.x86_64.bundle

Now when I try to open vmplayer on it, it does not load 'Virtual Network Device'
and shows error in terminal
Code:

Failed to build vmnet.  Failed to execute the build command.

When I check status of vmware, it shows
Code:

Module vmnet not loaded

If I try to run
Code:

vmware-modconfig --console --install-all

It gives me following error.
Code:

make: Leaving directory `/tmp/modconfig-2NfFeS/vmnet-only'
Unable to install all modules.

I am not able to open VMplayer, please help me to open it.

Thanks

--Kind Regards
Sam

Hello,

I am using " Red Hat Enterprise Linux ES release 4 (Nahant Update 5)
Kernel \r on an \m
" and have " OpenSSL 0.9.7a Feb 19 2003 "
I wish to update openssl to new version OpenSSL 1.0.2a.

Please advise...

Thank you very much.

Hi, I've just recently installed MySQL connector/c from source code on my Slackware 14.1 x64

I read the official instructions of the connector but I felt a bit disorientated when I read:
Code:

1 -Change location to the top-level directory of the source distribution.

I interpreted that I have to go to the "highest" directory Code:

/

So I wrote: Code:

 
        #                            cd /

root@- /#                            tar xzvf /home/normal/Downloads/mysql-connector-c-6.1.6-src.tar.gz 

root@- /#                            cd /mysql-connector-c-6.1.6-src/

root@- /mysql-connector-c-6.1.6-src# cmake -G "Unix Makefiles"

root@- /mysql-connector-c-6.1.6-src# make 

root@- /mysql-connector-c-6.1.6-src# make install

Then I did:
Code:

ln -s /usr/local/mysql-5.6.25/include /usr/include

But when I try to compile a program in c with #include <mysql.h> i get this error:
Code:

# gcc ctemp.c 
In file included from ctemp.c:2:0:
/usr/include/mysql.h:57:27: fatal error: mysql_version.h: No such file or directory
 #include "mysql_version.h"
                           ^

What can I do? Thanks a lot and sorry for poor english

PD: If you need the official instructions I paste here the link: https://dev.mysql.com/doc/connector-...on-source.html

System Info:

I have normal user in CentOS 7 whose name is "mostafa" (the name of the account).

I naturally have another user called root with all privileges. User "mostafa" is put into sudoers file, too.

The OS is installed in VmWare, so the system is all mine.

Problem:

Now I create a file with touch file.sh and put a command in it, but when I want to run it with Code:

sudo ./file.sh

, an error is shown that the command Code:

./file.sh

does not exist. But if I Code:

 sudo chmod 777 ./file.sh

then it gets run. My question is that, why should I use Code:

chmod 777

when I myself have created the file, and I am in sudoers.

Can anyone explain me why shuold I still use Code:

sudo chmod 777

when the creator of the file is me.

Hi all.
RHEL 6.0 in Virtual Box, network is ok, it can resolve all repos (f.e. dl.fedoraproject.org, nginx.org),
but when I'm trying
Code:

# rpm -Uvh http://nginx.org/packages/rhel/6/noarch/RPMS/nginx-release-rhel-6-0.el6.ngx.noarch.rpm

I get:
Code:

curl: (6) Couldn't resolve host

When I'm trying with ip instead name:
Code:

curl: (22) The requested URL returned error: 404

Only rpmforge repo enabled, but it can't find any packets for install/update.

What can I do?
Thanks.

OpenSSH_6.7p1, OpenSSL 1.0.1f 6 Jan 2014

I am having trouble adding a ecdsa key to ssh-add
However, I can add a rsa key without problem.

My file permissions:
Code:

id_ecdsa miati:miati-600
id_ecdsa.pub miati:miati-644
id_rsa miati:miati-600
id_rsa.pub miati:miati-644
/home/miati/.ssh/ miati:miati-700

When I try to add rsa & ecdsa

Code:

$ ssh-add id_rsa
Enter passphrase for id_rsa: 
Identity added: id_rsa (id_rsa)
$ ssh-add id_ecdsa
Enter passphrase for id_ecdsa: 
Error reading response length from authentication socket.
Could not add identity: id_ecdsa

My command to create each key

Code:

ssh-keygen -t rsa -b 4096
ssh-keygen -t ecdsa

hello, I changed ubuntu 11 to ubuntu 14.10.

At the time of installation, I chose only open ssh for installation and I installed successfully.
now, I have not apache2, because when I typed
Code:

 sudo apt-get install apache2

I see:
Code:

Unable to locate package apache2

It is clear I have not apache2.now,I want to connect in internet and install it.

thanks.

Hi,

Friends,

I had i problem with php compilation. When i do make install I get below error.

Code:

 make install
Installing PHP SAPI module:       apache2handler
/usr/lib/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib/apr/build-1/libtool' libphp5.la /usr/lib/httpd/modules
/usr/lib/apr/build-1/libtool --mode=install install libphp5.la /usr/lib/httpd/modules/
libtool: install: install .libs/libphp5.lai /usr/lib/httpd/modules/libphp5.la
libtool: install: install .libs/libphp5.a /usr/lib/httpd/modules/libphp5.a
libtool: install: chmod 644 /usr/lib/httpd/modules/libphp5.a
libtool: install: ranlib /usr/lib/httpd/modules/libphp5.a
libtool: install: warning: remember to run `libtool --finish /usr/src/php-5.4.37/libs'
Warning!  dlname not found in /usr/lib/httpd/modules/libphp5.la.
Assuming installing a .so rather than a libtool archive.
chmod 755 /usr/lib/httpd/modules/libphp5.so
chmod: cannot access `/usr/lib/httpd/modules/libphp5.so': No such file or directory
apxs:Error: Command failed with rc=65536

I had below httpd modules install

Code:

[root@centos6php54 php-5.4.37]# rpm -qa|grep httpd|sort
httpd-2.4.12-1.i686
httpd-debuginfo-2.4.12-1.i686
httpd-devel-2.4.12-1.i686
httpd-manual-2.4.12-1.i686
httpd-tools-2.4.12-1.i686

I have below config parameters

Code:

'./configure'  '--build=i686' '--host=i686' '--target=i686' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=/lib' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-native-ttf' '--with-t1lib=/usr' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--with-kerberos' '--enable-ucd-snmp-hack' '--enable-shmop' '--enable-calendar' '--with-libxml-dir=/usr' '--enable-xml' '--with-system-tzdata' '--with-mime-magic=/usr/share/file/magic' '--enable-force-cgi-redirect' '--enable-pcntl' '--with-imap=shared' '--with-imap-ssl' '--enable-mbstring=shared' '--enable-mbregex' '--with-ncurses=shared' '--with-gd=shared' '--enable-bcmath=shared' '--enable-dba=shared' '--with-db4=/usr' '--with-xmlrpc=shared' '--with-ldap=shared' '--with-ldap-sasl' '--with-mysql=shared,/usr' '--with-mysqli=shared,/usr/bin/mysql_config' '--with-interbase=shared,/usr/lib/firebird' '--with-pdo-firebird=shared,/usr/lib/firebird' '--enable-dom=shared' '--with-pgsql=shared' '--enable-wddx=shared' '--with-snmp=shared,/usr' '--enable-soap=shared' '--with-xsl=shared,/usr' '--enable-xmlreader=shared' '--enable-xmlwriter=shared' '--with-curl=shared,/usr' '--enable-fastcgi' '--enable-pdo=shared' '--with-pdo-odbc=shared,unixODBC,/usr' '--with-pdo-mysql=shared,/usr' '--with-pdo-pgsql=shared,/usr' '--with-pdo-sqlite=shared,/usr' '--with-pdo-dblib=shared,/usr' '--with-sqlite=shared,/usr' '--enable-json=shared' '--enable-zip=shared' '--with-readline' '--enable-dbase=shared' '--with-pspell=shared' '--with-mcrypt=shared,/usr' '--with-mhash=shared,/usr' '--with-tidy=shared,/usr' '--with-mssql=shared,/usr' '--enable-sysvmsg=shared' '--enable-sysvshm=shared' '--enable-sysvsem=shared' '--enable-posix=shared' '--with-unixODBC=shared,/usr' '--with-apxs2'

apxs path

Code:

[root@centos6php54 php-5.4.37]# which apxs
/usr/bin/apxs

OS Version

Code:

[root@centos6php54 php-5.4.37]# cat /etc/issue
CentOS release 6.5 (Final)
Kernel \r on an \m

Any help will be really appreciable.

Regards,

Redssr