How to Generate a Private Key and CSR from Command Line | Use the following command to generate a private key and certificate signing request (CSR): $ openssl req -new -newkey rsa:2048 -nodes -keyout server_private.key -out server_csr.csr In the dialog that follows, pay particular attention to the CommonName (CN) indication. If you need a certificate for example.com, use example.com (exactly) as the CN. For example, if you
Check key length from the command line with OpenSSL
Check key length from the command line with OpenSSL | To check the key length of a certificate, use the openssl command. Here is how to check an RSA private key length: $ openssl rsa -text -noout -in private.key The top of the output will have: Private-Key: (1024 bit) For a certificates (.crt or .pem), use this command: $ openssl x509 -text -noout -in certificate.crt
Enable or Disable Compression in Apache
Enable or Disable Compression in Apache | I’ll show you a quick way to actively check a server for compression as well as how to disable compression in Apache. Note: This has _no_ effect on the CRIME TLS vulnerability. Test for Compression A simple test page to test for HTTP compression is here: http://www.gidnetwork.com/tools/gzip-test.php Or alternatively, below is a manual test for
How to Check Mail Server for SMTP Over TLS
How to Check Mail Server for SMTP Over TLS | Q. How can I check a server for SMTP over TLS? It is possible to have an SMTP connection use TLS from the sending server to the receiving server to add a pinch of security. Many banks and other security-minded corporations require this to send and receive email. To check the TLS capability of an
How to Check for SSL Renegotiation
How to Check for SSL Renegotiation | To check if a server allows SSL Renegotiation, you can use the openssl command. I’ll show you how! The commands are as follows: $ openssl s_client -connect yourdomain.com:443 Then after the regular ssl cert info displays, enter the following: GET / HTTP/1.0 R If the server allows renegotiation, it will then have something similar to
Create self-signed SSL certificate for Virtual Host
Create self-signed SSL certificate for Virtual Host | In Debian or Ubuntu, it is easy to generate a self-signed certificate for your virtual host. Here is how it works! 1. First, install the package ssl-cert: $ sudo apt-get install ssl-cert Since godaddy and the like are making 2048 bit certs common these days, optionally edit the file /usr/share/ssl-cert/ssleay.cnf and change 1024 bit 2048
SSH Password Login From Specific IP Ranges
SSH Password Login From Specific IP Ranges | Want to require ssh keys from remote sources, but then allow ssh passwords from your local home network? It is easy to make this specific configuration or alter as desired for your server. I’ll show you how! 1. Edit the sshd_config file sudo nano /etc/ssh/sshd_config In this file, edit the existing line PasswordAuthentication to ‘no’
