SSL – Create Root, Intermediate and Certificate in Chain

Create a Chain Certificate (Root, Intermediate & Normal Chain) – Step-by-step —————————————————————————————— ROOT CERTIFICATE —————————————————————————————— mkdir /root/ca cd /root/ca mkdir certs crl newcerts private chmod 700 private touch index.txt echo 1000 > serial vim openssl.cnf [ ca ] # `man ca` default_ca = CA_default [ CA_default ] # Directory and file locations. dir               = /root/ca certs             = $dir/certs crl_dir           = $dir/crl new_certs_dir     = $dir/newcerts database          = $dir/index.txt serial            = $dir/serial RANDFILE          = $dir/private/.rand # The root key and root certificate. private_key       = $dir/private/root_haritibco.key.pem certificate       = $dir/certs/root_haritibco.cert.pem # For certificate revocation lists. crlnumber         = $dir/crlnumber crl               = $dir/crl/ca.crl.pem crl_extensions    = crl_ext default_crl_days  = 30 # SHA-1 is deprecated, so use SHA-2 instead. default_md        = sha256 name_opt          = ca_default cert_opt          = ca_default default_days      = 375 preserve          = no policy            = policy_strict [ policy_strict ] # The root CA should only sign intermediate certificates that match. # See the POLICY FORMAT section of `man ca`. countryName             = match stateOrProvinceName     = match organizationName        =

read more SSL – Create Root, Intermediate and Certificate in Chain

Linux – Concepts – IPTABLES v/s FIREWALLD

Today we will walk through iptables and firewalld and we will learn about the history of these two along with installation & how we can configure these for our Linux distributions. Let’s begin wihtout wasting further more time. What is iptables? First, we need to know what is iptables. Most of senior IT professionals knows about it and used to work with it as well. Iptables is an application / program that allows a user to configure the security or firewall security tables provided by the Linux kernel firewall and the chains so that a user can add / remove firewall rules to it accordingly to meet his / her security requirements. Iptables uses different kernel modules and different protocols so that user can take the best out of it. As for example, iptables is used for IPv4 ( IP version 4/32 bit ) and ip6tables for IPv6 ( IP version 6/64 bit ) for both tcp and udp. Normally, iptables rules

read more Linux – Concepts – IPTABLES v/s FIREWALLD

GnuPG – Public / Private Key Method – Encryption / Decryption (No Digital Signature)

  <When You Encounter This Error Don’t Panic> GPG key generation: Not enough random bytes available. Not enough random bytes available Generating keys with GnuPG   Anyone who wants to create a new key set via GnuPG (GPG) may run into this error: We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available.  Please do some other work to give the OS a chance to collect more entropy! (Need 142 more bytes) The problem is caused by the lack of entropy (or random system noise). While trying to get more, you might keep running into this message. In our case running a find on the disk, while making sha1sums and putting that into files, was actually not enough. To

read more GnuPG – Public / Private Key Method – Encryption / Decryption (No Digital Signature)

Certificates – PKCS12

pkcs12 NAME pkcs12 – PKCS#12 file utility SYNOPSIS openssl pkcs12 [-help] [-export] [-chain] [-inkey filename] [-certfile filename] [-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver] [-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes] [-noiter] [-maciter | -nomaciter | -nomac] [-twopass] [-descert] [-certpbe cipher] [-keypbe cipher] [-macalg digest] [-keyex] [-keysig] [-password arg] [-passin arg] [-passout arg] [-rand file(s)] [-CAfile file] [-CApath dir] [-no-CAfile] [-no-CApath] [-CSP name] DESCRIPTION The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook. COMMAND OPTIONS There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the-export option (see below). PARSING OPTIONS -help Print

read more Certificates – PKCS12

Certificates – Digital Certificates (Summary)

Introduction to Digital Certificates Digital Certificates provide a means of proving your identity in electronic transactions, much like a driver license or a passport does in face-to-face interactions. With a Digital Certificate, you can assure friends, business associates, and online services that the electronic information they receive from you are authentic. This document introduces Digital Certificates and answers questions you might have about how Digital Certificates are used for information about the cryptography technologies used in Digital Certificates. Digital certificates are the equivalent of a driver’s license, a marriage license, or any other form of identity. The only difference is that a digital certificate is used in conjunction with a public key encryption system. Digital certificates are electronic files that simply work as an online passport. Digital certificates are issued by a third party known as a Certification Authority such as VeriSign or Thawte. These third party certificate authorities have the responsibility to confirm the identity of the certificate holder

read more Certificates – Digital Certificates (Summary)

Certificates – CSR (Certificate Signing Request).

What is a CSR (Certificate Signing Request)? What is a CSR? A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually created at the same time that you create the CSR. A certificate authority will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. What is a CSR and private key good for if someone else can potentially read your communications? The certificate created with a particular CSR will only work with the private key that was generated with it. So if you lose the private key, the certificate will

read more Certificates – CSR (Certificate Signing Request).