Debian :: Create Own Self-signed SSL Certificate To Ensure The Basket Area Remains Secure?
Dec 27, 2010
Things beyond my control are causing me to rush a bit in getting the website moved. I'm working hard to try and get it done, but something else has come up that SSL Certificate.I know that our website's "basket" area is protected by an SSL certificate to ensure customer information, especially credit info, is secure. With the move to Amazon's service, it looks like I may need to create our own self-signed SSL certificate to ensure the basket area remains secure.
I have found guides that walk through how to make one yourself and configuring apache to allow it, but something else has come to mind. The guides I found don't really indicate where the SSL certificate goes afterwards, and also doesn't suggest which sections should be governed by the certificate (as only the basket section uses it, not anything else). How would I find out that information?
The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all [URL] to the same IP as [URL]. when I generate a SSL self signed certificate for my server. Do I generate one for [URL] or [URL]?
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
am trying to upload packages o a PPA (packages that contain custom "sources.list"s designed to make upgrades or downgrades between Ubuntu releases easier) and, even after going through all that work to manually generate a key and sign them with gpg, dput still rejects them as "not signed".
I'm trying to create an SSL certificate and answer the questions inside a bash script. The command used to create the SSL certificate
Code: openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem The first question asked is. Country Name (2 letter code) [AU]:
I have folder inside /usr folder /usr/mywork and I want to make user account can only access and modifies files in it and this user can not modifie files out of thus maybe by using rssh or sftp
I'm running succesfully Debian 6.0 after first trying Debian 5.0 and ran into missing partitions. This is solved by using Debian 6.0 (Beta 2).
Now it's NVidia's turn: Under Ubuntu (yes...i know it by now...) you had to install a proprietary driver for NVidia to ensure that 3D was supported. What about Debian? There's nothing like this under Debian? How do i know if 3D is supported?
This is my first day with Debian, I have used other distros, and am a long time linux user. My HP D 1600 series is recognized, but when I try to print a test msg. it says sent, but the printer remains idle. I have tried everything I know. When I run the trouble shooter I get this. /// /usr/lib/cups/backend/hp failed////
In the past when having a printer problem I have installed HPLIP-gui and removed the printer then re-installed it. That has not worked and I cannot even remove the printer.
I have a problem with my Debian squeeze system. After I have run some CPU-intensive application for a while the system becomes sluggish. Ok, maybe one would expect that. But. The system remains sluggish even after that process has been killed and then top shows high cpu usage from unrelated processes and a high %sy percentage as well. I don't really know where to begin solving this problem except I've checked that this is specifically related to (at least) CPU use as opposed to heavy memory use or IO (by running an application with low mem/no io but high cpu use). I am running the latest standard kernel from squeeze, 2.6.32-5-686. Also, thing is, I remember having similar problems with other Linux distros before, where for example gzipping a large file would cause the same. I did not have similar problems on {Net,Open}BSD, so a hardware fault seems an unlikely reason to me.
I'm having a problem with krusader. When I open and close it, it remains with a sleep status. This can be verified by the system monitor and by the "ps aux". The krusader only go away if I use killall. This is occurring in more than one machine. I'm using squeeze gnome 64 bits.
So I'm pretty awful at keeping Debian up to date, I guess. I'm using cron-apt to fetch updates every night, then apply them whenever I get around to it. Well, I neglected that last part for a month or two, and after some routine downtime to clear the case of dust, I decided it was time to upgrade. So I ran the command, everything checked out fine, and I was on my merry way. Until a half-hour ago when I accidentally shutdown the computer (I use the same zsh prompt on each computer, so I got them confused.) I turned it back on, only to be greeted with a black screen after all the services started up.
Everything works: ircd, MPD, etc. EXCEPT, of course, X. At first I thought the update broke SLIM, but after checking htop and doing a killall slim, it doesn't appear to be running (the screen remains black.) I hit Control-Alt-f2 to get to get back to a terminal, then tried doing startx, which freezes the computer entirely. All the network services stop, I can't SSH in, etc. It's dead. If I'm not mistaken, Xorg.0.log should say something, but I'm not a huge expert on it. The last line isn't an error, I can tell you that. So what's the deal here? apt-get remove xorg and start over?
I recently came to Debian. As I have an ati card, I tried the proprietary drivers first, but then came back to radeon (open-source). In the process, I think I may have broke my xorg.conf . Sometimes, when the monitor goes into sleep mode, when I came back, the screen remains black (sometimes I see just the cursor).
Here is my xorg.conf # NOXORGCONFEXISTED: No X.org configuration file existed when this backup was created.
Also, I have lots of backups in my X11 folder, like xorg.conf.fglrx-3, xorg.conf.original-1, or backup.xorg.conf. Is it safe to remove them? What should I do about the main xorg.conf?
I installed Debian 8.1 with iceweasel 38.2.1esr-1~deb8u1
Whenever I want to open a youtube fragment I do hear the sound but the screen just remains green. I already googled the issue but found no solution that works.
I was planning on using my VPS to grant some of my friends shells. The problem though is that I don't want them doing crazy stuff on it, like using up all my RAM or disk space. I would like to limit them to a very small 25 mb disk space, and allow them only certain application in /usr/bin like python perl irssi screen etc. I do NOT want them to be able to cd out of their home directory. I really want this to be setup like the shell provider SHellium. I can setup the FTP and SSH stuff myself.
I'm having some problems with banshee that started about 6 months ago. Banshee remains idle and does not play any type of music file. I've tried installing and selectively installing Gstreamer codecs with no success. I'm running stretch.
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
after a successful installation of the latest debian testing amd64 kde CD-1 iso, the monitor shuts off about 2 seconds after passing the grub2 menu while computer remains powered.
I remember installing basket notes in ubuntu and it's in kde4 I tried installing it in 11.4 64bit and it's in kde3. Is there a way to install it dressed up in kde4?
I've been using BasKet Notepad for about two years now on a Dellbuntu Mini-9. I just installed Mint8 Xfce and finished installing all my preferred apps this morning, including Basket. Unfortunately, when I tried to import my archive from the old system (saved on a thumb), it fails to recognize it as an archive file. At first I thought it might be linked ot its apparent inability to recognize the thumb drive, so I transferred the file to the SSD, extracted it, etc. All the files are there, it seems, but the individual baskets are all saved as .html files. There doesn't seem to be any "archive" as such that I can import.
Now the weird thing is that I've imported the archive before, back into Basket on the dellbuntu version of 8.04, without any problem. What gives? This is my research. For my dissertation. While I'm heartened that it still exists, I am more than a little annoyed at the notion that I might have to cut and paste every damn basket into the system (which I've already done once when I tried to put the notes on my home desktop XP system. I am returning to the field in five weeks and really want these things accessible. Is there any help for this?
I use WLM (And yes, I realise odds are this is a problem on microsofts side) and almost every time claws mail connects WLM returns a new certificate. Valid, but I have to constantly accept or deny the certificate. Why is WLM pumping out fresh certs all the time and how can I fix this?
Whenever this pops up whatever I have at the moment shows "Signature status: No certificate issuer found" and the other shows "Signature status: Correct".
I've discovered BasKet, and love it. However, I don't use KDE, and installing it on something else (CrunchBang in my case, which is Ubuntu-based) can mean a huge number of dependencies. (e.g. 28 MB just for kde-icons-oxygen, an icon theme). I don't know if most of them are actually needed though - relatively few "k..." programs are actually showing in the task manager when I run basket: kded, kdeinit, kio_file, klauncher, and knotify.
I had to do a hard shut down on my linux computer. Every since then it is not working properly and I get an invalid certificate on every page.I have never upgraded Debian since I installed it two years ago. With my experience with Gentoo I have found that upgrades can be a problem and it worked fine so I never messed with it.
Is it possible to provide encryption over HTTPS without a certificate?
I can't afford a certificate from a CA, but I do want to provide encryption with my website... without a self-signed certificate because I hate that screen popping up on the clients computer on first visits.
I need to renew my SSL cert for my Mahara site and I follow the instructions below. But after I finish answering all the questions for the csr, I'm supposed to copy a portion of the cert into a web form. However I can't seem to find the server.csr so I can do this. Were this file goes?
Here is a step-by-step description:
Make sure OpenSSL is installed and in your PATH.
Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 1024
Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:
$ openssl rsa -noout -text -in server.key
If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here. You can see the details of this CSR by using:
I install debian, I when I restart apache2, I got this error
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Feb 26 11:53:45 2015] [warn] RSA server certificate CommonName (CN) `Ismo' does NOT match server name!?
How can I modify the commonName of the RSA server certificate?
I've been using VSFTPD for years but i can't seem to get over this particular issue. I'm unable to make VSFTPD 3.0.2 work with a legit STARTSSL TLS cert on Debian 8.1 kernel 3.16.0-4-amd64.
500 OOPS: SSL: cannot load RSA certificate.
Openssl 1.0.1k correctly verifies the .PEM file containing both my domain's cert and the intermediate CA one. I've tried adding the private key to the .PEM file and also using it as a separate .key file. Also tried mixing my cert with the intermediate CA one and the private key... to no avail.
Every file is inside /etc where all the conf files reside (also the user specific conf files). File permissions for the .pem and key files are 600.
I'm successfully using the same certificate for NGINX.
Having tried different approaches to install (and run!) a webserver certificate from StartSSL on an Apache2 webserver, I had no success at all since three days. There are many web pages out there in the internet, each is naming it other ways, i.e. one speaks from server./etc/ssl/certs/server.pem, another name it /etc/ssl/private/server.key etc. etc.
Is there a common-sense description how to name a private key, how to name the public key, and just important again, where to place them and what what rights they must have to protect them? And, still important, which config file to adopt (default-ssl, or default-ssl.conf).
By the way, I implemented already the certificates in an other environments, and they are all working (tested with the ssl checker [URL] .....).
How to find a common-sense web page for Apache2 on Debian 8.1?
I've been trying to get an ECDSA certificate to work for my postfix installation, however, it seems that when I try to use the aECDSA protocol with a client the server gives "no shared cipher" errors.
I use Debian Squeeze and I would like to ask if someone knows a program to take a screenshot of a selected area of my screen. I already know imageshack and scrot, but they don't do what I need because I need to know previously coordinates and the dimension of the selected area. I need a program that I could select a rectangle with my mouse to take a screenshot of that part.I don't know if I'm clear what I'm trying to say is that I need something like this google-chrome plugin[URL]