Ubuntu Servers :: Installing Ssl Cert On Portal Server Behind Security Router
May 27, 2010
I've setup OpenVPN-ALS (formerly known as Adito) on Ubuntu Server 10.04 edition. I have a security router (Untangle) in front of my internal network. I have a domain name and an SSL Certificate setup on our security router. I can access our web interface on our security router with no problems.
I've setup a portforward rule on our router to access this OpenVPN-ALS portal and I can access it, but I get an invalid certificate message. So I've bought another SSL certificate to install our our Portal, but I'm getting an error message when I enter in our information at the provider where I've bought the certificate.
Common Name does not contain fully qualified domain name. I'm not sure what the problem is. Do I use the hostname I've setup on the portal or do I use the hostname on my security router when I setup the SSL certificate on our portal?
View 5 Replies
ADVERTISEMENT
Aug 9, 2011
I'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
View 6 Replies
View Related
May 4, 2010
I have a Godaddy UCC (Multiple domain) certificate for the following domains:
example.com
upload1-example.com
upload2-example.com
The rsa was generated from example.com server using example.com as CN Common name.
GoDaddy's website adds the extra names to a CSR you provide, does the checks and grants the cert.
My problem is that whilst the certificate works fine on the server example.com (from which the csr was created), it comes up with two errors when restarting apache on remote servers.
1>> Certificate common name does not match server name
2>> SSL Library error - check private key:key missmatch.
I donn't understand how these keys could ever work as no reference to the private keys of the remote servers is ever used in creating the UCC certificate.
View 4 Replies
View Related
Jan 28, 2011
I'm trying to access a Verisign signed site [URL] and getting a certificate not known error when I do. Do I really need to import Verisign? If so, how?
View 6 Replies
View Related
Nov 9, 2010
We have multiple servers. WebSphere Portal is running on the servers. Node 1 portals are called WebSphere_Portal and node portals are called WebSphere_Portal_2. We want same script to start and stop portal in all environments.
I am getting following errror message
: No such file or directory1: !/bin/bash
'/WebPortalUptest.sh: line 24: syntax error near unexpected token `in
'/WebPortalUptest.sh: line 24: `case $host in
[Code]...
View 6 Replies
View Related
Aug 6, 2011
I am running a ubuntu server and want to host a web application (php/mysql based) however I dont want to use usernames and passwords for authentication. I'd like to use a client certificate. The military uses similar technology using the CAC card to provide the certificate for authentication.
not sure if this would be done using the apache modules or if php would be a better place to play with this
View 3 Replies
View Related
Feb 11, 2011
When I do a "openssl x509 -in server1.pem -issuer -noout" after I've supposedly signed it with the CA, the issuer is, for some reason, the DN string of server1. If server1 generated the CSR, and it is coming up as issued by server1, doesn't that indicate a self signed cert? How could the CA be producing a cert that has an issuer of another server? Am I just completely off base? Sorry, I'm a bit of a newb with the SSL pieces.
I hope this is the right place for this, but I'm having some difficulty using the java keytool and OpenSSL tool on a Solaris system.
I have a server (CA server) with OpenSSL installed that I would like to use as a Certificate Authority. The second server (server1) is a WebLogic server with JDK 1.6.0_21. I'm trying to configure it to use a certificate that has been signed by server1.
For some reason it keeps giving me this error when I try to import the signed SSL certificate: keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Am I doing something wrong in this whole process?
1) Generate the Private Key for the CA server
openssl genrsa -out CA.key -des 2048
2) Generate the CSR on the CA
openssl req -new -key CA.key -out CA.csr
3) Sign the new CSR so that it can be used as the root certificate openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 730 -req -in CA.csr -out CA.pem -extfile /usr/local/ssl/openssl.cnf
4) On server1, create Server Private Key KeyStore keytool -genkey -alias server1 -keysize 2048 -keyalg RSA keystore server1.jks -dname "CN=server1.domain.com,OU=Organization,O=Company,L=City,ST=State,C=US"
5) On server1, create a CSR from the recently created Private Key
keytool -certreq -alias server1 -sigalg SHA1WithRSA -keystore server1.jks -file server1.csr
6) Transfer the CSR over to the CA (server1) so that it can be signed openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 365 -req -in server1.csr -out server1.pem -extfile /usr/local/ssl/openssl.cnf
7) Transfer CA Public Cert to server1 and Import into keytool keytool -import -trustcacerts -alias CA_Public -file CA.pem -keystore server1.jks
8) Import recently signed CSR to app server keystore (This is where I receive the error) keytool -import -trustcacerts -alias server1 -file server1.pem -keystore server1.jks
View 1 Replies
View Related
Feb 8, 2010
I need to build a cert from an CRT file/
View 1 Replies
View Related
Sep 28, 2010
We have 14 portal servers in our environment. Test, Stg deliver and production are in the cluster. They have two nodes in cluster environment. i.e WebSphere_Portal & WebSphere_Portal_2. we have separate script in each portal server to start & stop portal server. Now we wanted to use same script for all servers to start. Here I come to the script:
[code]...
Can any one confirm the script?
View 9 Replies
View Related
Jun 22, 2010
Is it possible to somehow setup an ssh server that doesn't require a username,password or cert to login?I wish to provide shell access to a console program, which will prompt for a username and password.Encryption is essential though, and users must not be able to snoop in on each other
View 9 Replies
View Related
Jun 24, 2011
I've got an uber simple test mail script in php on my awesome new dev machine running Ubuntu:
PHP Code:
Unfortunately, something is preventing mail delivery. I can't tell from this error log whether it's the remote machine rejecting me or whether it's my machine rejecting the self-signed cert on the remote machine:
Code:
I'm wondering what I could change in my postfix configuration to remedy this problem.
I tried setting smtp_tls_security_level = may = may but this did not change anything.
View 10 Replies
View Related
May 8, 2011
I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?
View 3 Replies
View Related
Jun 20, 2011
I'm installing Liferay as a WAR on Tomcat 6 on a new Ubuntu server.I want my portal accessible only via HTTPS, that's why I've enabled it via Apache.My config :Apache 2 (/etc/apache2/sites-enabled/001-https)
Code:
<VirtualHost my.domain.com:443>
ServerAdmin admin@domain.com
[code]....
View 6 Replies
View Related
Jan 13, 2011
I'm getting my first server in a few weeks. I hear a lot about people using their server as a router. That sounds like an interesting prospect, as I think it would increase security and control, with all web traffic going through one central hub so to speak.If I do this, how do I handle wireless? Do I just hook my wireless router to my server, basically making the internet connection go through the server before it gets to the router?
View 8 Replies
View Related
Jun 19, 2011
Is anyone aware of an open-source equivalent to Box or Dropbox I can install on my server? Password protected logon, easy file upload and download and of course secure?
View 1 Replies
View Related
May 18, 2010
I'm having some problems setting up SSL certs.
Here's what I've done...
In the file ssl.conf I have (along with all the normal stuff):
Quote:
But, when I navigate to url], I get a 404 error (not found).
My SSL cert is with GoDaddy. I created the key and a csr file, for which GoDaddy supplied me with the files mydomain.com.crt and gd_bundle.crt. I placed all the files where they should be, and restarted Apache.
And... 404. No errors on Apache restart.
The cert still seems to be showing up as localhost.localdomain:
Quote:
When I go to [url], I'm told the cert is still a "self signed" cert (out of date, by the way).
The GoDaddy "help" on this (such that it is) is here: [url]
View 2 Replies
View Related
Apr 14, 2010
At work we are trying to avoid paying for a cert for our outlook owa. I thought of Tiny CA, but can't find a windows variant, it appears to depend on things that would not allow that.
Does anyone know if it is possible to create a Tiny CA Cert and install it on a Windows Server 2003? If not does anyone know of a good free Cert creation utility for Winedoze.
I have a feeling this is going to be another feather in the basket to convince my boss to go Ubunutu.
View 1 Replies
View Related
Jul 29, 2011
Im having problems turning my server into a gateway. I followed this guide- [URL]- and I cant get it to work.In my server I installed two new gigabit network cards, and I cant seem to be able to get it to work.
View 2 Replies
View Related
Jun 28, 2010
How to start jboss portal in command mode???
View 1 Replies
View Related
Mar 18, 2009
I have been happily running the (always latest) version of PolarCloud's Tomato software on my LinkSys WRT54G for about 2 years now. I am looking for a way to setup a Proxy Server on my Tomato-based router to use from a remote machine somewhere in the web cloud.The reason for wanting to set this up follows. I normally run Squid on a Ubuntu 8.04 box, which I use while I am away from my LAN at home to browse the net (I like to keep things between me and my ISP, as much as possible . I rely on my proxy server on a daily basis. The way it works is I SSH into my Ubuntu box, and forward squid ports. I then point my browser to the proxy on my box. For various reason, however, I would like to set it up so that I can also do this via my router. So, I would like to be able to ssh to my router (I can already do this), forward the proxy ports, and surf the nets happily via my router at home. I am happy to use existing solutions (if possible), such as privoxy or squid, and am also open to setting up a custom-based solution, as may be necessary.
View 1 Replies
View Related
Dec 9, 2010
I build a LAMP server behind a router. The current situation is:
1.I could access index.html of apache within the LAN.
2.I could access the vsftp outside of the LAN.
3.I could access the ssh outside of the LAN.
I have configured my router to do reflections(although I don't know it's correct or not.). I think the LAMP works good since I could use it inside the LAN. The configuration of the router is at least partly right because ssh and vsftp work fine(I test by browsing the ip:74.***.***.*** in the lan, not 192.168.1.8 --this also works. ).
I cannot access web service outside the LAN. And the error message is "Oops! Google Chrome could not connect to 74. Did I miss some configuration of router?Apache2?Ubuntu? I use the ubuntu server 2010.10 version.
View 3 Replies
View Related
Mar 16, 2010
In my nagios server, an htaccess file have been created for it so any time you want to open it, a window opens for you to enter user name and passwords. Now, what I want to do now is to integrate the nagios into a portal that is written in php so that when customers login to the portal, they can access the nagios with out it popping out the user and password windows. What is going to happen is, the password of nagios will be store in an orient database so the users when they try to access nagios true the portal, they will be login automatically.
View 1 Replies
View Related
Feb 20, 2011
I have an Actiontec GT724WGR and I am having problems with my Ubuntu server. I set up a subdomain on freedns.afraid.org with my main computer's external ip. However whenever I use the link that was made it goes to my router configuration page instead of onto my server. I have already set up a static ip for my server enabled DMZ hosting and under port forwarding applied every single rule that applied to servers.
View 2 Replies
View Related
Nov 17, 2010
I did a port scan on my server from outside my network and saw that port 10080 AMANDA is open.Amanda isn't installed on any of my computers or my server and the port is not forwarded by my modem or router. So why is this port open and how can I close it?
View 6 Replies
View Related
Mar 14, 2010
I just finished setting up my small server, however I realized that no one can connect to it from the outside. The reason being is that my router is assigning internal ip's and dyndns is linked to that. I need port 80 for the Apache server, but if I have the router forward that port to my particular ip, won't it screw with everyone else's internet too?
View 5 Replies
View Related
Jan 4, 2011
I am trying to install a ubuntu server to serve sites. More than one, so Ill use Apache VirtualHost.When installing ubuntu server ask me about installing DNS Server? do i need it?
View 6 Replies
View Related
Nov 11, 2010
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
View 5 Replies
View Related
Aug 14, 2010
I am thinking of moving the router behind a server and connecting the server directly to the internet via a modem. Are there any security issues related to doing this? or other things I should be aware of. Iptables are implemented on the server blocking access on unused ports.
View 2 Replies
View Related
Oct 11, 2010
I've just setup a new Ubuntu Server 10.10 serving SVN through Apache (HTTP, HTTPS).It seems all ports are open by default on this new server. Why is this? Do I need to lock it down with iptables, or is it secure as it is anyway (somehow)?
View 6 Replies
View Related
Jan 7, 2011
im trying to use this as an ssh server but i need to some how install drivers for my WMP600N V1.1 network card from linksys. so how would i go about this.
View 9 Replies
View Related
