Avatar
The mod_gzip and mod_deflate modules both add file compression features to Apache. When enabled and configured, text-based files and script output is automatically compressed before it is sent to the visitor’s browser. While the effort to compress a file slows down the web server, this slow down is easily offset by the time saved to send the much smaller compressed file. This is particularly true when the server or the site visitor have a slow network connection.
[ view entry ] ( 1623 views ) | print article
//Generate server key
openssl genrsa -out server.key 1024
//Create a Certificate Signing Request
openssl req -new -key server.key -out server.csr
//Sign your own certificate (for development purposes)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
//Install your certificate. Add in httpd.conf :
SSLCertificateFile "/webserver/ssl_certs/server.crt"
SSLCertificateKeyFile "/webserver/ssl_certs/server.key"
//Finally, configure a virtual-host with a document root and port 443 (httpd.conf)
:)
### Update 4-27-2018 ###
# looks like you can generate server.key and server.csr using only one command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
#Also, it looks like wee can create a self-signed key and certificate pair with OpenSSL in a single command:
(Tested on 11/15/2023 !)
[admin@PHP8 ~]$ openssl req --x509 --nodes --days 3650 --newkey rsa:2048 --keyout nginx-selfsigned.key --out nginx-selfsigned.crt
...
[admin@PHP8 ~]$ ls -ltrh nginx-selfsigned.*
-rw-------. 1 entadmin entadmin 1.7K Nov 15 18:47 nginx-selfsigned.key
-rw-rw-r--. 1 entadmin entadmin 1.5K Nov 15 18:48 nginx-selfsigned.crt
# From Comodo.com, To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command (creates two files) :
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
# Also from Comodo.com,Alternatively one may issue the following command to generate a CSR:
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr -subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"
# Note: If the "-nodes" is entered the key will not be encrypted with a DES pass phrase.
# 5-14-2018 - Verifying that a private key matches its Certificate
[aesteban@localhost TLS-TESTS]$ openssl x509 -noout -modulus -in nginx-selfsigned.crt | openssl md5
(stdin)= 79fc2ac98ed18c376acea99debf42086
[aesteban@localhost TLS-TESTS]$ openssl rsa -noout -modulus -in nginx-selfsigned.key | openssl md5
(stdin)= 79fc2ac98ed18c376acea99debf42086
[aesteban@localhost TLS-TESTS]$
6-15-2018 Documenting the following:
# user curl's resolve to test endpoints that are behind a CDN or loadbalancer. IPADDRESS represents the endpoint (app server) ip address.
[aesteban@localhost ~]$ curl -v https://api.example.com --resolve "api.example.com:443:IPADDRESS"
8-9-2019 - extracting expiration date from certificate
[aesteban@localhost ~]$ openssl x509 -enddate -noout -in Documents/ansible/files/star.angelcool.com.crt
notAfter=Jul 9 23:25:42 2019 GMT
[aesteban@localhost ~]$
[aesteban@localhost ~]$
[ view entry ] ( 1594 views ) | print article
# This will pop-up a user/password dialog box saying Realm =
AuthName "Restricted Area"
# AuthType is normally basic. Not very secure until "Digest" type becomes prevalent
AuthType basic
# If value of AuthUserFile doesn't begin with a slash, it is treated as
# relative to the ServerRoot (not DocumentRoot!)
AuthUserFile "/userhome/blahBlah/.htpasswd"
AuthGroupFile "/userhome/blahBlah/.htgroup"
#Custom icons
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/text.gif .txt
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# If no file type matches..
DefaultIcon /icons/unknown.gif
...more to come.
[ view entry ] ( 1725 views ) | print article
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |