Convert .p12 bundle to server certificate and key files

Seperate Private Key and Certificate file

#Generate certificates bundle file

openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem

#Generate server key file.

openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Create a .pfx/.p12 certificate file using OpenSSL

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Src: https://www.sslshopper.com/article-most-common-openssl-commands.html

Share

Install MySQL 5.7 on CentOS 7

Preqrequsite:

It’s better to have installed development tools and disable NetworkManager for a produciton envrionment. You can optionally follow the steps-

Disabling NetworkManager:

systemctl stop NetworkManager
systemctl disable NetworkManager

Install Development Tools:

yum group install "Development Tools"

Remove MariaDB pre-installed libraries-

yum -y remove mariadb-libs

Enable MySQL Repository

First of all, You need to enable MySQL 5.7 community release yum repository on your system. The rpm packages for yum repository configuration are available on MySQL’s official website.

First of all, import the latest MySQL GPG key to your system.

sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Now, use one of the below commands to configure the Yum repository as per your operating system version. Continue reading “Install MySQL 5.7 on CentOS 7” »

Share

Postfix SMTP Rotating IP using IPTables

I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections.

First we need creating Interface aliases for those 5 public IPs.

In my system, using centos:

# cd /etc/sysconfig/network-scripts/
# cp ifcfg-eth0 ifcfg-eth0:1
Edit ifcfg-eth0:1
# vi ifcfg-eth0\:1
DEVICE=eth0 <-- default device
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=202.XXX.XX.2 <-- default eth0 IP address
PREFIX=24
GATEWAY=202.XXX.XX.1
DNS1=202.XXX.XX.XX

Change DEVICE and IPADDR parameters Continue reading “Postfix SMTP Rotating IP using IPTables” »

Share

vestacp open: /etc/named.conf: permission denied

This was the error I was getting after a doing a little change in the named.conf in my newly installed vesta control panel. While restarting the named, I was getting this error-

[root@vesta2 ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2022-08-01 14:37:25 +06; 6s ago
Process: 3478 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
Process: 3475 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: found 2 CPUs, using 2 worker threads
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: using 1 UDP listener per interface
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: using up to 21000 sockets
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: loading configuration from '/etc/named.conf'
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: open: /etc/named.conf: permission denied
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: loading configuration: permission denied
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: named.service: control process exited, code=exited status=1
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: Unit named.service entered failed state.
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: named.service failed.

Solution:

Step-1: Execute the following command-

restorecon -RFv /etc/named.conf

Step-2: Setting permission-

chmod 644 /etc/named.conf
Share

Observium Installer Script on Ubuntu 20.04 or Debian 11

Automated Installation

Observium has an automated install script for use on Ubuntu and Debian systems. Using the automated installation script is as easy as downloading it, running it and answering a few simple questions, start with:

wget http://www.observium.org/observium_installscript.sh
chmod +x observium_installscript.sh
./observium_installscript.sh

You may need to install wget on bare installations

apt install wget

For manual installation you may read the link below-

https://docs.observium.org/install_debian/#manual-installation

Share

Reset Administrator’s password in Windows Server 2008 / R2

Step by step to reset Windows 2008 or Windows 2008 R2 edition from console:

  1. Insert DVD to server and restart Boot to DVD
  2. Select Repair your computer – Choose ‘Use recovery tools that …’ : Choose ‘Windows Server 2008 R2’
  3. Command Prompt, type : + X:\Sources; type C: + C:\Dir # Check folders
  4. C:\cd Windows + C:\Windows\cd System32
  5. C:\Windows\System32\ ren utilman.exe utilman.exe.old
  6. C:\Windows\System32\ copy cmd.exe utilman.exe
  7. C:\Windows\System32\ Shutdown -r -t 0
  8. Click ‘Ease of access’ after the GUI boot is completed
  9. C:\Windows\System32\ net user Administrator abc@123 # Set new password is abc@123
  10. Logon using new password

You’re done.

Share

Windows IP settings from old Windows network adapters after card replacement

After replacing an old motherboard with a new one, the NIC is different, has a new MAC address and generally needs a new TCP/IP configuration. However the old NIC is still somewhere there with its designated IP address and the rest.

Question: is it possible to retrieve those settings (most important is the static IP address) for an old network card that is no longer present in the system?

Solution:

  1. Open run and type regedit
  2. Browse- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

You’ll find your card and their configuration settings.

Share

Build PPPoE server using PfSense

Before building a PPoE system, it is estimated to assume that we’re building it on the following principal and prerequisite conditions-

  1. It’ll be a NAT PPPoE router
  2. At least 2 Interface we’ll be needing- 1 for WAN/Internet/Uplink and the other for LAN/PPoE user.
  3. A reserved LAN IP for PPPoE server itself (other than the LAN IP)
  4. Disable DHCP service if it’s running
  5. Prefereably disable DNS Resolver and enable DNS forwarder
  6. As of this pfsense/Netgate tutorial is being written the version is 2.6
  7. A

For easy understanding here goes my mockup instace WAN and LAN IP-

  1. WAN IP- 114.130.95.196/27, 114.130.95.193
  2. LAN IP- 192.168.1.1/24
  3. PPoE Reserved IP- 172.16.16.1
  4. DNS- 8.8.8.8
  5. LAN port is connected to the LAN switch or alternativey you can connect it to your PC
  6. Assuming you have an operting pfsense using static IP endpoint and you can use internet using static gateway configuration.

So here goes the steps-

Step 1: Create and Configure PPPoE Server:

  1. Go to services > PPoE Server section and click on ADD
  2. On the PPPoE Server Configuration page do the followings-

Continue reading “Build PPPoE server using PfSense” »

Share

Enabling Ping requests to OCI Instance

If you want to test with Ping requests you’ll need to modify the Ingress rules on the security list associated with the VCN, Subnet, network device, thing, what ever, to allow ICMP packets. Allowing ICMP traffic is not required, it’s an option. Please only take this option if you understand the possible impact. The following directions cover enabling ICMP requests for a subnet. Continue reading “Enabling Ping requests to OCI Instance” »

Share

Generating an SSH Key Pair on Windows Using the PuTTYgen and use it on OCI with machine instance

The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.
To generate an SSH key pair on Windows using the PuTTYgen program:

  1. Download and install PuTTY or PuTTYgen.To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.
  2. Run the PuTTYgen program.The PuTTY Key Generator window is displayed.
  3. Set the Type of key to generate option to SSH-2 RSA.
  4. In the Number of bits in a generated key box, enter 2048.
  5. Click Generate to generate a public/private key pair.As the key is being generated, move the mouse around the blank area as directed. (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.
  6. Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of .ppk (PuTTY private key). Note: The .ppk file extension indicates that the private key is in PuTTY’s proprietary format. You must use a key of this format when using PuTTY as your SSH client. It cannot be used with other SSH client tools. Refer to the PuTTY documentation to convert a private key in this format to a different format.
  7. Select all of the characters in the Public key for pasting into OpenSSH authorized_keys file box.Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren’t seeing all the characters.


    Example-

    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA0Bp2Pf+u2KfbackWAjOYbtT1Ub8oLhWFrAShUqXk5QjDZI2K/p8y/9sY3S9bNJThWvdFFsY7EjQZmiEL1vlj+/AaZ3/Ht3/WHR9R6zOeEr3nDxoN13jVZH9QU0a7028xf2R35Y4a3CI3TOCUPnvJN2B38rZ9Ruz/HMjOrEit7PhKSJ2OD2xdqVHI3lDXQ75aO1r79kC3lYL7PD+R0zHjtj0ugwbd97SUB02T85yjeJelBfHFni62vC+MF9bo0h0ZMKqP1PYKhxkgYTv+vK+ZxNoLgNOeTDf8HDvkHBuSTnuJL5tF8VEakIJ2uK9ht8uSKtQcNcrmtTmYlIcCI6THOw== rsa-key-20220629
  8. Right-click somewhere in the selected text and select Copy from the menu.
  9. Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.
  10. Save the text file in the same folder where you saved the private key, using the .pub extension to indicate that the file contains a public key.
    1. If you or others are going to use an SSH client that requires the OpenSSH format for private keys (such as the ssh utility on Linux), export the private key:On the Conversions menu, choose Export OpenSSH key.
    2. Save the private key in OpenSSH format in the same folder where you saved the private key in .ppk format, using an extension such as .openssh to indicate the file’s content.
Share