Convert .p12 bundle to server certificate and key files

Seperate Private Key and Certificate file

#Generate certificates bundle file

openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem

#Generate server key file.

openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Create a .pfx/.p12 certificate file using OpenSSL

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt



Configure iSCSI Initiator (client) in CentOS / RHEL 6

To use RHEL/CentOS 6 system as an iSCSI initiator or client, you must have iscsi-initiator-utils package installed. You can verify that this is installed on your system using the rpm command, as shown in the following example:

$ rpm -qa | grep iscsi-initiator-utils

Install the package if its not already available on your system using yum.

# yum install iscsi-initiator-utils

Start the iscsi demaon and use chkconfig to enable it to start after reboot as well.

# service iscsi start
# chkconfig iscsi on

Once you have installed the required package and started the service you can start discovering the available targets. To Obtain a listing of available targets from a given host (please note that ipaddress listed below must be replaced with the resolvable hostname or IP address of the system providing the port if different than default):

# iscsiadm -m discovery -t st -p,1

Continue reading “Configure iSCSI Initiator (client) in CentOS / RHEL 6” »


Add Multipath and connect to XFS system

Device Mapper Multipathing (DM-Multipath) is a native multipathing in Linux, Device Mapper Multipathing (DM-Multipath) can be used for Redundancy and to Improve the Performance. It aggregates or combines the multiple I/O paths between Servers and Storage, so it creates a single device at the OS Level.

For example, Lets say a server with two HBA card attached to a storage controller with single ports on each HBA cards. One lun assigned to the single server via two wwn number of both cards. So OS detects two devices: /dev/sdb and /dev/sdc. Once we installed the Device Mapper Multipathing. DM-Multipath creates a single device with a unique WWID that reroutes I/O to those four underlying devices according to the multipath configuration. So when there is a failure with any of this I/O paths, Data can be accessible using the available I/O Path.

Install the  Device Mapper Multipath package.

Verify the device-mapper-multipath package has been installed or not.

[root@linux1 ~]# rpm -q device-mapper-multipath

If it is not installed, Install the Device Mapper Multipath package using yum to avoid dependencies issue. if yum is not configured, please refer the link Yum Configuration on Linux.

[root@linux1 ~]# yum -y install device-mapper-multipath

Basic Configuration of Linux Device Mapper Multipathing

Configuration file is /etc/multipath.conf file, take a backup of it. Edit the configuration file to ensure you have the following entries uncommented out. Continue reading “Add Multipath and connect to XFS system” »


Ubuntu repo upgrade from an old unsupported release

If you want to continue using an outdated release then edit /etc/apt/sources.list and change and to

You can do this with sed:

sudo sed -i -re 's/([a-z]{2}\.)?|' /etc/apt/sources.list

then update with:

sudo apt-get update && sudo apt-get dist-upgrade

Sometimes, it might be faster to create backups of your system and reinstall using supported release instead.


Stateful Load Balancer with iptables and NAT

Allow IP forwarding

(Note: if your testing this on the same box your doing this on it won’t work, you need at least 3 machines to test this out, virtual ones work nicely)

First we enable ipv4 forwarding or this will not work:

# echo "1" > /proc/sys/net/ipv4/ip_forward


# sysctl net.ipv4.ip_forward=1

next we add a filter that changes the packets destination ip and allows us to masquerade:

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination
# iptables -t nat -A POSTROUTING -j MASQUERADE

The above filter gets added to iptables PREROUTING chain. The packets first go through the filters in the PREROUTING chain before iptables decides where they go. The above filter says all packets input into eth0 that use tcp protocol and have a destination port 80 will have their destination address changed to port 80. The DNAT target in this case is responsible for changing the packets Destination IP address. Variations of this might include mapping to a different port on the same machine or perhaps to another interface all together, that is how one could implement a simple stateful vlan (in theory). Continue reading “Stateful Load Balancer with iptables and NAT” »


Assign range of IP addresses to an interface

For example, you need to assign the IP range – to your eth0 interface.

Create a range file in /etc/sysconfig/network-scripts/ifcfg-eth0-range0 as below


CLONENUM_START is the number that will be assigned to the first IP alias interface (eth0:1 in this example).

If you need to add more ranges of IPs then just use a different file for eg. ifcfg-eth0-range1, for each one of the ranges. Make sure CLONENUM_START does not overwrite other aliases.

Once you have configured the range/s of IPs you just need to restart the network service in order to activate it


Install CakePHP 3 On Ubuntu 16.04

This guide assumes you’ve set up a Ubuntu 14.04 server and have MYSQL up and running. This guide uses the “PHPMyAdmin” from the “One Click Apps” available on Digital Ocean running on a vps running Ubuntu 16.04. The smallest memory (512mb) should be enough to get you up and running.

If you don’t have a Digital Ocean account (you should, they’re a great service) get one here.

Step 1: Update Package Manager

ssh root@YOUR-IP

Note: If this is the first time you’ve logged into your vps, you will be asked to change the password from the one emailed to you when you created your vps. This is fairly self explanatory, simply follow the prompts.

Update your package manager:

sudo apt-get update

Step 2: Install Some PHP Modules

We need to install a few PHP modules that CakePHP uses. Namely the curl, zip, intl and sqlite modules. Continue reading “Install CakePHP 3 On Ubuntu 16.04” »


Converting OVA for use with KVM / QCOW2

The OVA file is nothing more than a TAR archive, containing the .OVF and .VMDK files. Easy!

Using Evergreen ILS for example:

~ $ file Evergreen_trunk_Squeeze.ova

Evergreen_trunk_Squeeze.ova: POSIX tar archive (GNU). I’ts possible to use the tar command to list the contents

~ $ tar -tf Evergreen_trunk_Squeeze.ova 

Simply extract those things…

~ $ tar -xvf Evergreen_trunk_Squeeze.ova

Continue reading “Converting OVA for use with KVM / QCOW2” »


Installing Smokeping on Ubuntu 14.04 LTS

Installing Smokeping on Ubuntu used to be a total breeze. Since 14.04 however, it’s been a bit of a mission.

This guide assumes a fresh out of the box Ubuntu install. I’m using the 64bit Server variety, but this should work on any 14.04 system.

UPDATE – It also works perfectly on Ubuntu 16.04 LTS Server :~)

Step 1: install smokeping (and you’re done).

sudo apt-get install smokeping -y

Step 2:  normally, you’d be done by now.. But things have changed.

sudo nano /etc/smokeping/config.d/pathnames

You’re going to want to go into the pathnames file and comment out the line about mail. Setting up mail to work with smokeping is outside the scope of this post. Because I’m lazy.

Do this:

#sendmail = /usr/sbin/sendmail

Then hit CTRL-O, Enter, CTRL-X. That’s how you save a file in Nano, I won’t stick that bit in again. Continue reading “Installing Smokeping on Ubuntu 14.04 LTS” »


Install Rocket Chat on Centos 7with Jitsi Video Conferencing

Add the epel repository and update everything.

yum -y install epel-release nano && yum -y update

Populate the yum repo with the mongodb-org repository

nano /etc/yum.repos.d/mongodb-org.repo

Paste this into the new file:

name=MongoDB Repository

To write and save do:


Now we need to install our dependencies from yum:

yum install -y nodejs curl GraphicsMagick npm mongodb-org-server mongodb-org gcc-c++

Now that we have Node.js and npm installed, we need to install a few more dependencies:

npm install -g inherits n

The recommended Node.js version for using Rocket.Chat is 8.9.3. Using n we are going to install that version:

n 8.9.3

Installing Rocket.Chat

Now we download and install Rocket.Chat

cd /opt
curl -L -o
tar zxvf
mv bundle Rocket.Chat
cd Rocket.Chat/programs/server
npm install
cd ../..

You can set PORT, ROOT_URL and MONGO_URL: Continue reading “Install Rocket Chat on Centos 7with Jitsi Video Conferencing” »


Reset CentOS Root Lost or Forgotten Password

In the event your Linux box experiences disk or file system issues you may receive a “Give root password for maintenance” prompt upon reboot. If you have your root password you can login but in the event your using ‘slide’ or ‘sudo’ for wheel access or you’ve just mis-placed your root password – you’ll need to reset it.

To reset your root password:

  1. When the GRUB loader shows during boot press the spare bar to pause boot.
  2. Select your boot kernel.
  3. Type ‘e’ to edit the default kernel line.
  4. Type ‘e’ again on the line that starts with ‘kernel’.
  5. Add ‘init=/bin/bash’ to the end of the ‘kernel’ line then press enter.
  6. Type ‘b’ to boot the modified kernel parameters.
  7. Once you’re at the /bin/bash prompt you will need to remount the root file system as read/write in order to edit the passwd file:
    # mount -o remount,rw /
  8. Change your root password:
    # passwd root
  9. Remount the filesystem back to read only:
    # mount -o remount,ro /
  10. Reboot your server using CTR-ALT-DELETE.
  11. You will now be able to login with your new root password and carry out the maintenance.