Convert .p12 bundle to server certificate and key files

Seperate Private Key and Certificate file

#Generate certificates bundle file

openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem

#Generate server key file.

openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Create a .pfx/.p12 certificate file using OpenSSL

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Src: https://www.sslshopper.com/article-most-common-openssl-commands.html

Share

Perfect Proxmox Template with Cloud Image and Cloud Init

Instructions

Choose your Ubuntu Cloud Image. Here in this example will use ubuntu cloud-init image. Download Ubuntu (replace with the url of the one you chose from above)

wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img

Create a new virtual machine

qm create 8000 --memory 2048 --core 2 --name ubuntu-cloud --net0 virtio,bridge=vmbr0

Import the downloaded Ubuntu disk to local-lvm storage Continue reading “Perfect Proxmox Template with Cloud Image and Cloud Init” »

Share

pfSense firewall rules for WhatsApp

For simplicity, you can also follow the step by step instructions from your pfSense WebGUI below:

1. Create a PORT alias:

Firewall -> Aliases -> Ports -> + AddName: WhatsAppPortsTCP
Port: 443
-> + Add PortPort: 5222
Save (bottom) -> Apply Changes (top right)

2. Create a URL alias:

Firewall -> Aliases – URLs -> + AddName: WhatsAppIPv4_URL
Type: URL Table (IPs)
URL Table (IPs): https://adamnetworks.dev/pub/fwaliases/raw/master/ips/whatsapp.txt /(update frequency): 1
Save (bottom) -> Apply Changes (top right) Continue reading “pfSense firewall rules for WhatsApp” »

Share

Install Softether VPN Client on Linux

Download and Install SoftEther VPN Client

Download SoftEther VPN Client software from their official website (https://www.softether.org).

Navigate to Download — > Download SoftEther VPN

Click on Download SoftEther VPN link.

  • Select Component : SoftEther VPN Client
  • Select Platform : Linux
  • Select CPU : Select the appropriate CPU from the Drop down

  • Click on the appropriate downloading link based on the version of the software.
  • Extract the downloaded tar.gz file. Here after I will refer the extracted folder as <vpnclient>
  • Navigate to <vpnclient>folder and open a terminal.
  • Execute make command and accept all license agreements by entering the number relevant to “Yes”. execute make command

After the completion of make command process, start the vpn client using: Continue reading “Install Softether VPN Client on Linux” »

Share

OCI Architecture Diagram Toolkits

Oracle Cloud Infrastructure (OCI) Architecture Diagram Toolkit in three formats:

Use these assets to draw custom architecture diagrams for your OCI implementation. Each of these formats contains OCI service icons and templates where possible. Examples and guidance on how to create diagrams for your specific cloud deployment are in the PowerPoint file.

In addition, we have the following assets for you.

Share

Remove Old Unused Kernels in CentOS

To display the current version of Linux (kernel) running on your system, run this command.

# uname -sr
Linux 3.10.0-327.10.1.el7.x86_64

List All Installed Kernels on System

You can list all kernel images installed on your system like this.

# rpm -q kernel
kernel-3.10.0-229.el7.x86_64
kernel-3.10.0-229.14.1.el7.x86_64
kernel-3.10.0-327.3.1.el7.x86_64
kernel-3.10.0-327.10.1.el7.x86_64

Removing Old/Unused Kernels on CentOS/RHEL

You need to install yum-utils, which is an assortment of utilities that integrate with yum to make it more powerful and easier to use, by extending its original features in several different ways. Continue reading “Remove Old Unused Kernels in CentOS” »

Share

Zimbra Let’s Encrypt auto-renew SSL

Required for this script to work is certbot package installed on email server and sudo rights to add script in crontab. You can add script in crontab at a weekly run like this: 0 0 * * 0 root /path_to_script.

#!/bin/bash

#Set domain for renew (in format openthreat.ro)
DOMAIN=""

certbot certificates

EXPIRE_DAYS=`cat /var/log/letsencrypt/letsencrypt.log | grep VALID | cut -d\( -f2 | cut -d\) -f1 | awk '{print $2}'`

if [[ $EXPIRE_DAYS -lt 30 ]]; then

#Stop the jetty or nginx service at Zimbra level
runuser -l zimbra -c 'zmproxyctl stop'
runuser -l zimbra -c 'zmmailboxdctl stop'

#Renew SSL
certbot renew --standalone

#Copy new SSL to Zimbra SSL folder
cp /etc/letsencrypt/live/mail.$DOMAIN/* /opt/zimbra/ssl/letsencrypt/
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*

#Build the proper Intermediate CA plus Root CA
echo "-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----" >> /opt/zimbra/ssl/letsencrypt/chain.pem

#Backup Zimbra SSL directory
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")

#Copy the private key under Zimbra SSL path
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

#Final SSL deployment
runuser -l zimbra -c 'cd /opt/zimbra/ssl/letsencrypt/ && /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem'
runuser -l zimbra -c 'zmcontrol restart'

else
echo "Not expire, skipping!"
fi
Share

Setup Keepalived for VRRP instead of ucarp

I’ve the following setup:

network-0 – 192.168.2.11 (real)
network-1 – 192.168.2.12 (real)

I want to add “network” as 192.168.2.10 as the floating address.  I’ll need to do the following to both network-0 and network-1

  • Install keepalived
  • Configure keepalived
  • Start keepalived
  • Set keepalived to start at boot.

Continue reading “Setup Keepalived for VRRP instead of ucarp” »

Share