Convert .p12 bundle to server certificate and key files

Seperate Private Key and Certificate file

#Generate certificates bundle file

openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem

#Generate server key file.

openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Create a .pfx/.p12 certificate file using OpenSSL

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt



Increasing Attachment Size in Posfix

Postfix by default restrict attachment size to approx 10MB i.e. 10240000 bytes.

You can check it using following command:

postconf | grep message_size_limit

To change attachment-size to say 50 MB, run a command like:

postconf -e message_size_limit=52428800

If you are running a mail-server with SMTP/IMAP access, you need to change postfix attachment size only. I spent half-hour debugging dovecot to increase attachment size, just to realize that above change in postfix config was all I needed!


Install Poppassd in CentOS 7

Steps for configuration change password plugin for squirrelmail/Horde/Rainloop using poppassd are:

Download poppassd.c from

Look at poppassd.c and make sure it looks safe

yum -y install gcc
gcc poppassd.c -o poppassd -lcrypt
mv poppassd /usr/local/bin/
yum -y install xinetd
cp /etc/xinetd.d/time-stream /etc/xinetd.d/poppassd

nano /etc/xinetd.d/poppassdUpdate “service time” to “service poppassd”

disable = no
id = poppasswd
user = root
group = root
server = /usr/local/bin/poppassd
port = 106
systemctl restart xinetd
systemctl enable xinetd

Test by doing “telnet localhost 106” that service is started properly or not.

Your poppassd is now installed on Centos 7 system.



DNS Slave Using Virtualmin

DNS Slave Auto-Configuration Quickstart

A quick guide to assist administrators who want to use Virtualmin’s automatic DNS slave configuration features. This allows for DNS server redundancy.


Virtualmin can automatically manage any number of DNS slave servers for you. Once configured, it will create slave zones on other servers and configure them to automatically update when changes are made on your Virtualmin server. For this to work, you need Virtualmin on your primary server and Webmin (a free download) on your slave server(s). Henceforth, all references will refer to the primary server as the “Virtualmin server” and the DNS slave server as the “slave server”.

Getting Webmin for the Slave

If you don’t have Virtualmin installed on your slave server(s), you’ll need to install Webmin. Webmin is available for nearly every UNIX and Linux variant available, and is free to download and use. Continue reading “DNS Slave Using Virtualmin” »


Force reboot of a remote Linux machine

To force the kernel to reboot the system we will be making use of the magic SysRq key.

The magic_SysRq_key provides a means to send low level instructions directly to the kernel via the /proc virtual file system.

To enable the use of  the magic SysRq option type the following at the command prompt:

echo 1 > /proc/sys/kernel/sysrq

Then to reboot the machine simply enter the following:

echo b > /proc/sysrq-trigger

Voilà! Your system will instantly reboot.


Add a Static Route on CentOS

To add a temporary route:

ip route add via dev eth0

To make it persist system or network settings restart, create a route-ifname file for an interface through which the subnet is accessed, in this case eth0:

nano /etc/sysconfig/network-scripts/route-eth0

Add the line with the network settings for the other subnet: via dev eth0

If your computer is on a network and is not directly connected to the internet, it will be configured with what is called a default gateway, which is usually a router. If the computer cannot find the specific IP address on its local network (aka broadcast domain), as defined by its subnet, it will forward any packets headed to that IP address to the default gateway. The gateway will then attempt to forward packets elsewhere, such as the internet, or another broadcast domain Continue reading “Add a Static Route on CentOS” »


Set Hostname in Centos 7

CentOS 7 only allows Fully Qualified Domain Names (FQDN’s). Acceptable values include lower-case letters a to z, numbers 0 to 9, the period, and the hyphen, and between 2 and 63 characters.

At the console, type:

hostnamectl set-hostname

NOTE: Replace with your chosen hostname.

Check the Hostname


SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Do a quick search under the usual jetty folders:

find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30

If you find files like:


you’re actually hacked.

Unlike the previous “zmcat” and “dblaunchs” that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don’t know why. 
The attack vector is the same, but, there are no strange processes, there is no persistence. Continue reading “SOLVED Zimbra 8.6 HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp” »


SOLVED Debian Wheezy Letsencrypt error /opt/ No module named pip.__main__; ‘pip’ is a package and cannot be directly executed

My case and solution:

Debian 7.11 wheezy
python-pip NOT installed

My steps:

#ln -fs /usr/lib/python2.7/plat-x86_64-linux-gnu/ /usr/lib/python2.7/
#chmod +x ./certbot-auto
#certbot-auto renew --no-self-upgrade

it download some files and works fine.