Convert .p12 bundle to server certificate and key files

Seperate Private Key and Certificate file

#Generate certificates bundle file

openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem

#Generate server key file.

openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Create a .pfx/.p12 certificate file using OpenSSL

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Src: https://www.sslshopper.com/article-most-common-openssl-commands.html

Share

Debian 7 wheezy – Certbot auto started failing with ’ No module named pip.__main__’

If you’re using Debian 7 a.k.a wheezy which is end of life at this moment and you were using Let’s Encrypt was your SSL, then you might need some backward compatibility to continue. A possible work around for me as below:

wget https://raw.githubusercontent.com/certbot/certbot/75499277be6699fd5a9b884837546391950a3ec9/certbot-auto
chmod +x ./certbot-auto
./certbot-auto --no-self-upgrade

For renewing an existing certificate you can use the following command instead:

./certbot-auto --no-self-upgrade
Share

Install cPanel on CentOS 7

cPanel is an online Linux-based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site or email.

Prerequisite:

  • Launch a CentOS 7 instance (Only install cPanel & WHM on a freshly-installed operating system).
  • Access the instance via SSH.
  • Run all the following commands from the shell/terminal (All commands need to be run as the root user).
  • You need to purchase your own cPanel license to use the control panel.

Instructions:

Step 1: Set a valid hostname (FQDN) for your system. Note: Replace “your-hostname.example.com” with a FQDN.

hostname <your-hostname.example.com>

Step 2: Disable SELinux.

sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/’ /etc/selinux/config

Step 3: Download and run the installation script. Tips: You may use the screen utility in case your session disconnects during installation.

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

Step 4: Wait for the installation to complete.

Step 5: While waiting for the installation, you might want to allow all the required ports on the security group for your instance (eg: WHM SSL, FTP, HTTP, HTTPS). Please follow the guide here.

Note: To know which ports are used by cPanel & WHM, please refer to this official documentation: https://documentation.cpanel.net/display/CKB/How+to+Configure+Your+Firewall+for+cPanel+Services

Step 6: Set a password for root.

passwd

Step 7: Browse to https://<your-server-ip>:2087 to access the WHM, and login as root.

Result:

Src: https://www.ipserverone.info/cloud/how-to-install-cpanel-on-centos-7/

Share

Ubuntu Server 18.04 LVM out of space with improper default partitioning

Problem Statement:

I installed Ubuntu Server 18.04 with the LVM option and left the default partition setup. Now my main drive only has 4GB in a 1TB hard drive. How can I fix this without starting from scratch?

Results of df -h :

Filesystem Size Used Available Use% Mounted on
udev 16G 0 16G 0% /dev
tmpfs 32G 1.7M 32G 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 3.9G 3.6G 92M 98% / 
tmpfs 16G 0 16G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 16G 0 16G 0% /sys/fs/cgroup
/dev/loop0 87M 87M 0 100% /snap/core/4917
/dev/loop1 3.2M 3.2M 0 100% /snap/stress-ng/471
/dev/loop2 90M 90M 0 100% /snap/core/6130
/dev/sda2 976M 143M 766M 16% /boot
tmpfs 3.2G 0 3.2G 0% /run/user/1000

Resolution: Continue reading “Ubuntu Server 18.04 LVM out of space with improper default partitioning” »

Share

Install Mariadb on CentOS 7

MariaDB is an open-source relational database management system, backward compatible, binary drop-in replacement of MySQL. It is developed by some of the original developers of the MySQL and by many people in the community. With the release of CentOS 7, MySQL was replaced with MariaDB as the default database system.

If you, for any reason need to install MySQL, check the How to Install MySQL on CentOS 7 tutorial. If your application does not have any specific requirements, you should stick with MariaDB, the default database system in CentOS 7.

In this tutorial we will show you how to install the latest version of MariaDB on CentOS 7 using the official MariaDB repositories.

Prerequisites

Make sure you are logged in as a user with sudo privileges before proceeding with the tutorial.

Install MariaDB 5.5 on CentOS 7: The version of the MariaDB server provided in default CentOS repositories is version 5.5. This is not the latest version though, but it is quite stable.

Follow the steps below to install and secure MariaDB 5.5 on CentOS 7:

Install the MariaDB package using the yum package manager:

sudo yum install mariadb-server

Press y when prompted to proceed with the installation. Once the installation is complete, start the MariaDB service and enable it to start on boot using the following commands:

sudo systemctl start mariadbsudo systemctl enable mariadb

To verify that the installation was successful, check the MariaDB service status by typing:

sudo systemctl status mariadb

The output should show that the service is active and running: Continue reading “Install Mariadb on CentOS 7” »

Share

Set Time Zone on CentOS 7

Checking the Current Timezone

In CentOS and other modern Linux distros, you can use the timedatectl command to display and set the current system’s time and timezone.

timedatectl

The output below shows that the system’s timezone is set to UTC:

Local time: Wed 2019-02-06 22:43:42 UTC
Universal time: Wed 2019-02-06 22:43:42 UTC
RTC time: Wed 2019-02-06 22:43:42
Time zone: Etc/UTC (UTC, +0000)
NTP enabled: no
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a

The system timezone is configured by symlinking /etc/localtime to a binary timezone identifier in the /usr/share/zoneinfo directory. So, another option to check the timezone is to show the path the symlink points to using the ls command:

ls -l /etc/localtime
lrwxrwxrwx. 1 root root 29 Dec 11 09:25 /etc/localtime -> ../usr/share/zoneinfo/Etc/UTC

Changing Timezone in CentOS

Before changing the timezone, you’ll need to find out the long name for the timezone you want to use. The timezone naming convention usually uses a “Region/City” format.

To list all available time zones, you can either list the files in the /usr/share/zoneinfo directory or use the timedatectl command.

timedatectl list-timezones
...
America/Tijuana
America/Toronto
America/Tortola
America/Vancouver
America/Whitehorse
America/Winnipeg
...

Once you identify which time zone is accurate to your location, run the following command as sudo user: Continue reading “Set Time Zone on CentOS 7” »

Share

Reinstall VirtualBox on Ubuntu & CentOS

For Ubuntu

To remove virtualbox

sudo dpkg --list virtualbox-*
sudo apt autoremove --purge virtualbox*
dpkg -l virtualbox* | grep ^i

Remove all PPAs from sources.list and source.list.d directory

mkdir ~/apt-tmp
sudo mv /etc/apt/sources.list.d/* ~/apt-tmp

Make sure there is nothing except official repositories sources in /etc/sources.list. And update your sources:

sudo apt update

Now we can search to see which versions are available to install:

apt-cache madison virtualbox | grep -iv sources

Which produces an output like this:

virtualbox | 5.0.32-dfsg-0ubuntu1.16.04.2 | http://mirrors.kernel.org/ubuntu xenial-updates/multiverse amd64 Packages
virtualbox | 5.0.18-dfsg-2build1 | http://mirrors.kernel.org/ubuntu xenial/multiverse amd64 Packages

Then I would install the last version mentioned in xenial-updates: Continue reading “Reinstall VirtualBox on Ubuntu & CentOS” »

Share

Install ZFS on CentOS 7

Installing ZFS File System

ZFS File System support is not enabled by default on CentOS 7. That is not the only problem. ZFS is not available in the official package repository of CentOS 7. You have to install it from the official package repository of ZFS. I am installing this on a server running Centos 7.6. You may take a look at https://github.com/zfsonlinux/zfs/wiki/RHEL-and-CentOS for more details.

First check what version of CentOS 7 you’re using with the following command:

$ cat /etc/redhat-release

As you can see, I am using Centos 7.6

[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)

Now you have to add the official repository of ZFS on CentOS 7 with the following command:

yum install http://download.zfsonlinux.org/epel/zfs-release.el7_6.noarch.rpm

ZFS repository should be added.

There are two ways ZFS module can be loaded to the kernel, DKMS and kABI. The difference between these is that if you install DKMS based ZFS module, and then for some reason you update the kernel of your operating system, the ZFS kernel module must be recompiled again. Otherwise it won’t work. But the kABI based ZFS module has the upper hand in that it doesn’t require recompilation if the kernel of the operating system is updated. Continue reading “Install ZFS on CentOS 7” »

Share

Disable FirewallD and Enable Iptables on CentOS 7

Download and Install the Iptables Service

To begin your server’s transition, you need to download and install the iptables-service package from the CentOS repositories. Download and install the service files by typing:

sudo yum install iptables-services

This will download and install the systemd scripts used to manage the iptables service. It will also write some default iptables and ip6tables configuration files to the /etc/sysconfig directory.

Construct your Iptables Firewall Rules

Next, you need to construct your iptables firewall rules by modifying the /etc/sysconfig/iptables and /etc/sysconfig/ip6tables files. These files hold the rules that will be read and applied when we start the iptables service.

How you construct your firewall rules depends on whether the system-config-firewall process is installed and being used to manage these files. Check the top of the /etc/sysconfig/iptables file to see whether it recommends against manual editing or not:

sudo head -2 /etc/sysconfig/iptables

If the output looks like this, feel free to manually edit the /etc/sysconfig/iptables and /etc/sysconfig/ip6tables files to implement the policies for your iptables firewall:

output
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall

Open and edit the files with sudo privileges to add your rules:

sudo nano /etc/sysconfig/iptables
sudo nano /etc/sysconfig/ip6tables

After you’ve made your rules, you can test your IPv4 and IPv6 rules using these commands:

sudo sh -c 'iptables-restore -t < /etc/sysconfig/iptables'
sudo sh -c 'ip6tables-restore -t < /etc/sysconfig/ip6tables'

If, on the other hand, the output from examining the /etc/sysconfig/iptables file looks like this, you should not manually edit the file: Continue reading “Disable FirewallD and Enable Iptables on CentOS 7” »

Share