Assuming you have an SSL certificate already downloaded and available on the server.
# line 3: change admin email
# line 32,33: change to the certs gotten in section 
# line 42: uncomment and change to the chain-file gotten in section
Enabling site default-ssl
Continue reading “SSL on Debian 10 Apache2” »
We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type
- yourdomain.com.crt – main certificate
- AAACertificateServices.crt – Root Certificate
- USERTrustRSAAAACA.crt – Intermediate Certificate – 1
- SectigoRSADomainValidationSecureServerCA.crt – Intermediate Certificate – 2
Step 1: We shall create two files as below.
commercial_ca.crt (includes root certificate and two intermediate certificates)
commercial.crt (includes main certificate, root certificate and two intermediate certificates)
Step 2: Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below.
root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial_ca.crt
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial.crt
Continue reading “Install a Sectigo Domain Validation SSL certificate in Zimbra” »
1. Login to your Zimbra Admin Console using a browser.
2. In the left navigation pane under Home click Configure. Click Certificate.
3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate.
4. The Certificate Installation Wizard will pop up.
5. Under Server Name Select the Target server you are going to install the certificate for. Click Next Continue reading “Sectigo SSL certificate installation on Zimbra” »
Configure Apache2 for SSL.
root@www:~# vi /etc/apache2/sites-available/default-ssl.conf
# line 3: change to webmaster's email
# line 32,33: change to the one created in 
root@www:~# a2ensite default-ssl
Enabling site default-ssl.
Continue reading “Enable and install SSL on Debian 8 apache server” »
1. Get the bundle from Comodo in crt format, or sometimes like a zip file.
2. Place the bundle on your Zimbra mailbox server. You should receive, or download, the next files:
since comodo is acquired by Sectigo, the updated zip might appear as below: Continue reading “Installing a Comodo SSL on Zimbra using CLI” »
Step 1: Generating the certificate
First, let’s create a place to store the file.
Generate CSR and private key.
openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes
It will ask for information for the certificate request. Complete with the appropriate information.
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: FL
Locality Name (eg, city) : Miami
Organization Name (eg, company) [My Company]: My Company
Organizational Unit Name (eg, section) :
Common name should be your domain name or the server’s IP address. Also, fill in your email. Continue reading “Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04” »
Nginx can be configured as a load balancer to distribute incoming traffic around several backend servers. SSL termination is the process that occurs on the load balancer which handles the SSL encryption/decryption so that traffic between the load balancer and backend servers is in HTTP. The backends must be secured by restricting access to the load balancer’s IP, which is explained later in this article.
In this tutorial the commands must be run as the root user or as a user with sudo privileges. You can see how to set that up in the Users Tutorial. Continue reading “Set Up Nginx Load Balancing with SSL Termination” »
Obligatory SSL/TLS Handshake Graphic
All SSL/TLS-related sites have their own version of a handshake diagram – here’s ours! (Click to enbiggen.)
Let’s Clear Up Some Confusion, If We Can
Some confusion about how SSL/TLS handshakes work is due to the handshake being only the prelude to the actual, secured session itself. Let’s try to address some common points: Continue reading “The SSL/TLS Handshake: an Overview” »
In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)
$sudo apt-get install git (if not previously installed)
$sudo git clone https://github.com/certbot/certbot
Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:
$sudo service pound stop
once the service is stopped, run:
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly
by default, running the command above will generate the necessary key files (*.pem) in the following folder:
now, we need to create a private key file that Pound can understand, to do so run the following:
$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem
doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! Continue reading “Let’s Encrypt service with Pound server” »
This tutorial teaches you, how to setup vsftpd server on Linux based dedicated Web server. The tutorial also teaches you how to add the ftp users and lock the directory to individual users(In this scenario,lock the users into their individual web directory).
In Ubuntu 12.04, vsftpd with chrooted users gives the following error message:
500 OOPS: vsftpd: refusing to run with writable root inside chroot ()
To overcome this problem, we need to add the following vsftpd PPA:
sudo add-apt-repository ppa:thefrontiergroup/vsftpd
Continue reading “How to setup vsftpd FTP with SSL on Ubuntu 12.04” »