SSL on Debian 10 Apache2

Assuming you have an SSL certificate already downloaded and available on the server.

root@www:~#nano /etc/apache2/sites-available/default-ssl.conf
# line 3: change admin email

ServerAdminwebmaster@srv.world

# line 32,33: change to the certs gotten in section [1]

SSLCertificateFile /etc/letsencrypt/live/www.srv.world/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.srv.world/privkey.pem

# line 42: uncomment and change to the chain-file gotten in section

SSLCertificateChainFile /etc/letsencrypt/live/www.srv.world/chain.pem
root@www:~#a2ensite default-ssl
Enabling site default-ssl

Read more

Share

Install a Sectigo Domain Validation SSL certificate in Zimbra

We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type

  1. yourdomain.com.crt – main certificate
  2. AAACertificateServices.crt – Root Certificate
  3. USERTrustRSAAAACA.crt – Intermediate Certificate – 1
  4. SectigoRSADomainValidationSecureServerCA.crt – Intermediate Certificate – 2

Step 1: We shall create two files as below.

commercial_ca.crt (includes root certificate and two intermediate certificates)
commercial.crt (includes main certificate, root certificate and two intermediate certificates)

Step 2: Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below.

root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial_ca.crt
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial.crt

Read more

Share

Sectigo SSL certificate installation on Zimbra

1. Login to your Zimbra Admin Console using a browser.

2. In the left navigation pane under Home click Configure. Click Certificate.

3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate.

4. The Certificate Installation Wizard will pop up.

5. Under Server Name Select the Target server you are going to install the certificate for. Click Next

Read more

Share

Enable and install SSL on Debian 8 apache server

Configure Apache2 for SSL.

root@www:~# vi /etc/apache2/sites-available/default-ssl.conf
# line 3: change to webmaster's email

ServerAdmin webmaster@srv.world
# line 32,33: change to the one created in [1]

SSLCertificateFile /etc/ssl/private/server.crt

SSLCertificateKeyFile /etc/ssl/private/server.key
root@www:~# a2ensite default-ssl
Enabling site default-ssl.

Read more

Share

Installing a Comodo SSL on Zimbra using CLI

1. Get the bundle from Comodo in crt format, or sometimes like a zip file.

2. Place the bundle on your Zimbra mailbox server. You should receive, or download, the next files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
my_domain_com.crt 

or 

since comodo is acquired by Sectigo, the updated zip might appear as below:

Read more

Share

Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04

Step 1: Generating the certificate

First, let’s create a place to store the file.

mkdir ~/certificates
cd ~/certificates

Generate CSR and private key.

openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes

It will ask for information for the certificate request. Complete with the appropriate information.

Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: FL
Locality Name (eg, city) []: Miami
Organization Name (eg, company) [My Company]: My Company
Organizational Unit Name (eg, section) []:

Common name should be your domain name or the server’s IP address. Also, fill in your email.

Read more

Share

Set Up Nginx Load Balancing with SSL Termination

Nginx can be configured as a load balancer to distribute incoming traffic around several backend servers. SSL termination is the process that occurs on the load balancer which handles the SSL encryption/decryption so that traffic between the load balancer and backend servers is in HTTP. The backends must be secured by restricting access to the load balancer’s IP, which is explained later in this article.

Prerequisites
In this tutorial the commands must be run as the root user or as a user with sudo privileges. You can see how to set that up in the Users Tutorial.

Read more

Share

The SSL/TLS Handshake: an Overview

Obligatory SSL/TLS Handshake Graphic
All SSL/TLS-related sites have their own version of a handshake diagram – here’s ours! (Click to enbiggen.)

Let’s Clear Up Some Confusion, If We Can
Some confusion about how SSL/TLS handshakes work is due to the handshake being only the prelude to the actual, secured session itself. Let’s try to address some common points:

Read more

Share

Let’s Encrypt service with Pound server

In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)

$sudo apt-get install git (if not previously installed)
$cd /opt
$sudo git clone https://github.com/certbot/certbot

Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:

$sudo service pound stop

once the service is stopped, run:

$cd /opt/certbot
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly

by default, running the command above will generate the necessary key files (*.pem) in the following folder:

/etc/letsencrypt/live/YOUR_DOMAIN/

now, we need to create a private key file that Pound can understand, to do so run the following:

$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem

doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important!

Read more

Share

How to setup vsftpd FTP with SSL on Ubuntu 12.04

This tutorial teaches you, how to setup vsftpd server on Linux based dedicated Web server. The tutorial also teaches you how to add the ftp users and lock the directory to individual users(In this scenario,lock the users into their individual web directory).

In Ubuntu 12.04, vsftpd with chrooted users gives the following error message:

500 OOPS: vsftpd: refusing to run with writable root inside chroot ()
To overcome this problem, we need to add the following vsftpd PPA:

sudo add-apt-repository ppa:thefrontiergroup/vsftpd

Read more

Share