Category Archives: advanced level

OPTIMIZE & INSTALL OPENSSL

Posted on November 14, 2012 by | 3 Comments

In the early 90s most of the inter-network communications done by Internet protocols such as IMAP, SMTP, HTTP, FTP, LDAP, SNMP and POP was unencrypted. This basically means that even though applications using those protocols used similar authentication methodologies as today (requiring valid UserIDs & Passwords), those critical credential info used to be sent unencrypted over the network. In other words, UserIDs & Passwords used to be sent in plain text format over the network from one system to another.

Since this made it very easy for intruders (bad guys) to crack supposedly secured systems by simply sniffing the network for potential credentials to use, Netscape came up with SSL (Secure Socket Layer v1 & v2, a cryptographic protocol that provides communication security over the Internet Protocol) back in February of 1995. Eventually this solution has evolved into TLS (Transport Layer Security).

OpenSSL is a robust, commercial-grade, fully featured encryption software that implements SSL v2/v3 and TLS v1 protocols. It is developed and maintained by OpenSSL Project and it is widely used by open source communities and even by some commercial systems. If you’re a Linux user of any capacity (either a simple user or a System Admin) you are most likely familiar with OpenSSL, so continue reading.
Continue reading

Share on TumblrShare via email

→ 3 Comments

Posted in advanced level, fedora, how to, news, server settings

Optimizing and Building Apache Web-Server On CentOS/RedHat/Fedora.

Posted on November 14, 2012 by | Leave a comment

Apache Web-Server is one of the most widely used web-servers around the globe. Thus, the Internet is overloaded with countless of techniques regarding deploying and configuring this world class web-server. On this blog for instance, you may find a well written one published by Matthew Harman, a brilliant IT Professional and writer. I personally like Matthew’s approach as discussed in his article. However, because I have promised in the PART-2 of a series of articles I have published here regarding Virtualization With XEN Hypervizor On CentOS 5.8 that was going to write PART-3 dealing with web-server setups, I have decided to keep my word and share an approach that I have adopted when it comes to deploying Apache (httpd) servers.

In the referred virtualization article I said that on PART-3 of the series I was going to show how to configure and optimize CentOS/RedHat/Fedora for web-services. However I have decided not to do that because another writer has already published an article that delve with that subject. Though his article didn’t include everything I wanted to address, I must admit that I enjoyed reading his article. Again, when it comes to setting up OS configuration and optimization for web-servers, I have adopted a slightly different approach than the other writer’s approach, but I still recognized the valuable insights that he shared on his writing. Thus, I am not longer sharing anything regarding OS setups for web-services as promised. However, in this article I am jumping one step forward by delving with Optimizing and Building Apache Web-Server on CentOS/RedHat/Fedora.
Continue reading

Share on TumblrShare via email

→ Leave a comment

Posted in advanced level, fedora, how to, server settings

how to compile Apache 2.2 and openssl to support SNI on OpenSuse

Posted on June 25, 2012 by | Leave a comment

With the later versions of Apache 2.2 it is possible to build a system which supports SNI (subject name indication). This allows you to host multiple ssl websites on the same ip address. It is effectively a version of host headers for ssl.

I found surprisingly little information on the internet as to how to get this to work, so I thought I would create this to show how it is done!

The installation was performed on a virtual machine running opensuse 11.1 32bit, however I would imagine other Linux/unix versions would be similar.

First the installation of opensuse installs openssl however this is not compiled with TLS support built in, so it has to be recompiled to allow us to continue.

So, first back up the existing openssl executable:

root> cp /usr/bin/openssl /usr/bin/openssl.orig

Now download the latest openssl source code from www.openssl.org and place it in /tmp. When I did this the version available was 1.0.0d, so the rest of the document will reference this version. Extract the tar file and install it with the following commands:
Continue reading

Share on TumblrShare via email

→ Leave a comment

Posted in advanced level, how to, opensuse

Tagged ,