Menu

Thursday, 7 September 2017

How to create CSR using openssl with SAN details. / How to create SAN certificate using openssl.


SAN stands for Subject Alternative Name certificates and allows you to secure multiple domain names with a single SSL certificate.
SAN is used where a single server can access with multiple domain address.


Step 1: Make sure that you have openssl rpm installed in unix machine.

Command  >>  rpm -qa | grep openssl

Screenshot 1:



Step 2: If you does not have openssl tool.

Command >>   yum  install  openssl

Screenshot 2:



Since i already installed the latest version its showing nothing to do.


Step 3: Create a directory open_ssl

Command >>    mkdir   open_ssl

Screenshot 3:




Step 4: Make one file newsan.cnf and paste below commands and save.

Command >>  vi   newsan.cnf


----------------------------------------------------------------------------------------------

[req]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = IN
stateOrProvinceName = MAHA
organizationName = MiddlewareBox
commonName = www.openssltest.com
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.middbox.com
DNS.2 = www.mb.com

----------------------------------------------------------------------------------------------


Screenshot 4:




Step 5: Use below openssl command.

Command  >>   openssl req   -new -out opensslSan.csr -newkey rsa:2048 -nodes -keyout private.key -config newsan.cnf

Screenshot 5:




Step 6: Open the created xxxxx.csr

Command >>  cat  opensslSan.csr


-------------------------------------------------------------------------------------------------------

-----BEGIN CERTIFICATE REQUEST-----
MIIC0DCCAbgCAQAwUjELMAkGA1UEBhMCSU4xDTALBgNVBAgMBE1BSEExFjAUBgNV
BAoMDU1pZGRsZXdhcmVCb3gxHDAaBgNVBAMME3d3dy5vcGVuc3NsdGVzdC5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8s3Qf2d3pYrqrZc5X45ls
o7gEHKf5lY6fKkL3Q58Emg5RK6dQd+9fDwRot0KstYYPKvh2CdVQ+3kUzjGsv5Sh
VMWhocxiiHtzwD794GIl+TnvJyvp6HGuWbjEuwLvs3X6bliUgDwRtV++aIF+023G
Pt+VkVHPZYOYcYJtCg3+GS/aYvXzTFvbC9wUgLEE+/sN4M9fAR+tf7zv6zvxK1l5
KPc7tyJDZUuKc9jpSGKl8WZnJlSpRI8tFTNDmwBOe92WGPrRHEkk0SuBLRJL05G3
Eec8ZTk+Q0YRhZmkQC6C4LynkkLlaE5dvcxy+OKWgZRiWz1ercw0HJgDW5s2/wUF
AgMBAAGgOTA3BgkqhkiG9w0BCQ4xKjAoMCYGA1UdEQQfMB2CD3d3dy5taWRkYm94
LmNvbYIKd3d3Lm1iLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAeOA3KbDjHytpEKUC
SvFkbnMEEz/aeAIc6HuxM7w5t3BofQYOxua0x2sROT9chuNPp02ENG5NrMVA62ue
5IrG1Yz//i/wP+YtHdy6svu1Z2tbQkPGvppJqCuzCH5de7wGJW/04VqkHP7GAWRe
PH5wxN+6PkDSGbI7+MlLqhX3O8rCSeXQ7oqj08S3GFZ4C9gAGEjreUNQ4lOFOXev
ncvp6AU9USa9vY+SJLrtnlA4Jysnv71sxJ9/C/3g489fHrEoTxY6wx7b1c2sLwwN
8LJA76COYAhyko1eF4E6OH6bfyO3YVV4nWwCRUny8tGy5ygykFDKjPt3LgT7KjKd
ggswEQ==
-----END CERTIFICATE REQUEST-----


-------------------------------------------------------------------------------------------------------


Screenshot 6:




Step 7: Copy the above cerificate content and paste on CSR decoder website

CSR decoder link : Https://certlogik.com/decoder/

Screenshot 7-1:



Screenshot 7-2:




Step 8: Reading a CSR to determine what information it contains.


Command >>   openssl req -text -noout -in <filename for csr>

Screenshot 8:



Reference link : https://www.ibm.com/support/

Reference link : https://www.phildev.net/ssl/opensslconf.html

Reference link : Most-common-openssl-commands.html

Reference link : https://www.websecurity.symantec.com/




Thanks :-)


Saturday, 2 September 2017

How to Monitor IBM HTTP Server connections. & Get Apache Server info.


For unix user.

Step 1: Locate to /conf folder of IHS (IBM HTTP SERVER).

Screenshot 1:




Step 2: Edit the httpd.conf file.

Command >>  vi   httpd.conf


Step 3: Uncomment the mod_status.so module line

LoadModule status_module modules/mod_status.so

Screenshot 2:



Step 4: Uncomment the server-status location section and change the "allow from" to the localhost client ipaddress or domain

Screenshot 3:




Step 5: Go to the browser and check server-status.

Open URL : http://domain-name/server-status

Screenshot 4:


Step 6: For server info edit httpd.conf file  and uncoment module mod_info.so line

LoadModule info_module modules/mod_info.so

Screenshot :5





Step 7: Uncomment the server-info location section and change the "allow from" to the localhost client ipaddress or domain

Screenshot 6:




Step 8: Go to the browser and check Apache server-info

open URL : http://domain-name/server-info

Screenshot : 7




Reference Link : http://www-01.ibm.com/support/docview.wss?uid=swg21008489

Reference Link : http://www-01.ibm.com/support/docview.wss?uid=swg27035996&aid=1



Thanks :-)