How To Secure Self-Hosted Bamboo and Crucible with Let’s Encrypt SSL Certificates

Author: , September 14th, 2023

Summary In this blog we explore how to use certificates from Let’s Encrypt to secure self-hosted Bamboo and Crucible. Process To Follow Install Certbot Ensure that external DNS resolves to the correct IP addressping example.yourdomain.com Ensure that Port 80 is open from the outside to that IP address so that Let’s Encrypt can validate the […]

How To Use SSL With sysbench To Test MySQL Server

Author: , September 7th, 2023

SUMMARY If sysbench is started with the “–mysql-ssl=on” option, it looks in the current directory for the following files:

PROCEDURE Locate the current MySQL database certificates, usually in /var/lib/mysql, and make sure that the OS user running sysbench is able to read the following 3 files:

Next, cd to the OS user’s home […]

How To Enable HTTPS For Grafana Using Existing LetsEncrypt Certificates

Author: , July 15th, 2020

How To Upgrade Certbot, Python and PIP on AWS Linux 1

Author: , May 6th, 2020

I ran letsencrypt-auto renew and got the following error:

The solution in this article gave me the answer:

Turns out Python was old at version 2.7, so did the following also:

Also had to change the cron job script to call certbot directly instead of letsencrypt-auto : vi /root/letsencrypt-cron.sh

How To Convert An RSA Private Key to PEM Format

Author: , January 10th, 2020

How To Fix Apache VirtualHost Overlap on Port 443 on AWS Linux

Author: , July 4th, 2016

If you get this error when starting Apache or via apachectl configtest: [warn] _default_ VirtualHost overlap on port 443, the first has precedence then you must add: NameVirtualHost *:443 to /etc/httpd/conf/httpd.conf, then restart Apache

OpenSSL Heartbleed Security Flaw Summary and Resources

Author: , April 8th, 2014

Summary TLS heartbeat read overrun (CVE-2014-0160) – A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. OpenSSL Versions Affected The 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. OpenSSL 1.0.2-beta through 1.0.2-beta1 […]

How To Install A Network Solutions EV SSL Certificate On CentOS Apache 2

Author: , October 11th, 2011

Create the server key from your original private key by removing the pass-phase:

These are the files that NetSol provided me in the download .zip file (domain name changed to protect the innocent):

Network Solutions does not make it easy on you – in the install docs they tell you there is yet […]

Apache 2 SSL Hints

Author: , February 16th, 2011

yum install mod_ssl vim /etc/httpd/conf.d/ssl.conf If you got a sign certificate from Thawt, is may be in a signed bundle in PKCS #7 format. Look for this at the top: —–BEGIN PKCS #7 SIGNED DATA—– To extract the cert that you will need for Apache, run the following command: openssl pkcs7 -print_certs -in signed_bundle.pkcs7 Your […]

How To Enable TLS/SSL Encryption In Postfix (smtpd)

Author: , December 17th, 2010

Below info copied from http://yocum.org/faqs/postfix-tls-sasl.html Verify that the correct libraries have been linked in: # ldd /usr/libexec/postfix/smtpd You should see the following: smtpd: libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28096000) libssl.so.3 => /usr/local/lib/libssl.so.3 (0x280aa000) libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x280db000) If you see libsasl2, libssl, and libcrypto, congratulations — the server is ready to support SASL and TLS. Generate an […]