Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
ex.
psexec -i -u
2/28/2008
Run psexec in interactive mode
psexec -i
Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
ex.
psexec -i -u\administrator -p \\remote01 calc.exe.
Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
ex.
psexec -i -u
Running as Limited User - the Easy Way
PsExec with the –l switch can run as linited user
For example:
Start->Run
c:\Program Files\Internet Explorer\iexplore.exe
It lunches IE
PsExec with the –l switch accomplishes the same thing from the command line:
psexec -l -d "c:\Program Files\Internet Explorer\iexplore.exe"
For example:
Start->Run
c:\Program Files\Internet Explorer\iexplore.exe
It lunches IE
PsExec with the –l switch accomplishes the same thing from the command line:
psexec -l -d "c:\Program Files\Internet Explorer\iexplore.exe"
2/27/2008
Runs defrag program on remote computer
PSTools
psexec -d \\* defrag c: d:
psexec -d @defrag.txt defrag c: d:
The psexec program connects to the remote windows computer and runs the defrag program. The "\\*" means that psexec will do this for every computer in the domain and the "-d" argument tells psexec to not wait and move on to the next computer.
The @defrag.txt means that psexec will do this for every computer that is in the txt file. The txt file format is one entry per line followed by a return.
psexec -d \\* defrag c: d:
psexec -d @defrag.txt defrag c: d:
The psexec program connects to the remote windows computer and runs the defrag program. The "\\*" means that psexec will do this for every computer in the domain and the "-d" argument tells psexec to not wait and move on to the next computer.
The @defrag.txt means that psexec will do this for every computer that is in the txt file. The txt file format is one entry per line followed by a return.
2/26/2008
Apache 2.2 + SSL
Compile, Install and Configure Apache 2.2 and mod_ssl from source.
Apache 2.2 + SSL
#------------------------------------------------------------------------------
# Pre Install
#------------------------------------------------------------------------------
> remove rpm packages
rpm -e httpd-manual; rpm -e mod_ssl; rpm -e httpd
>Downlaod apache and openssl
>Install openssl
tar zxvf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
>If no error, go to next
make test
make install
#------------------------------------------------------------------------------
# Apache 2.2.6 Setup
#------------------------------------------------------------------------------
tar zxvf httpd-2.2.6.tar.gz
cd httpd-2.2.6
./configure --prefix=/usr/local/apache_2.2.6 --with-mpm=prefork --enable-ssl --enable-setenvif --enable-so --enable-headers --enable-usertrack--with-ssl=/usr/local
make
make install
groupadd apache
useradd -g apache apache
ln -s apache_2.2.6/ ./apache
chown -R apache.apache apache_2.2.6
#------------------------------------------------------------------------------
# Apache 2.2.6 configuration
#------------------------------------------------------------------------------
vi /usr/local/apache/conf/httpd.conf
# =================================================
# Basic settings
# =================================================
User apache
Group apache
ServerAdmin alex.fung@artificial-life.com
#ServerName
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod
ServerRoot "/usr/local/apache_2.2.6"
DocumentRoot "/usr/local/apache_2.2.6/htdocs"
PidFile /usr/local/apache_2.2.6/logs/httpd.pid
ScoreBoardFile /usr/local/apache_2.2.6/logs/httpd.scoreboard
DirectoryIndex index.html
# =================================================
# HTTP and performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
# =================================================
# Access control
# =================================================
Options None
AllowOverride None
Order deny,allow
Deny from all
Order allow,deny
Allow from all
# =================================================
# MIME encoding
# =================================================
TypesConfig /usr/local/apache_2.2.6/conf/mime.types
DefaultType text/plain
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-tar .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# =================================================
# Logs
# =================================================
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog /usr/local/apache_2.2.6/logs/error_log
CustomLog /usr/local/apache_2.2.6/logs/access_log combined
CustomLog /usr/local/apache_2.2.6/logs/ssl_request_log "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\"
%b"
# =================================================
# SSL/TLS settings
# =================================================
Listen 0.0.0.0:443
SSLEngine on
SSLOptions +StrictRequire
SSLRequireSSL
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLMutex file:/usr/local/apache_2.2.6/logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shm:/usr/local/apache_2.2.6/logs/ssl_cache_shm
SSLSessionCacheTimeout 600
SSLPassPhraseDialog builtin
SSLCertificateFile /usr/local/apache_2.2.6/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache_2.2.6/conf/ssl.key/server.key
SSLVerifyClient none
SSLProxyEngine off
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#------------------------------------------------------------------------------
# Setup SSL directories
#------------------------------------------------------------------------------
#Prepare the directory structure for web server's private keys, certificates and certification revocation lists
mkdir /usr/local/apache_2.2.6/conf/ssl.key
mkdir /usr/local/apache_2.2.6/conf/ssl.crt
mkdir /usr/local/apache_2.2.6/conf/ssl.crl
#Create a self-signed server certificate
openssl req \
-new \
-x509 \
-days 30 \
-keyout /usr/local/apache_2.2.6/conf/ssl.key/server.key \
-out /usr/local/apache_2.2.6/conf/ssl.crt/server.crt \
-subj '/CN=Test-Only Certificate'
Enter PEM pass phrase: password
Verifying - Enter PEM pass phrase: password
#Start apache server
/usr/local/apache_2.2.6/bin/apachectl start
Apache 2.2 + SSL
#------------------------------------------------------------------------------
# Pre Install
#------------------------------------------------------------------------------
> remove rpm packages
rpm -e httpd-manual; rpm -e mod_ssl; rpm -e httpd
>Downlaod apache and openssl
>Install openssl
tar zxvf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
>If no error, go to next
make test
make install
#------------------------------------------------------------------------------
# Apache 2.2.6 Setup
#------------------------------------------------------------------------------
tar zxvf httpd-2.2.6.tar.gz
cd httpd-2.2.6
./configure --prefix=/usr/local/apache_2.2.6 --with-mpm=prefork --enable-ssl --enable-setenvif --enable-so --enable-headers --enable-usertrack--with-ssl=/usr/local
make
make install
groupadd apache
useradd -g apache apache
ln -s apache_2.2.6/ ./apache
chown -R apache.apache apache_2.2.6
#------------------------------------------------------------------------------
# Apache 2.2.6 configuration
#------------------------------------------------------------------------------
vi /usr/local/apache/conf/httpd.conf
# =================================================
# Basic settings
# =================================================
User apache
Group apache
ServerAdmin alex.fung@artificial-life.com
#ServerName
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod
ServerRoot "/usr/local/apache_2.2.6"
DocumentRoot "/usr/local/apache_2.2.6/htdocs"
PidFile /usr/local/apache_2.2.6/logs/httpd.pid
ScoreBoardFile /usr/local/apache_2.2.6/logs/httpd.scoreboard
DirectoryIndex index.html
# =================================================
# HTTP and performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
# =================================================
# Access control
# =================================================
Options None
AllowOverride None
Order deny,allow
Deny from all
Order allow,deny
Allow from all
# =================================================
# MIME encoding
# =================================================
TypesConfig /usr/local/apache_2.2.6/conf/mime.types
DefaultType text/plain
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-tar .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# =================================================
# Logs
# =================================================
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog /usr/local/apache_2.2.6/logs/error_log
CustomLog /usr/local/apache_2.2.6/logs/access_log combined
CustomLog /usr/local/apache_2.2.6/logs/ssl_request_log "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\"
%b"
# =================================================
# SSL/TLS settings
# =================================================
Listen 0.0.0.0:443
SSLEngine on
SSLOptions +StrictRequire
SSLRequireSSL
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLMutex file:/usr/local/apache_2.2.6/logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shm:/usr/local/apache_2.2.6/logs/ssl_cache_shm
SSLSessionCacheTimeout 600
SSLPassPhraseDialog builtin
SSLCertificateFile /usr/local/apache_2.2.6/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache_2.2.6/conf/ssl.key/server.key
SSLVerifyClient none
SSLProxyEngine off
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#------------------------------------------------------------------------------
# Setup SSL directories
#------------------------------------------------------------------------------
#Prepare the directory structure for web server's private keys, certificates and certification revocation lists
mkdir /usr/local/apache_2.2.6/conf/ssl.key
mkdir /usr/local/apache_2.2.6/conf/ssl.crt
mkdir /usr/local/apache_2.2.6/conf/ssl.crl
#Create a self-signed server certificate
openssl req \
-new \
-x509 \
-days 30 \
-keyout /usr/local/apache_2.2.6/conf/ssl.key/server.key \
-out /usr/local/apache_2.2.6/conf/ssl.crt/server.crt \
-subj '/CN=Test-Only Certificate'
Enter PEM pass phrase: password
Verifying - Enter PEM pass phrase: password
#Start apache server
/usr/local/apache_2.2.6/bin/apachectl start
Apache 2.0 + SSL
Compile, Install and Configure Apache 2.0 and mod_ssl from source.
Apache 2.0 + SSL
#------------------------------------------------------------------------------
# Pre Install
#------------------------------------------------------------------------------
> remove rpm packages
rpm -e httpd-manual; rpm -e mod_ssl; rpm -e httpd
>Downlaod apache and openssl
>Install openssl
tar zxvf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
>If no error, go to next
make test
make install
#------------------------------------------------------------------------------
# Apache 2.0.61 Setup
#------------------------------------------------------------------------------
tar zxvf httpd-2.0.61.tar.gz
cd httpd-2.0.61
./configure --prefix=/usr/local/apache_2.0.61 --with-mpm=prefork --enable-ssl --enable-setenvif --enable-so --enable-headers --enable-usertrack--with-ssl=/usr/local
make
make install
groupadd apache
useradd -g apache apache
ln -s apache_2.0.61/ ./apache
chown -R apache.apache apache_2.0.61
#------------------------------------------------------------------------------
# Apache 2.0.61 configuration
#------------------------------------------------------------------------------
vi /usr/local/apache/conf/httpd.conf
# =================================================
# Basic settings
# =================================================
User apache
Group apache
ServerAdmin alex.fung@artificial-life.com
#ServerName
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod
ServerRoot "/usr/local/apache_2.0.61"
DocumentRoot "/usr/local/apache_2.0.61/htdocs"
PidFile /usr/local/apache_2.0.61/logs/httpd.pid
ScoreBoardFile /usr/local/apache_2.0.61/logs/httpd.scoreboard
DirectoryIndex index.html
# =================================================
# HTTP and performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
# =================================================
# Access control
# =================================================
Options None
AllowOverride None
Order deny,allow
Deny from all
Order allow,deny
Allow from all
# =================================================
# MIME encoding
# =================================================
TypesConfig /usr/local/apache_2.0.61/conf/mime.types
DefaultType text/plain
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-tar .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# =================================================
# Logs
# =================================================
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog /usr/local/apache_2.0.61/logs/error_log
CustomLog /usr/local/apache_2.0.61/logs/access_log combined
CustomLog /usr/local/apache_2.0.61/logs/ssl_request_log "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\"
%b"
# =================================================
# SSL/TLS settings
# =================================================
Listen 0.0.0.0:443
SSLEngine on
SSLOptions +StrictRequire
SSLRequireSSL
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLMutex file:/usr/local/apache_2.0.61/logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shm:/usr/local/apache_2.0.61/logs/ssl_cache_shm
SSLSessionCacheTimeout 600
SSLPassPhraseDialog builtin
SSLCertificateFile /usr/local/apache_2.0.61/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache_2.0.61/conf/ssl.key/server.key
SSLVerifyClient none
SSLProxyEngine off
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#------------------------------------------------------------------------------
# Setup SSL directories
#------------------------------------------------------------------------------
#Prepare the directory structure for web server's private keys, certificates and certification revocation lists
mkdir /usr/local/apache_2.0.61/conf/ssl.key
mkdir /usr/local/apache_2.0.61/conf/ssl.crt
mkdir /usr/local/apache_2.0.61/conf/ssl.crl
#Create a self-signed server certificate
openssl req \
-new \
-x509 \
-days 30 \
-keyout /usr/local/apache_2.0.61/conf/ssl.key/server.key \
-out /usr/local/apache_2.0.61/conf/ssl.crt/server.crt \
-subj '/CN=Test-Only Certificate'
Enter PEM pass phrase: password
Verifying - Enter PEM pass phrase: password
#Start apache server
/usr/local/apache_2.0.61/bin/apachectl start
Apache 2.0 + SSL
#------------------------------------------------------------------------------
# Pre Install
#------------------------------------------------------------------------------
> remove rpm packages
rpm -e httpd-manual; rpm -e mod_ssl; rpm -e httpd
>Downlaod apache and openssl
>Install openssl
tar zxvf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
>If no error, go to next
make test
make install
#------------------------------------------------------------------------------
# Apache 2.0.61 Setup
#------------------------------------------------------------------------------
tar zxvf httpd-2.0.61.tar.gz
cd httpd-2.0.61
./configure --prefix=/usr/local/apache_2.0.61 --with-mpm=prefork --enable-ssl --enable-setenvif --enable-so --enable-headers --enable-usertrack--with-ssl=/usr/local
make
make install
groupadd apache
useradd -g apache apache
ln -s apache_2.0.61/ ./apache
chown -R apache.apache apache_2.0.61
#------------------------------------------------------------------------------
# Apache 2.0.61 configuration
#------------------------------------------------------------------------------
vi /usr/local/apache/conf/httpd.conf
# =================================================
# Basic settings
# =================================================
User apache
Group apache
ServerAdmin alex.fung@artificial-life.com
#ServerName
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod
ServerRoot "/usr/local/apache_2.0.61"
DocumentRoot "/usr/local/apache_2.0.61/htdocs"
PidFile /usr/local/apache_2.0.61/logs/httpd.pid
ScoreBoardFile /usr/local/apache_2.0.61/logs/httpd.scoreboard
DirectoryIndex index.html
# =================================================
# HTTP and performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
# =================================================
# Access control
# =================================================
Options None
AllowOverride None
Order deny,allow
Deny from all
Order allow,deny
Allow from all
# =================================================
# MIME encoding
# =================================================
TypesConfig /usr/local/apache_2.0.61/conf/mime.types
DefaultType text/plain
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-tar .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# =================================================
# Logs
# =================================================
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog /usr/local/apache_2.0.61/logs/error_log
CustomLog /usr/local/apache_2.0.61/logs/access_log combined
CustomLog /usr/local/apache_2.0.61/logs/ssl_request_log "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\"
%b"
# =================================================
# SSL/TLS settings
# =================================================
Listen 0.0.0.0:443
SSLEngine on
SSLOptions +StrictRequire
SSLRequireSSL
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLMutex file:/usr/local/apache_2.0.61/logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shm:/usr/local/apache_2.0.61/logs/ssl_cache_shm
SSLSessionCacheTimeout 600
SSLPassPhraseDialog builtin
SSLCertificateFile /usr/local/apache_2.0.61/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache_2.0.61/conf/ssl.key/server.key
SSLVerifyClient none
SSLProxyEngine off
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#------------------------------------------------------------------------------
# Setup SSL directories
#------------------------------------------------------------------------------
#Prepare the directory structure for web server's private keys, certificates and certification revocation lists
mkdir /usr/local/apache_2.0.61/conf/ssl.key
mkdir /usr/local/apache_2.0.61/conf/ssl.crt
mkdir /usr/local/apache_2.0.61/conf/ssl.crl
#Create a self-signed server certificate
openssl req \
-new \
-x509 \
-days 30 \
-keyout /usr/local/apache_2.0.61/conf/ssl.key/server.key \
-out /usr/local/apache_2.0.61/conf/ssl.crt/server.crt \
-subj '/CN=Test-Only Certificate'
Enter PEM pass phrase: password
Verifying - Enter PEM pass phrase: password
#Start apache server
/usr/local/apache_2.0.61/bin/apachectl start
2/25/2008
Apache 1.3 +SSL
Compile, Install and Configure Apache 1.3 and mod_ssl from source.
Apache 1.3 + SSL
#------------------------------------------------------------------------------
# Pre Install
#------------------------------------------------------------------------------
> remove rpm packages
rpm -e httpd-manual; rpm -e mod_ssl; rpm -e httpd
>Downlaod apache and mod_ssl
>Install openssl
tar zxvf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
>If no error, go to next
make test
make install
>Install mod_ssl
tar zxvf mod_ssl-2.8.30-1.3.39.tar.gz
tar zxvf apache_1.3.39.tar.gz
#Patch Apache with mod_ssl
cd mod_ssl-2.8.30-1.3.39
./configure --with-apache=../apache_1.3.39 --with-ssl=../openssl-0.9.8g
#Build Apache
CFLAGS='-DEAPI' \
SSL_BASE=../openssl-0.9.8g \
./configure \
--prefix=/usr/local/apache_1.3.39 \
--enable-module=ssl \
--enable-shared=ssl \
--enable-module=so \
--server-uid=apache \
--server-gid=apache
make
| Before you install the package you now should prepare the SSL |
| certificate system by running the 'make certificate' command. |
| For different situations the following variants are provided: |
| |
| % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom (custom cert signed by own CA) |
| % make certificate TYPE=existing (existing cert) |
| CRT=/path/to/your.crt [KEY=/path/to/your.key] |
| |
| Use TYPE=dummy when you're a vendor package maintainer, |
| the TYPE=test when you're an admin but want to do tests only, |
| the TYPE=custom when you're an admin willing to run a real server |
| and TYPE=existing when you're an admin who upgrades a server. |
| (The default is TYPE=test) |
| |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select |
| the signature algorithm used for the generated certificate. |
| |
| Use 'make certificate VIEW=1' to display the generated data. |
make certificate TYPE=test
#----------------------------------------------------------------------
Signature Algorithm ((R)SA or (D)SA) [R]:R
1. Country Name (2 letter code) [XY]:US
2. State or Province Name (full name) [Snake Desert]:Hong Kong
3. Locality Name (eg, city) [Snake Town]:Hong Kong
4. Organization Name (eg, company) [Snake Oil, Ltd]:ALife
5. Organizational Unit Name (eg, section) [Webserver Team]:
6. Common Name (eg, FQDN) [www.snakeoil.dom]:www.alife.com
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:
8. Certificate Validity (days) [365]:
Certificate Version (1 or 3) [3]:3
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:password
Verifying - Enter PEM pass phrase:password
RESULT: Server Certification Files
o conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!
o conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).
o conf/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the conf/ssl.crt/server.crt file.
#----------------------------------------------------------------------
make install
#Start Apache with SSL
/usr/local/apache_1.3.39/bin/apachectl startssl
Apache 1.3 + SSL
#------------------------------------------------------------------------------
# Pre Install
#------------------------------------------------------------------------------
> remove rpm packages
rpm -e httpd-manual; rpm -e mod_ssl; rpm -e httpd
>Downlaod apache and mod_ssl
>Install openssl
tar zxvf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
>If no error, go to next
make test
make install
>Install mod_ssl
tar zxvf mod_ssl-2.8.30-1.3.39.tar.gz
tar zxvf apache_1.3.39.tar.gz
#Patch Apache with mod_ssl
cd mod_ssl-2.8.30-1.3.39
./configure --with-apache=../apache_1.3.39 --with-ssl=../openssl-0.9.8g
#Build Apache
CFLAGS='-DEAPI' \
SSL_BASE=../openssl-0.9.8g \
./configure \
--prefix=/usr/local/apache_1.3.39 \
--enable-module=ssl \
--enable-shared=ssl \
--enable-module=so \
--server-uid=apache \
--server-gid=apache
make
| Before you install the package you now should prepare the SSL |
| certificate system by running the 'make certificate' command. |
| For different situations the following variants are provided: |
| |
| % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom (custom cert signed by own CA) |
| % make certificate TYPE=existing (existing cert) |
| CRT=/path/to/your.crt [KEY=/path/to/your.key] |
| |
| Use TYPE=dummy when you're a vendor package maintainer, |
| the TYPE=test when you're an admin but want to do tests only, |
| the TYPE=custom when you're an admin willing to run a real server |
| and TYPE=existing when you're an admin who upgrades a server. |
| (The default is TYPE=test) |
| |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select |
| the signature algorithm used for the generated certificate. |
| |
| Use 'make certificate VIEW=1' to display the generated data. |
make certificate TYPE=test
#----------------------------------------------------------------------
Signature Algorithm ((R)SA or (D)SA) [R]:R
1. Country Name (2 letter code) [XY]:US
2. State or Province Name (full name) [Snake Desert]:Hong Kong
3. Locality Name (eg, city) [Snake Town]:Hong Kong
4. Organization Name (eg, company) [Snake Oil, Ltd]:ALife
5. Organizational Unit Name (eg, section) [Webserver Team]:
6. Common Name (eg, FQDN) [www.snakeoil.dom]:www.alife.com
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:
8. Certificate Validity (days) [365]:
Certificate Version (1 or 3) [3]:3
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:password
Verifying - Enter PEM pass phrase:password
RESULT: Server Certification Files
o conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!
o conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).
o conf/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the conf/ssl.crt/server.crt file.
#----------------------------------------------------------------------
make install
#Start Apache with SSL
/usr/local/apache_1.3.39/bin/apachectl startssl
訂閱:
文章 (Atom)