Skip to main content

Posts

Vulnerbilities affecting Web and Mail Servers - Logjam-Freak

  Recently we came across a vulnerability know as Logjam which according to researchers any attacker or Man in the middle can exploit weak  Diffie–Hellman key Algorithm. this vulnerability has denoted with CVE number as  CVE-2015-4000.   How DH Algorithm gets exploited Traditionally, secure encrypted communication between two parties (here browser and servers) required that they first exchange keys by some secure physical channel. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel.   Here attacker can force the communication between the server and browser to downgrade to lower bit export grade cryptography. The attackers can attacks any servers that support DHE_EXPORT ciphers and affects mostly all browsers. Recommendation : 1) Disable Export Cipher Suites Even though modern browsers no longer support export suites, the FREAK and Logjam attac

Subject Alernative names with Openssl

In this post we will see, how can we create CSR with SAN, which stands for Subject Alternative Names and obviously using openssl command. For those who do not know what is SAN, let me cover this in short.There are 3 main types of SSL  Standard SSL  :- Used for securing single domain. like www.domain.com, i,e one domain -- one certificate Wild card SSL : - Used for securing multiple sub-domains like home.domain.com office.domain.com in single certificate, i.e multiple subdomain --- single certificate Multi-domain SSL : -- Used for securing multiple domains, like www.domain.com, www.home.com, www.office.net, i,e multiple domains --- single certificate. So, SAN comes under multiple domains certificate category. When you purchase a multi-domain certificate from certificate issuing authority ,they give you options of defining SAN along with primary domain. So, Here we are discussing about how to create CSR(which is required while purchasing the certificate) with SAN itself.

Check CSR and Private Key are matching or not.

  If you are managing many of sites and their respective SSL certs, some times ,we come across a situation where we messed up with SSL certs and their CSR and private keys,   Where we do not know, which private key belongs to which Cert and which private key belongs to which CSR. This happen only if proper management of keeping SSL files are not in used  after all we are all human being ,who do mistakes :)  right ? so, here on this page I will tell you , how to check which cert belongs to which private key and which CSR belongs to which private key , and that is  only using openssl command on the terminal itself, after all we are love linux terminal :) So , here it is, openssl rsa -noout -modulus -in mydomain.key | openssl md5  openssl req -noout -modulus -in mydomain.csr | openssl md5 openssl x509 -noout -modulus -in domain.crt | openssl md5 If you find the output of all command identical ,high probability is that all files i.e private key ,csr and certificate are match

How to Generate CSR using Openssl in Linux

Before Generating CSR ,let see what is Openssl. It is nothing but a core library ,which is used for general purpose in cryptography,it is an open source product which work towards the implementation of SSL and TLS protocols. Talking about openssl, some people called the certificates generated from openssl as "self signed certificate". lets go towards now,creating CSR and private key using openssl command, Just log in to any of your Linux box and run following command as  root user  replacing the required information as per your need . [root@SVR home]#   openssl req -new -newkey  rsa:2048 -nodes -sha256 -out domain_name.csr -keyout domain_name.key -subj "/C=US/ST=state/L=locality/O=organization/OU=organization unit Dept/CN=www.domain.com"  You will get output like : Then check whether ,all the information we have entered ,while creating CSR is proper ,by decoding the CSR from some online tool. First do the cat to the csr file [root@SVR home]#  cat

Features of Linux

              1. Virtual memory, allowing the system to use disk room the same as RAM memory.    2. Multiple user capability.    3. Protected mode so programs or user's can't access unauthorized areas.    4. True multitasking    5. X - A graphical user interface similar to windows, but supports remote sessions over a network.    6. Advanced server functionality           * FTP server           * Telnet server           * BOOTP server           * DHCP server           * Samba server           * DNS server           * SNMP services           * Mail services           * Network file sharing           * and, much more...    7.supports various file systems Why to Use    1. Free    2. Runs on various machine architectures    3. Works well on machines that are not "modern". Recommended 8MB RAM, with 16MB swap drive space. It will run in hard drives as small as 500MB or less.    4. Linux is stable and even if a program crashes, it won't br

Its All about Linux

Hello There ! :) i hope you all are doing great. Thanks for stopping by and reading my blog. This is the first time i am writing something offline or online. I am not sure how i will make my blog different then the most of the blog you read online. but i will be honest with my blog means what ever i write, i will try to be more clear and easily understandable for most of the audience. A little introduction about myself, I am Currently Working in One of the Top MNCs of North America as System Administrator. My Current Domain is Web Hosting i.e E-commerce sites Hosted on Linux Servers. When i was doing my Engineering, i didn't had any clue what to do in life just like most of youngster :) but i saw ray of interest in Computer Networks during my Final year of Engg. Why Linux for me ? I never thought that I would be working on linux as i had more interest towards Computer Networks, but eventually i got shifted to linux due to 2008 Economic break down, as there were no jobs du