How to use Apache mod_ssl/OpenSSL to generate CSR ?

Written by Pravin on November 14, 2008 – 11:55 pm -

Certificate Signing Request (CSR) contains all the information regarding certificate application. It also includes the Public key.

Following steps will show how to generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, “server” using Apache mod_ssl/OpenSSL.

root@vps [~]# openssl req -new -nodes -keyout vps.key -out vps.csr

This creates a two files. The file vps.key contains a private key;

Following is the output from the above command, you will have to fill some of the fields here:

root@vps [~]# openssl req -new -nodes -keyout vps.key -out vps.csr

Generating a 1024 bit RSA private key
……………++++++
……++++++
writing new private key to ‘vps.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:Berkshire
Locality Name (eg, city) [Newbury]:Newbury
Organization Name (eg, company) [My Company Ltd]:Trulymanaged
Organizational Unit Name (eg, section) []:Webhosting
Common Name (eg, your name or your server’s hostname) []:vps.server.com
Email Address []:vps@server.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:sdfhsdfj
An optional company name []:

Your CSR will now have been created. Open the vps.csr in a text editor and copy and paste the contents into the online enrollment form when requested.


Tags: , , ,
Posted in linux, Linux VPS Hosting, Plesk For Linux, VPS hosting | No Comments »

Apache Feature List

Written by Chetan on November 10, 2008 – 5:39 am -

The Apache Feature List

One of the greatest features that Apache offers is that it runs on virtually all widely used computer platforms. At the beginning, Apache used to be primarily a Unixbased Web server, but that is no longer true Apache not only runs on most (if not all) flavors of Unix, but it also runs on Windows 2000/NT/9x and many other desktop and server-class operating systems such as Amiga OS 3.x and OS/2.

Apache offers many other features including fancy directory indexing; directory aliasing; content negotiations; configurable HTTP error reporting; SetUID execution of CGI Programs; resource management for child processes; server-side image maps; URL rewriting; URL spell checking; and online manuals.

The other major features of Apache are:

* Support for the latest HTTP 1.1 protocol: Apache is one of the first Web servers to integrate the HTTP 1.1 protocol. It is fully compliant with the new HTTP 1.1 standard and at the same time it is backward compatible with HTTP 1.0. Apache is ready for all the great things that the new protocol has to offer.

For example, before HTTP 1.1, a Web browser had to wait for a response from the Web server before it could issue another request. With the emergence of HTTP 1.1, this is no longer the case. A Web browser can send requests in parallel, which saves bandwidth by not transmitting HTTP headers in each
request.
This is likely to provide a performance boost at the end-user side because files requested in parallel will appear faster on the browser.

* Simple, yet powerful file-based configuration: The Apache server does not come with a graphical user interface for administrators. It comes with single primary configuration file called httpd.conf that you can use to configure Apache to your liking. All you need is your favorite text editor. However, it is flexible enough to allow you spread out your virtual host configuration in multiple files so that a single httpd.conf does not become too cumbersome to manage with many virtual server configurations.

* Support for CGI (Common Gateway Interface): Apache supports CGI using the mod_cgi and mod_cgid modules. It is CGI 1.1 compliant and offers extended features such as custom environment variables and debugging support that are hard to find in other Web servers.

* Support for FastCGI: Not everyone writes their CGI in Perl, so how can they make their CGI applications faster? Apache has a solution for that as well. Use the mod_fcgi module to implement a FastCGI environment within Apache and make your FastCGI applications blazing fast.

* Support for virtual hosts: Apache is also one of the first Web servers to support both IP-based and named virtual hosts.

* Support for HTTP authentication: Web-based basic authentication is supported in Apache. It is also ready for message-digest-based authentication, which is something the popular Web browsers have yet to implement. Apache can implement basic authentication using either standard password files, DBMs, SQL calls, or calls to external authentication programs.

* Integrated Perl: Perl has become the de facto standard for CGI script programming.\ Apache is surely on of the factors that made Perl such a popular CGI programming language. Apache is now more Perl-friendly then ever before. Using its mod_perl module, you can load a Perl-based CGI script in memory and reuse it as many times as you want. This process removes the start-up penalties that are often associated with an interpreted language like Perl.

* Support for PHP scripting: This scripting language has become very widely used and Apache provides great support for PHP using the mod_php module.

* Java Servlet support: Java servlets and Java Server Pages (JSP) are becoming very commonplace in dynamic Web sites. You can run Java servlets using the award-wining Tomcat environment with Apache.

* Integrated Proxy server: You can turn Apache into a caching (forward) proxy server. However, the current implementation of the optional proxy module does not support reverse proxy or the latest HTTP 1.1 protocol. There are plans for updating this module soon.

* Server status and customizable logs: Apache gives you a great deal of flexibility
in logging and monitoring the status of the server itself. Server status can
be monitored via a Web browser. You can also customize your log files to your
liking.

* Support for Server-Side Includes (SSI): Apache offers set of server side includes that add a great deal of flexibility for the Web site developer.

* Support for Secured Socket Layer (SSL): You can easily create an SSL Web site using OpenSSL and the mod_ssl module for Apache.

Cheers :)


Tags: , , , , , , , , , ,
Posted in linux | 1 Comment »

How to Secure MSSQL and “sa” Hack attempt

Written by Mangesh on September 27, 2008 – 3:02 am -

How to Secure MSSQL and “sa” Hack attempt

Check service context

Check patch level

Set mode to Windows Authentication

Assign long, random ‘sa’ account password

Enable authentication auditing

Disable SQLAgent, Microsoft Distributed Transaction Coordinator (MSDTC), and MSSEARCH

Disable adhoc queries on all providers

Remove sample databases

Tighten permissions on master/msdb database objects

Increase log history

Delete temp files used for install/upgrades

How to Protect MSSQL Accounts Or Users

Strong password enforcement

Entropy, Lifetime, Length

Enable auditing (at least failed logins)

Encrypt all sensitive traffic

SSL recommended

Multi-protocol encryption not recommended

No multiple instance support (instances only supported on Named Pipes, TCP/IP, NWLink, and Shared Memory net libs)

RPC encryption API only – weaker key management

Keep credentials out of connection strings and encrypted when possible

DPAPI (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT08.asp)

About MSSQL Helpful Tips :

Use Windows Auth when possible

Use principle of least-privilege

Assign MSSQL Server service non-administrator user context

Take the time to properly implement trusted security (Windows Auth Mode)

Don’t place passwords in script/code

Assign complex ‘sa’ password even when using Windows Authentication


Tags: , , , , , , , , , , ,
Posted in Dedicated Server Hosting | 1 Comment »
RSS

  • Subscribe Me

  • Tag Cloud

  • Archives