This article will show openssl parameters to generate CA certificate keypairs.
This command will generate private certificate “ca.key” under private folder, and public certificate “ca.crt” under certs folder.
In RedHat CentOS server, you can execute below command under /etc/pki/CA folder.

root@server.example.com [CA]# openssl req -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
Generating a 2048 bit RSA private key
..........................+++
......................................................................................................................................................+++
writing new private key to 'private/ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:Singapore
Locality Name (eg, city) [Default City]:Singapore
Organization Name (eg, company) [Default Company Ltd]:Example Ltd
Organizational Unit Name (eg, section) []:Certificate Authority
Common Name (eg, your name or your server's hostname) []:example.com
Email Address []:webmaster@example.com
Posted in Uncategorized.

It is often that we started a project in our local laptop, and we want this project secured in our server. I know, it may not possible to execute git clone command from server to clone the project from your local computer due to firewall or at that moment your laptop does not have public IP like your server does.

Before pushing the project to server, I assumed that we have created git repository in the server:

$ mkdir projectname.git
$ cd projectname.git
$ git init --bare

Or just:

$ git init --bare projectname.git

From our local, execute these command to push the git local repository to the server:

$ git remote add origin ssh://user@server.com:port/path/to/projectname.git
$ git push origin master

Now we have our project safe in the server. We can safely continue our work in local laptop, we can clone to other laptop if required, and push the changes to server anytime we want.

Posted in Uncategorized.

Most of the time, we don’t want to allow direct access to the port from outside our server.
We can configure this through iptables command.

In this example we want to configure port 8080 to be accessible from localhost only. These are the steps:
1. Execute this command to accept connection from localhost.

iptables -A INPUT -p tcp -s localhost --dport 8080 -j ACCEPT

2. Execute this command to drop any connection from other hosts.

iptables -A INPUT -p tcp --dport 8080 -j DROP

If we want to undo this changes, we can execute the same command by replacing -A with -D. From here we may reverse proxy our 8080 port using our apache http server.

Posted in Uncategorized.