Thoughts about coding and books

How to download ca certificate chain

It might happen that some machine has missing CA chain certificates and you get error OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Unable to establish SSL connection. If accessing the specific URL in browser works without warning then you can export and download CA certificate chain In Firefox right-click > View Page Info > Security >Read more about How to download ca certificate chain[…]

Simple way to route all traffic via gateway with OpenVPN

You need VPN when you are connected to unsecured WIFI. Also VPN is needed when this public wifi or your ISP is restricting you. One example of such restrictions is blocking P2P programs and alike.

Good way to overcome those problems is OpenVPN. This can be quite complicated to set up but simple configurations is actually simple.

Firstly is needed server. Server can be your home router or some small server in datacentre that has extra bandwith left over. Your laptop will be called client which sends all(or some) of your traffic through one TCP/IP connection to server and server forwards it so it looks like traffic is originating from server.

Lets have our internal ips 10.66.77.1 for server and 10.66.77.2 for client. Network is selected in the middle of 10.0.0.0/24 network because then it has smaller chance of colliding with your existing network.

Server needs ip forwarding and nat to be enabled. You achieve this with following commands. 10.66.77.0/24 and eth0 needs to be changed to your actual values.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.66.77.0/24 -o eth0 -j MASQUERADE

Next we need static key. Bear in mind that this need to be kept secret. Key generating looks like:

openvpn --genkey --secret static.key
chmod 600 static.key

Now preparation is ready and you can make OpenVPN configuration file. Read more about Simple way to route all traffic via gateway with OpenVPN

When apache ignores your SSL certificate!

Almost everybody realizes nowadays that pages where login and passwords are used must use encrypted datatransfer like https. To use secure connection webserver must have correctly configured certificate. Usually certificates are bought from some Certificate Authority and these cost around $100 per year. Here i will show how to make your own cert for freeRead more about When apache ignores your SSL certificate![…]