It might happen that some machine has missing CA chain certificates and you get error OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Unable to establish SSL connection. If accessing the specific URL in browser works without warning then you can export and download CA certificate chain In Firefox right-click > View Page Info > Security >Read more about How to download ca certificate chain[…]
It is secure and easy to login into servers with openssh using public/private key client authentication. You only need to generate keys with ssh-keygen and these keys are used automatically. Challenge starts when you dont want to use same key everywhere but prefer or have to use different keys for different sites. Firstly lets createRead more about Multiple ssh keys for logging to different sites[…]
You can host unlimited NameVirtualHost-s with http protocol. But how can you have many virtual hosts in vhost file over https? Not possible ???? Most of websites have some sort of CMS which has admin passwords and these must not be sent over plaintext, little security warning for admins is not a big problem. WhenRead more about Configure Apache to support multiple SSL sites on a single IP[…]
You need VPN when you are connected to unsecured WIFI. Also VPN is needed when this public wifi or your ISP is restricting you. One example of such restrictions is blocking P2P programs and alike.
Good way to overcome those problems is OpenVPN. This can be quite complicated to set up but simple configurations is actually simple.
Firstly is needed server. Server can be your home router or some small server in datacentre that has extra bandwith left over. Your laptop will be called client which sends all(or some) of your traffic through one TCP/IP connection to server and server forwards it so it looks like traffic is originating from server.
Lets have our internal ips 10.66.77.1 for server and 10.66.77.2 for client. Network is selected in the middle of 10.0.0.0/24 network because then it has smaller chance of colliding with your existing network.
Server needs ip forwarding and nat to be enabled. You achieve this with following commands. 10.66.77.0/24 and eth0 needs to be changed to your actual values.
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.66.77.0/24 -o eth0 -j MASQUERADE
Next we need static key. Bear in mind that this need to be kept secret. Key generating looks like:
openvpn --genkey --secret static.key chmod 600 static.key
Now preparation is ready and you can make OpenVPN configuration file. Read more about Simple way to route all traffic via gateway with OpenVPN …
Scenario: you want to log into the server from one location with one key and from other location with another key. First i did this easy way between 2 linux servers: generated key with ssh-keygen, added public key to server with ssh-copy-id, tested and it was all working. I have also windows machine at handRead more about Putty: “Server refused our key”[…]
Almost everybody realizes nowadays that pages where login and passwords are used must use encrypted datatransfer like https. To use secure connection webserver must have correctly configured certificate. Usually certificates are bought from some Certificate Authority and these cost around $100 per year. Here i will show how to make your own cert for freeRead more about When apache ignores your SSL certificate![…]