Feeds:
Posts
Comments

Archive for the ‘OpenSSL’ Category

What is Nginx ?

nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler. According to Netcraft, nginx served or proxied 27.80% busiest sites in October 2016. Here are some of the success stories: Netflix, WordPress.com, FastMail.FM.

The sources and documentation are distributed under the 2-clause BSD-like license.

Community website here.

Commercial support is available from Nginx, Inc.

How to Install Nginx from Ubuntu repository ?

sudo apt-get install nginx
nginx -v
nginx version: nginx/1.4.6

Here 1.4.6 is very old and stable release of Nginx. So then how to install the latest version.

Install Nginx Version 1.9.x/1.10.x/1.11.x:

Add repository URLs to “/etc/apt/sources.list.d/nginx.list”
deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx
debsrc http://nginx.org/packages/mainline/ubuntu/ trusty nginx

Now add nginx signing key

wget q O http://nginx.org/keys/nginx_signing.key | sudo aptkey add

Update your system to latest package in nginx repos
sudo apt-get update
Install latest nginx
sudo apt-get install nginx
Now you can see v1.11.5 has been installed on you machine
nginx -v
nginx version: nginx/1.11.5

Read Full Post »

Requirements:

  • OpenSSL installed in Ubuntu
  • Following details for your SSL certificate
    • Country (2 digit ex, IN)=MY,
    • State or =Malaysia,
    • Locality or City=Kuala Lumpur,
    • Organization Name=Marutham Infra Services Sdn Bhd,
    • Organizational Unit Name=Cloud and Advance Services,
    • Common Name (e.g. server FQDN)=maruthuminfra.com.my

Generate CSR:

  • Now Generate Certificate Signing Request (CSR), It also generates Private Key file(Make sure it is protected and no one has access to this file). We use RSA 2048 bit Encryption with SHA256 Hashing algorithm as shown below.
  • openssl req -new -newkey rsa:2048 -nodes -sha256 -out test.csr -keyout test.key -subj “/C=MY/ST=Malaysia/L=Kuala Lumpur/O=Marutham Infra Services Sdn Bhd/OU=Cloud and Advance Services/CN=maruthaminfra.com.my”

  • CSR generation done. Now you may send you CSR file to CA Issuer.
  • Next Install SSL at Load balancer or WebServer or Proxy Server or Application Server where you SSL is getting terminated.

Any Questions, Please comment below

யாதும் ஊரே யாவரும் கேளிர் – புறநானூறு

Read Full Post »