Generate CSR for SSL on Apache mod SSL + OpenSSL

After recently installing an SSL certificate on one of my servers, I decided it was time I told myself how I do it.. rather than guessing from scratch each time.

Source page…
Generate CSR for SSL on Apache mod SSL + OpenSSL

For archive purposes
Generate a Certificate Signing Request (CSR) for an SSL Certificate from RapidSSL.com
Apache + Mod SSL + OpenSSL

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to RapidSSL.com in order to be generated into a SSL Security Certificate.

OpenSSL is the open source project that replaced SSLeay. If you are using SSLeay on your system instead of OpenSSL, substitute ssleay with openssl for the commands.

1. Install OpenSSL, if not found on your server.

2. Create a RSA key for your Apache server:

cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.)

If you have a different path, cd to your server’s private key directory
3. Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver: Warning: If you lose or forget the passphrase, you must purchase another certificate.

openssl genrsa -des3 -out domainname.key 1024

You could also create a private key without file encryption if you do not want to enter the passphrase when starting your webserver:

openssl genrsa -out domainname.key 1024

Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key

4. Type the following command to create a CSR with the RSA private key (output will be PEM format):

openssl req -new -key domainname.key -out domainname.csr

* Note: You will be prompted for your PEM passphrase if you included the “-des3” switch in step 3.

5. When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: <> ~ ! @ # $ % ^ * / \ ( ) ?.,&

DN Field

Explanation

Example
Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR’s common name must be www.yourdomain.com.
Organization The exact legal name of your organization. Do not abbreviate your organization name. RapidSSL.com
Organization Unit Section of the organization Marketing
City or Locality The city where your organization is legally located. Wellesley Hills
State or Province The state or province where your organization is legally located. Can not be abbreviated. Massachusetts
Country The two-letter ISO abbreviation for your country. US

6. Do not enter extra attributes at the prompt.

Warning: Leave the challenge password blank (press enter)

Note: If you would like to verify the contents of the CSR, use the following command:

openssl req -noout -text -in domainname.csr

7. Submit your CSR to RapidSSL.com using the online application pages.

Create a backup of your private key!

Make a copy of the private key file (domainname.key) generated in step 3 and store it in a safe place! If you lose this file, you must purchase a new certificate.

* The private key file should begin with (when using a text editor)

—–BEGIN RSA PRIVATE KEY—– and end with —–END RSA PRIVATE KEY—–.

To view the contents of the private key, use the following command:

openssl rsa -noout -text -in domainname.key

eWebedit in Firefox

To get eWebedit working in Firefox, you’ll need to install an activex interpreter. This should be automatically installed by visiting this Esker plugin demo page.

Once the demo is working, you’ll need a user agent switcher to fool eWebedit into thinking you are using Netscape 7.
User agent switcher

After restarting Firefox, if you don’t have a Netscape 7 user agent string installed by default.. check under Tools -> User Agent Switcher ->
then you can import mine.
User Agent Strings (Right click -> Save Links As)
Tools -> User Agent Switcher -> Options -> Options -> User Agents -> Import

Select Netscape 7 as your User Agent, visit your page that uses eWebedit, and all should be rosy. You’ll need to switch the User agent to Netscape 7 each time you want to use eWebedit after closing Firefox.

Red eye serial / MythTV control script for NTL set top box

In mythtv-setup under ‘Input connections’ (or something) type
/home/mythtv/.mythtv/sendkeys.sh

Then create this sendkeys.sh script in the directory mentioned above.

#!/bin/sh
for digit in $(echo $1 | sed -e 's/./& /g'); do
red_eye /dev/ttyS0 $digit 2
sleep 0.4
done



Decided this works better…

#!/bin/csh
echo "changing to $1"
/usr/local/bin/red_eye /dev/ttyS0 $1 2 &

Place the red_eye c program from
http://redremote.co.uk/serial/resdown.html
in /usr/bin or similar and you’re done.

Some perl module management scripts

This first script will list the perl modules you have installed and the version number.


#!/usr/bin/perl
#
use ExtUtils::Installed;
my $instmod = ExtUtils::Installed->new();
foreach my $module ($instmod->modules()) {
my $version = $instmod->version($module) || "???";
print "$module -- $version\n";
}

This 2nd will uninstall a perl module by passing it the module name.
i.e.

./filename.pl Mail::Bulkmail


#!/usr/bin/perl -w
use ExtUtils::Packlist;
use ExtUtils::Installed;
#
$ARGV[0] or die "Usage: $0 Module::Name\n";
#
my $mod = $ARGV[0];
#
my $inst = ExtUtils::Installed->new();
#
foreach my $item (sort($inst->files($mod))) {
print "removing $item\n";
unlink $item;
}
#
my $packfile = $inst->packlist($mod)->packlist_file();
print "removing $packfile\n";
unlink $packfile;

Tidy list of what's listening on your ports

This chunk of code will show you a nice list of ports on which you have something listening.


#!/bin/sh
# listen - parse netstat -an output for listeners
netstat -an | awk '
BEGIN {
printf("%12s\t%5s\t%5s\n", "ADDRESS", "PROT", "PORT#")
printf("%12s\t%5s\t%5s\n", "-------", "----", "-----")
}
/ LISTEN / {
split($4,ip,":")
printf("%12s\t%5s\t%5s\n", ip[1], $1, ip[2])
}
'

Useful Web developer links

I just compiled this list of sites I regularly use and think are top notch
for a friend. Thought it was worth sharing.

Firefox and extensions – web browser
http://www.mozilla.org/products/firefox/
https://addons.mozilla.org/extensions/moreinfo.php?id=60
Essential extension. I think might come as standard
https://addons.mozilla.org/extensions/moreinfo.php?id=376
improves search box
https://addons.mozilla.org/extensions/moreinfo.php?id=343
improves search box
https://addons.mozilla.org/extensions/moreinfo.php?id=271
adds color picker/zoom and lots more
https://addons.mozilla.org/extensions/moreinfo.php?id=39
adds mouse gestures
https://addons.mozilla.org/extensions/moreinfo.php?id=216
aids debugging javascript

PHP tutorials – for creating dynamic web pages
http://www.w3schools.com/php/default.asp

SQL tutorials – language used to talk/ask questions of databases… i.e. mySQL
http://www.w3schools.com/sql/default.asp
http://sqlzoo.net/

Javascript Reference – windows help file
http://tinyurl.com/7rk6

PHP reference – windows help file integrates into Dreamweaver
http://www.tecnorama.org/document.php?id_doc=49

Sites for reading
http://sitepoint.com/ – Good all rounder – excellent newsletters, don’t be
scared to signup… they’re not spammers.
http://alistapart.com/ – Good RSS feed. Essential reading for good design practise
http://useit.com/ – Useability information. Some very good stuff but some parts
are a bit too opinionated.. in my erm, opinion

Resource sites
http://sourceforge.net/ – Open Source software

suexec

While trying to get a cgi script working on a PLesk managed box, I came across this error in /etc/httpd/logs/suexec_log

cannot stat program: (blahdeblah.cgi)

An explanation of this vague and misguiding message can be found here. It seems that’s a complaint because of the use of a symlink to point to the script.

Sloppy systems programming

Hello world!

Welcome to my first venture into blogging. This braindump will mostly contain useful tidbits discovered through my web development work… and will therefore petrify and possibly putrify the thought patterns of most of y’all.

Ta