Only import certs signed by yourself or someone you deeply trust!
Importing certs signed by untrusted person may cause great loss to you!
1. Internet Explorer (System cert pool)
For self-signed single website cert, you should add it to trusted root CA.
For self-signed CA cert, just add the it to trusted root CA. Then all websites certs affiliated to it are automatically trusted.
Continue reading “SSL Tutorial #3: Importing Self-signed SSL Certificates for IE and Firefox”
This tutorial aims at SL6/CentOS6 Web Server Installation and Apache.
If your server is with this configure, there is actually little effort to take. Otherwise more efforts will be required and you are suggested to look for other tutorials.
1. Copy SSL cert and key to corresponding directory
Copy SSL certification files (*.crt) to
If your CA provide bundle cert file (*-bundle.crt), copy it there as well.
Copy SSL key file (*.key) to
Continue reading “SSL Tutorial #2: Configure Name-based Virtual Host for SSL on Apache with Scientific Linux 6 Web Server Installation”
1. Create a single self-signed website cert
If you only need a cert for one or a few domains, there is no need to create a CA cert. A single website cert is enough.
1.1. Generate SSL key and cert file
openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.crt
Continue reading “SSL Tutorial #1: Creating Self-signed SSL CA Certificate and Issuing Own Domain Certificate”
1. Why you need an SSL certificate?
You may have built a personal blog using WordPress on a VPS or Web Hosting. Unfortunately, WordPress sends username and password in plain text by default when logging in. And if your IDC does poorly on isolating network for virtual servers, other VPS/Web Hosting users may sniff and catch your password — a quite dangerous situation.
It’s not WP’s fault to send plain-text password, because most blog owners can only utilize port 80 (HTTP port, non-encrypted). However if you have the access to configure to use port 443 (HTTPS port, ‘S’ for secure), you are recommended to utilize this port for better safety.
Continue reading “SSL Tutorial #0: Why You Need Self-signed SSL Certificate”
Recently I re-installed my server and modified website directory. However, some badbots kept scanning non-existent blog URL, trying to break password via brutal force. Although that attempt is futile since I use strong password, I still decide to find a way to block them out.
Fail2Ban is a handy software that examines logs for various services and bans ip using iptables.
- First of all, install fail2ban.
yum install fail2ban
Add your own filter file.
You may use any filename you like. Here I use myfilter1 as an example.
Continue reading “Configure Fail2Ban on Scientific Linux 6”
First of all, you should have installed EPEL repository. Although not installed natively with SL, it is usually deployed soon after installation — and it’s really handy.
Also, I believe you have deployed some kind of web server environment (e.g. LAMP) as well as MediaWiki.
Keep an eye on any error prompt and let’s start.
- Install tetex
Although you cannot find it with yum search, you can still install it with yum.
sudo yum -y install tetex
It actually installs some texlive packages.
sudo yum -y install dvipng
Continue reading “Installing Math Extension on MediaWiki (Scientific Linux 6)”