SSL Tutorial #3: Importing Self-signed SSL Certificates for IE and Firefox


Only import certs signed by yourself or someone you deeply trust!
Importing certs signed by untrusted person may cause great loss to you!

1. Internet Explorer (System cert pool)

For self-signed single website cert, you should add it to trusted root CA.
For self-signed CA cert, just add the it to trusted root CA. Then all websites certs affiliated to it are automatically trusted.


SSL Tutorial #2: Configure Name-based Virtual Host for SSL on Apache with Scientific Linux 6 Web Server Installation

0. Notice

This tutorial aims at SL6/CentOS6 Web Server Installation and Apache.
If your server is with this configure, there is actually little effort to take. Otherwise more efforts will be required and you are suggested to look for other tutorials.

1. Copy SSL cert and key to corresponding directory

Copy SSL certification files (*.crt) to /etc/pki/tls/certs directory.
If your CA provide bundle cert file (*-bundle.crt), copy it there as well.

Copy SSL key file (*.key) to /etc/pki/tls/certs directory.


SSL Tutorial #1: Creating Self-signed SSL CA Certificate and Issuing Own Domain Certificate

1. Create a single self-signed website cert

If you only need a cert for one or a few domains, there is no need to create a CA cert. A single website cert is enough.

1.1. Generate SSL key and cert file

openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.crt

SSL Tutorial #0: Why You Need Self-signed SSL Certificate

1. Why you need an SSL certificate?

You may have built a personal blog using WordPress on a VPS or Web Hosting. Unfortunately, WordPress sends username and password in plain text by default when logging in. And if your IDC does poorly on isolating network for virtual servers, other VPS/Web Hosting users may sniff and catch your password — a quite dangerous situation.

It’s not WP’s fault to send plain-text password, because most blog owners can only utilize port 80 (HTTP port, non-encrypted). However if you have the access to configure to use port 443 (HTTPS port, ‘S’ for secure), you are recommended to utilize this port for better safety.


Configure Fail2Ban on Scientific Linux 6

Recently I re-installed my server and modified website directory. However, some badbots kept scanning non-existent blog URL, trying to break password via brutal force. Although that attempt is futile since I use strong password, I still decide to find a way to block them out.

Fail2Ban is a handy software that examines logs for various services and bans ip using iptables.

  1. First of all, install fail2ban.
    yum install fail2ban
  2. Add your own filter file.
    You may use any filename you like. Here I use myfilter1 as an example.

    touch /etc/fail2ban/filter.d/myfilter1.conf


Installing Math Extension on MediaWiki (Scientific Linux 6)

First of all, you should have installed EPEL repository. Although not installed natively with SL, it is usually deployed soon after installation — and it’s really handy.

Also, I believe you have deployed some kind of web server environment (e.g. LAMP) as well as MediaWiki.

Keep an eye on any error prompt and let’s start.

  1. Install tetex
    Although you cannot find it with yum search, you can still install it with yum.
    sudo yum -y install tetex
    It actually installs some texlive packages.
  2. Install dvipng
    sudo yum -y install dvipng