Explore information related to certificate

Secure osTicket with Lets Encrypt SSL Certificates - Do it Now

This article covers how secure osTicket with Let’s Encrypt SSL Certificates. You can use the Certbot to request for SSL certificates from Let's Encrypt Certificate Authority. The tool is not available by default and will need to be installed manually.

To Install certbot certificate generation tool:

1. Install certbot on Ubuntu /Debian:

# Install certbot on Ubuntu /Debian

$ sudo apt update

# Apache

$ sudo apt-get install python-certbot-apache

# Nginx

$ sudo apt-get install python-certbot-nginx

2. Install certbot on CentOS 8 / CentOS 7:

On a CentOS system run either of the following commands:

# CentOS 8

## For Apache

$ sudo yum -y install python3-certbot-apache

## For Nginx

$ sudo yum -y install python3-certbot-nginx

# CentOS 7

## For Apache

$ sudo yum -y install python2-certbot-apache

## For Nginx

$ sudo yum -y install python2-certbot-nginx

Read More

Encrypt email messages in Outlook - Follow this guide now

This article covers the different methods to encrypt email messages in Outlook: using certificates (S/Mime), Office 365 Message Encryption (OME), and using encryption add-ins.

To Encrypt a single message:

1. In message that you are composing, click File > Properties. 

2. Click Security Settings, and then select the Encrypt message contents and attachments check box. 

3. Compose your message, and then click Send.

In Outlook, All attachments are encrypted.

Recipients who access the encrypted email via the Office Message Encryption portal can view attachments in the browser.

Note that if the recipient of the file is using an Outlook.com account, they can open encrypted Office attachments on the Office apps for Windows.

To view an encrypted email in Outlook:

1. Select Read the message.

2. You'll be redirected to a page where you can sign in and receive a single-use code.

3. Check your email for the single-use code. Enter the code in the browser window, then select Continue to read your message.

To encrypt a message in Office 365:

1. Sign in with Global Admin credentials.

2. Click on Admin.

3. Click on Settings.

4. Click on Services & add-ins.

5. Click on Microsoft Azure Information Protection.

Read More

The URI Failed to Connect to the Hypervisor - Fix it now

This article covers methods to resolve hypervisor error. The error message is misleading about the actual cause. This error can be caused by a variety of factors, such as an incorrectly specified URI, or a connection that is not configured.


1. Incorrectly specified URI

When specifying qemu://system or qemu://session as a connection URI, virsh attempts to connect to host names system or session respectively. This is because virsh recognizes the text after the second forward slash as the host.

Use three forward slashes to connect to the local host. For example, specifying qemu:///system instructs virsh connect to the system instance of libvirtd on the local host.

When a host name is specified, the QEMU transport defaults to TLS. This results in certificates.

2. Connection is not configured

The URI is correct (for example, qemu[+tls]://server/system) but the certificates are not set up properly on your machine. For information on configuring TLS, see Setting up libvirt for TLS available from the libvirt website.

Read More

Nginx Ingress with Cert-manager on DigitalOcean

This article covers how to set up Nginx ingress on DigitalOcean Kubernetes with cert-manager. Popular Ingress Controllers include Nginx, Contour, HAProxy, and Traefik. Ingresses provide a more efficient and flexible alternative to setting up multiple LoadBalancer services, each of which uses its own dedicated Load Balancer.
Here, you will learn how to set up an Nginx Ingress to load balance and route external requests to backend Services inside of your Kubernetes cluster.

You also secured the Ingress by installing the cert-manager certificate provisioner and setting up a Let's Encrypt certificate for two host paths.
Most Ingress Controllers use only one global Load Balancer for all Ingresses, which is more efficient than creating a Load Balancer per every Service you wish to expose.

Helm is a package manager for managing Kubernetes. Using Helm Charts with your Kubernetes provides configurability and lifecycle management to update, rollback, and delete a Kubernetes application.

Once you’ve set up the Ingress, you’ll install Cert Manager to your cluster to be able to automatically provision Let’s Encrypt TLS certificates to secure your Ingresses.

Read More

Setup OpenVPN on Windows Server

This article will guide you on how to setup OpenVPN on windows.

OpenVPN is a virtual private #network (#VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. 

To Configure OpenVPN client as service on Windows:

1. Editing your OpenVPN client configuration.

2. Storing your PrivateVPN.com credentials in a file.

3. Import edited .ovpn file and user.auth file to OpenVPN #config folder.

4. Configuring OpenVPN service to start automatically on boot.

To connect to OpenVPN from Windows Server:

i. Navigate to your #OpenVPN Access Server client web interface.

ii. Login with your credentials.

iii. Select 'OpenVPN Connect for #Windows'.

iv. Wait until the download completes, and then open it (specifics vary depending on your browser).

Read More

Install SSL Certificate in IIS 7

This article will guide you on steps to #install SSL Certificate in IIS 7 #windows 2008 server. 

IIS (Internet Information Services) is used to host ASP.NET web applications and static #websites. It can also be used as an #FTP server, host WCF services, and be extended to host #web #applications built on other platforms such as #PHP. There are built-in authentication options such as Basic, ASP.NET, and Windows auth.

To install a certificate in Windows Server:

i. In the left pane of the console, double-click #Certificates (Local Computer). 

ii. Right-click Personal, point to All Tasks, and then select Import. 

iii. On the Welcome to the Certificate Import Wizard page, select Next. 

iv. On the File to Import page, select Browse, locate your certificate file, and then select Next.

To enable SSL in IIS:

1. On the #IIS server, start the IIS Manager (on the Windows taskbar, select Start > Administrative Tools > Internet Information Services (IIS) Manager).

2. Enabling SSL in IIS

3. In Type, select https.

4. In SSL certificate, select an appropriate certificate from available choices.

5. Click OK.

Read More

Digitally Signed Files with PowerShell

This article will guide you on how to implement reporting on digitally signed files with PowerShell. 

Get-Command gets the commands from PowerShell modules and commands that were imported from other sessions. 

To get only commands that have been imported into the current session, use the ListImported parameter. 

Without parameters, Get-Command gets all of the cmdlets, functions, and aliases installed on the computer.

Read More

Security certificate does not specify subject alternative names

This article will guide you on steps to fix #Security certificate does not specify subject alternative names. 

Basically, the #error, Security certificate does not specify subject alternative names trigger if the certificate does not have the correct SubjectAlternativeName extension.

Subject Alternative Names or SANs allow you to secure multiple domains from one SAN SSL certificate. SANs are additional domain names added to an SSL certificate.

To add a Subject Alternative Name to a certificate:

1. If you want to add #SAN, most CAs allow you to reissue a certificate with new details, though this will usually revoke your old certificate. 

2. You don't need the old CSR to reissue a certificate, you can instead create a new CSR with the updated details using a new or existing private key.

The Subject Alternative Name (#SAN) is an extension to the X. 509 specification that allows users to specify additional host names for a single SSL certificate. The use of the SAN extension is standard practice for #SSL #certificates, and it's on its way to replacing the use of the common name.

Read More

Windows update error 0x800B0109

This article will guide you on steps to fix the #windows #update error 0x800B0109.

Windows error code #0x80070422 refers to an inability of Windows 7 to startup the Windows Update service so your computer can connect to the update servers at Microsoft.

Steps For Fixing #Error Code #0x800b0109:

1. Open Administrative Tools from Control Panel. Open Control Panel, type administrative tools in the search box, and then click Administrative Tools.

2. Double-click Services.  If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.

3. Right-click the Background Intelligent Transfer Service (BITS) service, and then click Properties.

4. On the General tab, next to Startup type, make sure that Automatic (Delayed Start) is selected.

5. Next to Service status, check to see if the service is started. If it’s not, click Start.

6. Click OK to close the #Properties dialog box.

7. Right-click the Windows Event Log service, and then click Properties.

8. On the General tab, next to Startup type, make sure that Automatic is selected.

9. Next to Service status, check to see if the service is started. If it’s not, click Start.

Read More

Nginx multiple domains SSL Certificates

This article will guide you on steps to resolve common issues with "Nginx multiple domains #SSL". Basically, the multi-domain SSL #certificate offers security for multiple websites.
The technique for hosting more than one domain/subdomain on a single IP address/host is called #virtual #hosts. The http get request contains the domain name that the requests is for which allows the web server to match up the request with a particular virtual domain.
You can host multiple websites on #Nginx:
1. Configure Nginx to Host Multiple Websites.
2. Create Directory Structure.
3. Create Virtual Configuration.
4. Test Your #Websites.
5. Adding PHP-FPM Support to Nginx.

Read More

Error code 15 in VestaCP

This article will guide you on different methods to resolve #VestaCP #error code 15 which happens when trying to add #Lets #Encrypt SSL to a domain which already had Lets Encrypt set up.

To Fix SSL/TLS Certificate Error – Invalid SSL #Certificate Error:

1. First, verify whether the #Firewall or #Antivirus program is interrupting #SSL connection. 

2. Clear #cache files, internet browsing history, and cookies.

3. Verify whether the system's date is correct, whether it matches the current time zone.

Read More

Setting up OCSP stapling on Apache

This article will guide you on how to configure OCSP stapling on the Apache server.

To Check if #OCSP #stapling is enabled:

Go to https://www.digicert.com/help and in the Server Address box, type in your server address (i.e. www.ibmimedia.com). If OCSP stapling is enabled, under #SSL Certificate has not been revoked, to the right of OCSP Staple, it says Good.

To Configure your Apache server to use OCSP Stapling:

1. Edit your site's #VirtualHost SSL configuration. 

2. Add the following line INSIDE the <VirtualHost></VirtualHost> block: SSLUseStapling on. 

3. Check the configuration for errors with the Apache Control service. Apachectl -t.

4. Reload the Apache service. service apache2 reload.

Read More

How to Set Up Multiple SSLs on One IP With Nginx

This article will guide you on how to set up multiple #SSL #certificates on one #IP with #Nginx. 

To set up Multiple SSL Certificates on a Single IP Using Nginx:

1. Domain names should be registered in order to serve the certificates by SNI.

2. Root Privileges to the server.

3. Nginx should already be installed and running on your #VPS. To #install Nginx: # sudo apt-get install nginx.

4. Make sure that #SNI is enabled in the #server.

Read More

Send Syslog with SSL TLS to Nagios Log Server

This article will guide you on how to Send #Syslog with #SSL / #TLS to Nagios Log Server by encryption which ensures that the #traffic between the #Linux machine and Nagios Log Server is not sent in plain text.

Read More

Steps to create a Self-Signed SSL Certificate for Apache in CentOS 8

This article will guide you on how to configure #Apache to serve encrypted requests using a self-signed SSL certificate and to redirect unencrypted HTTP requests to #HTTPS. Self-signed #certificates or certificates issued by a private CAs are not appropriate for use with the general public. It can only properly verify the identity of the server when it is signed by a trusted third party because any attacker can create a self-signed certificate and launch a man-in-the-middle attack.

Read More

Step by step process to Secure Apache with Lets Encrypt on CentOS 8

This article will guide you on the process to secure #Apache with Let’s Encrypt by installing Let's Encrypt #Certbot client, downloading #SSL #certificates for the #domain, and setting up automatic certificate renewal.

The objective of Let's Encrypt and the #ACME protocol is to make it possible to set up an #HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention.

Read More

Enable OCSP stapling on Nginx Server

This article will guide you on the steps to configure OCSP stapling on the Nginx server.

Read More

VMWare vCenter Self-Signed Certificate Warning

This article will guide you on the steps to remove VMWare vCenter Self-Signed Certificate Warning.

Read More

Centralizing logs on Ubuntu with Journald

This article will help you to configure centralization of logs with Journald on Ubuntu for both the Server and Client system.

Read More

Easy way to fix connection timed out error during http-01 challenge propagation in Kubernetes

Best fix to "Connection timed out" error during http-01 challenge propagation.

Read More

Solution to SSLPassPhraseDialog builtin is not supported on Win32 error

Easy way to fix  SSLPassPhraseDialog builtin is not supported on Win32 error in relation to Apache web server.

Read More

Fix Docker error certificate signed by unknown authority

We have helped our customers solve numerous Docker related issues as part of our Linux Server Support Services.

Read More

Fix Cloudflare error 526 Invalid SSL certificate

When a server's SSL/TLS certificate cannot be validated by Cloudflare Service then an SSL issue known as "error 526" occurs.

Read More

Easy way to convert cPanel SSL Certificate from PEM format to PFX

pem is a de-facto file format called Privacy-Enhanced Mail. These are interchangeable file extensions for the PKCS#12 format. 

Technically, PKCS#12 is the successor to Microsoft's PFX format, but they have become interchangeable. PKCS#12 files are archives for cryptographic material.

PKCS#12 (also known as PKCS12 or PFX) is a binary format for storing a certificate chain and private key in a single, encryptable file.

All SSL Certificates require a private key to work. The private key is a separate file that's used in the encryption/decryption of data sent between your server and the connecting clients.

A private key is created by you—the certificate owner—when you request your certificate with a Certificate Signing Request (CSR).

Basically, the default SSL file format used by apache web server is the PEM format. Whereas PFX files are used on MacOS and Windows systems to do export and import activities of private keys and certificates.

Read More