Explore information related to openssl


Enable Git on Virtualmin - Best way to do it ?


This article covers steps to enable Git on Virtualmin. 

To do this:

  • Go to Webmin -> Webmin Configuration -> Webmin Modules.
  • In the From ftp or http URL field, enter the URL .http://download.webmin.com/download/plugins/virtualmin-git.wbm.gz .
  • Click the Install Module button.


Once the plugin is installed, you can enable it in Virtualmin as follows :

  • Go to System Settings -> Features and Plugins.
  • Check the box in the left hand column next to Git repositories.
  • Click Save.

Read More



No SSL library support - How to fix this Web Agent installation error


This article covers methods of resolving No SSL/library support: Web Agent installation error. This issue arises when you are trying to install a 32bit version of the agent on a 64bit system; the 32bit version of the agentadmin tool cannot open the 64bit SSL libraries.
Therefore, If your operating system does not include native openssl packages, you must install OpenSSL.

To fix this Web Agent installation error on Linux:
1. Ensure you are installing the appropriate version of the agent; if you have a 64bit operating system, you must install the 64bit agent.
2. Ensure either the operating system provides native openssl packages or OpenSSL is installed. If you are using OpenSSL, you can check that the OpenSSL libraries are in the correct location as follows and add them if they are missing:
a. Check that the LD_LIBRARY_PATH environment variable is set. For example: $ echo $LD_LIBRARY_PATH
b. Check that the OpenSSL libraries (libcrypto.so and libssl.so) are available in the path specified in this environment variable (LD_LIBRARY_PATH).

Read More



Secure osTicket with Lets Encrypt SSL Certificates - Do it Now


This article covers how secure osTicket with Let’s Encrypt SSL Certificates. You can use the Certbot to request for SSL certificates from Let's Encrypt Certificate Authority. The tool is not available by default and will need to be installed manually.


To Install certbot certificate generation tool:

1. Install certbot on Ubuntu /Debian:

# Install certbot on Ubuntu /Debian

$ sudo apt update

# Apache

$ sudo apt-get install python-certbot-apache

# Nginx

$ sudo apt-get install python-certbot-nginx


2. Install certbot on CentOS 8 / CentOS 7:

On a CentOS system run either of the following commands:

# CentOS 8

## For Apache

$ sudo yum -y install python3-certbot-apache

## For Nginx

$ sudo yum -y install python3-certbot-nginx

# CentOS 7

## For Apache

$ sudo yum -y install python2-certbot-apache

## For Nginx

$ sudo yum -y install python2-certbot-nginx

Read More



Security certificate does not specify subject alternative names


This article will guide you on steps to fix #Security certificate does not specify subject alternative names. 

Basically, the #error, Security certificate does not specify subject alternative names trigger if the certificate does not have the correct SubjectAlternativeName extension.

Subject Alternative Names or SANs allow you to secure multiple domains from one SAN SSL certificate. SANs are additional domain names added to an SSL certificate.

To add a Subject Alternative Name to a certificate:

1. If you want to add #SAN, most CAs allow you to reissue a certificate with new details, though this will usually revoke your old certificate. 

2. You don't need the old CSR to reissue a certificate, you can instead create a new CSR with the updated details using a new or existing private key.

The Subject Alternative Name (#SAN) is an extension to the X. 509 specification that allows users to specify additional host names for a single SSL certificate. The use of the SAN extension is standard practice for #SSL #certificates, and it's on its way to replacing the use of the common name.

Read More



Setting up OCSP stapling on Apache


This article will guide you on how to configure OCSP stapling on the Apache server.

To Check if #OCSP #stapling is enabled:

Go to https://www.digicert.com/help and in the Server Address box, type in your server address (i.e. www.ibmimedia.com). If OCSP stapling is enabled, under #SSL Certificate has not been revoked, to the right of OCSP Staple, it says Good.

To Configure your Apache server to use OCSP Stapling:

1. Edit your site's #VirtualHost SSL configuration. 

2. Add the following line INSIDE the <VirtualHost></VirtualHost> block: SSLUseStapling on. 

3. Check the configuration for errors with the Apache Control service. Apachectl -t.

4. Reload the Apache service. service apache2 reload.

Read More



Easy way to convert cPanel SSL Certificate from PEM format to PFX


pem is a de-facto file format called Privacy-Enhanced Mail. These are interchangeable file extensions for the PKCS#12 format. 

Technically, PKCS#12 is the successor to Microsoft's PFX format, but they have become interchangeable. PKCS#12 files are archives for cryptographic material.

PKCS#12 (also known as PKCS12 or PFX) is a binary format for storing a certificate chain and private key in a single, encryptable file.

All SSL Certificates require a private key to work. The private key is a separate file that's used in the encryption/decryption of data sent between your server and the connecting clients.

A private key is created by you—the certificate owner—when you request your certificate with a Certificate Signing Request (CSR).

Basically, the default SSL file format used by apache web server is the PEM format. Whereas PFX files are used on MacOS and Windows systems to do export and import activities of private keys and certificates.

Read More




For Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on LinuxAPT.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com






Focus on your business, not your servers.

Click Here to Learn More