Month: December 2007

Authentication modules in Linux/Unix – PAM

Authentication modules in Linux/Unix – PAM

Pluggable authentication modules or PAM provides a way to develop programs that are independent of authentication scheme. These programs need “authentication modules” to be attatched to them at run-time in order to work. Which authentication module is to be attatched is dependent upon the local system setup and is at the discretion of the local system administrator.

Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level authentication schemes into a high-level API, which allows for programs that rely on authentication to be written independently of the underlying authentication scheme. PAM was first proposed by Sun Microsystems in an Open Software Foundation RFC dated October, 1995. It was adopted as the authentication framework of the Common Desktop Environment. As a stand-alone infrastructure, however, PAM first appeared from an open-source, Linux-PAM, development in Red Hat Linux 3.0.4 in August of 1996. PAM is currently supported in AIX, FreeBSD, HP-UX, Linux, Mac OS X, NetBSD and Solaris. PAM was later standardized as part of the X/Open UNIX standardization process, resulting in the X/Open Single Sign-on (XSSO) standard.

The pluggable nature of PAM is one reason for using dynamic linking of system binaries. However, this necessitates the availability of a recovery mechanism should a problem develop in the linker or shared libraries; for example both NetBSD and FreeBSD supply a /rescue directory containing statically linked versions of important system binaries.

pam-nss

phonewala.com

phonewala.com

Features of PhoneWala.com

PC-to-Phone Service

Phonewala.com is an Internet telephony service. It connects your PC to any telephone (fixed line as well as mobile) around the world. The calls are established using the IP technology. With this service you can now call your friends and family anywhere around the world, at a fraction of regular ISD charges. The voice transmission is of very high quality.

Net4 in association with Trak Online Net India Pvt Ltd, a licensed Internet Telephony Service Provider (ITSP), pioneered this technology in India for the retail market. Phonewala.com is backed by the reliability and technology competence associated with Net4.

What will I need to make calls from my PC?

* Internet connection.
* Multimedia kit
– full-duplex sound card.
– speakers and microphone (or headset).
* Global PC-to-Phone Calling Card (Phonewala Card).

What are the Advantages?

* Low rates: Up to 80% saving on international call charges.
* Call-on-the-Move: No need to depend on ISD facility telephone lines.
* No Hidden Costs: Phonewala.com DOES NOT charge any security deposit, activation fee, etc. You can make calls worth the full value of the Card.

What are the Benefits?

* Latest technology.
* Easy to use.
* Excellent service and support.
* Simple, on-line account administration.

How to Call?

* Buy a calling card from your nearest Net4India branch or online from this website
* Download and install the Dialer – log in using the username and password provided
* Select the destination (country) and start calling!

VOIP service in India

VOIP service in India

I dont know what got me suddenly but yesterday I wanted to know all that is legal & available w.r.t VOIP.So I made a call to Mr.Adil.Doctor who is the Linksys Sales Manager(India) & is located at Cisco Systems Pvt Ltd,Mumbai.

After getting a brief idea about where VOIP is in India he informed me that a call from a VOIP phone to a PSTN/Mobile isnt legal in India.International calling is legal through the calling cards which can be got from Internet Telephony Service Provider such as Phonewala.com.

Although he couldnt provide all the information I was looking for but he has promised he will forward me to someone from the Cisco Bangalore office so that I could get my doubts cleared.

Asterisk Saga!!

Asterisk Saga!!

We worked on an Asterisk setup project couple of months ago. It was a rocking experience. Me being in the story, has written up a saga on it! Credits to the whole team that worked on it!Here you go on the Asterisk Saga!
asterisksag

It was Friday evening, Time to party. Not just yet! We came to know about this project. The Client’s requirement was to setup a working Asterisk Voice over IP server. This would enable them to route internal and external calls using a computer, a Digium ISDN card, and the Asterisk software. Seven companies had laid their hands and minds on it. Sounds interesting? Yes on a weekday it would be.The client had a server with Asterisk installed on it. But it was not working. Many people, including some regarded as experts in the field, had tried to solve the problems for the last two weeks, but everyone failed. And the client wanted us to get this working before Sunday – at any cost – as there was an important presentation to the CEO of one of the largest telecom companies in India. Does it get any bigger than this! Of course it does. Read on…

To give you a little background, we have an Asterisk based phone system setup in our office. Nirav – our Chairman – had blogged about the problems we faced setting it up with the ISDN line. Sudish – the client – read this post after a Google, and got his ISDN connection working when he followed those instructions. That’s why he called us up, after some failed attempts from many.

Nilkanth, our Systems Team Leader, and a true hero in this story, informed the team about the project. The server was physically located in another city, and we had shell access to it. Nirav had setup most of the things on the Asterisk Server in Magnet. And Ali knew some part about dial plans. Rest of the team knew only the basics of the technology till that Friday evening. Then What?

What else? We jumped in to the battle like brave warriors, The first enemy to tackle was getting hold on more than the basics and doing that with a timer. We had just one plan. “Ground work first and all the detailed documentation, long process can come in later. Quick analysis seemed the need of the hour and the only trigger we had was a couple of Samosas and chai. Not a bad start at all. The first strike from our team was a detailed check- list of priorities, delegation of all the duties on the list to the best to be working on them. Who knows better than our Nilkanth of his team capabilities?

Now, things started like this for us. Ali left early that evening. Nirav and Nilkanth were working on the server to fix the issues. The Asterisk server was not able to route outgoing calls at that time. There were lots of errors and warnings. We found many files edited by different people. Initially, we tried fixing them. We grouped the errors, set priorities, and got on to them. But the setup was all messed up. It was 6pm by then. Nirav had to leave so, he told us which important files need attention and left. So there was Nil, Arun and me. We tried to fix those errors one by one. But it still did not work. We decided to re-compile Asterisk. We took a backup of current configuration, downloaded the version the client wanted, and re-compiled. We re-configured things. Now we had fixed all the errors the log files were clean. The outgoing calls from command line were working fine. But, the incoming calls were not coming in – seemed like they were going to a blackhole! Various Voice over IP clients like eyeBeam, SJPhone were showing the Error 403!! It was 3am Saturday by then. We had already decided that no matter what happens, we are going to get it working and only then we will leave for home. Challenges don’t push us down, they make us rise higher!

The spirit of the team and determination to get over the problem helped us to stay focussed. Each of us motivated the other person.

We rebooted the system since we had re-compiled and re-configured, but… we invited more trouble!! The server was unable to detect the Digium card that connects the software with the ISDN line bearing the telephone connections. Oops!!!

This was like adding insult to an injury! We were stuck and no one could suggest how to proceed. We Googled the error. We decided to insert the card in a different slot on the computer. We called up Sudish, who was awake with us and asked him to plug-in the Digium card into another slot. He immediately arranged some person on the site and did exactly as we asked. The machine was rebooted again. And the error still showed up!

After some deep debugging, Nil figurred that the problem is due to Kudzu. Kudzu is a hardware detection agent on RedHat Linux, and it was detecting the card, but not able to understand what it was. We shut off Kudzu on the server, and that got the card back to life!

It was Saturday morning now, and the phones were still not working. Vishal“ our CTO  pitched in and we all started working on identifying what’s really causing the problems. Vishal’s jumping in encouraged the team and showed his commitment. He brought a new perspective and was really helpful in checking our assumptions and also researching.

Sudish had a hair pulling time while all this was happening, as the time for the presentation was approaching very quickly. He had all his hopes on us. Did that pressurize us? No we were honoured by the trust.

Sudish was very cooperative in all this… he was with us, offered us his ideas, showed great faith in us and supported us thoroughly. As a matter of fact he was also awake with us to help us. What more can we expect?

We then took a new approach. One closed door did not stop us. We just looked out for another one. We started observing the issues from another angle and brainstormed to analyze a little differently. We divided work: we took turns to download, research, try on our server, communicate with client, think / plan, take care of needs etc. This helped each ones point of view bring new solutions.

Right then, we found that some of the pre-requisites for the operating system were not installed on the server. We downloaded and installed all those hoping that it would fix it! Lady luck was not in our favor, and doing this too did not make the system work! The day went in configuring and re-configuring the setup. Trying out different combinations to see if something would work. The same setup files that worked for us, and a lot of other people, did not work on this particular server.

Sunday morning…and we were all stressed. The client had urgent requirement, the team was working continuously on this from Friday morning, putting their best efforts. Vishal was with us and Nirav in the loop. Nirav actually logged onto the server remotely during break timings of his seminar and tried to solve the problems. Unfortunately, he could also not solve it. This was really getting hot now!

Sunday morning, we spent half an hour discussing the problems and possible solutions with Nirav. He encouraged the team and showed his support. He told us that he will get back to us on chat by evening. But I had some intuition and I told him… “hopefully we will tell you that things are working.. by evening.

By late morning, we were getting close. We had fixed most of the problems. We were now able to receive calls on the server. We could make outgoing calls from the common line and the interactive voice response system was working too. But the extensions were not registering with the server yet. We re-considered everything. We had a very good dial plan, we had all files configured correctly. We had provided all dependencies to the kernel. So there was very little chance of any problem with all that. Now the only thing that could have some problem was – well, Asterisk itself!

We planned to install the latest version again. We compiled Asterisk 1.2.13 keeping the configuration and the other libraries files intact. Vishal started eyeBeam software phone client and to his surprise, it registered! Catching hold of his excitement, he tried it again. And it worked again. He tried calling, and that worked too! Within a minute, all of us were on it. And every single thing worked! We checked the incoming calls, outgoing calls and the calls within network.. everything working fine! The final compilation helped us fix the issue. We setup our final extension dial plan. And called the client from the working software phone, and gave him the good news! It was Sunday afternoon, and our afternoon tea was unforgettable that day! Not less meaningfull than a medal that said GREAT and ON TIME.

And now, of course the moral of the story! First of all, weekends don’t need to be the same, they can be more intersting than you are prepared for. Teamwork, Dedication and Planning can take you out of the most difficult situation. We did well but that would not be enough if our planning was not to do it on time and that made all the difference. So conclusion – we understood the final goal, we chalked the steps to get there. We started as a team and finished as a team. We left each work to the best in the team. We enjoyed the challenges. We went back to the drawing board when one option did not work. We assured and updated the client at all times to find more faith and trust each time.

I think this is one rocking weekend one can have, I could not learn and experience more in 48 hours. Waiting for such interesting weekends ahead!

(People in the photo above, L to R: Ali, Jayesh, Nilkanth, Arun, Ameya. Thanks to Prakash for the creative Image work!)

Asterisk PBX server behind NAT (asterisk port forwarding)

Asterisk PBX server behind NAT (asterisk port forwarding)

If Your asterisk server is behind NAT then to access asterisk from outside world you need to use the port forwarding features of iptables in Linux.

Steps for asterisk Port forwarding

1] Check rtp.conf file in asterisk

root@indiangnu.org:/etc/asterisk# cat rtp.conf
;
; RTP Configuration
;
[general]
;
; RTP start and RTP end configure start and end addresses
;

rtpstart=10000
rtpend=20000

root@indiangnu.org:/etc/asterisk#

*
In rtp.conf file rtpstart and rtpend variables defines which range of port is your asterisk server using for data transfer at real time it is 10000 to 20000 range.

*supose IP address of Asterisk server is 192.168.1.150

2] Apply iptables rules for port forwarding

#Port forwarding for Asterisk
itables -I FORWARD -s 192.168.1.150 -p tcp –dport 5060 -j ACCEPT

#port forwarding for TCP
itables -A PREROUTING -t nat -i eth3 -p tcp -m tcp –dport 5060 -j DNAT –to-destination 192.168.1.150

#port forwarding for UDP

iptables -A PREROUTING -t nat -i eth3 -p udp -m udp –dport 5060 -j DNAT –to-destination 192.168.1.150

#port forwarding for RTP traffic
iptables -I FORWARD -s 192.168.1.150 -p udp –dport 10000:20000 -j ACCEPT

iptables -A PREROUTING -t nat -i eth3 -p udp –dport 10000:20000 -j DNAT –to-destination 192.168.1.150

Thank you,

Arun Bagul

Squid with MySQL – authentication

Squid with MySQL – authentication

Squid is the widly used proxy server. We are using squid as proxy cahcing server with authnetication with PAM.. Now we have replace this squid with PAM authentication with squid with MySQL.

Installation and configuration –

* Download squid_mysql plugin from here…

1] go to directory where you have extracted squid_mysql plugin..

root@indiangnu.org:/home/arun# cd mysql_auth-0.8
root@indiangnu.org:/home/arun/mysql_auth-0.8#

2] Please change the src/mysql_auth.conf as shown below then run make command

root@indiangnu.org:/home/arun/mysql_auth-0.8# make
gcc -I/usr/include -L/usr/lib -c -o src/mysql_auth.o src/mysql_auth.c
gcc -I/usr/include -L/usr/lib -c -o src/confparser.o src/confparser.c
gcc -I/usr/include -L/usr/lib -c -o src/mypasswd.o src/mypasswd.c
gcc -o mysql_auth src/mysql_auth.c src/confparser.c -lmysqlclient -I/usr/include -L/usr/lib
gcc -o mypasswd src/mypasswd.c src/confparser.c -lmysqlclient -I/usr/include -L/usr/lib
root@indiangnu.org:/home/arun/mysql_auth-0.8#

3] Make sure that squid user ie proxy and group shadow is exist.. if they are not exist then check your squid
configuration and set proper permission

root@indiangnu.org:/home/arun/mysql_auth-0.8# install -o proxy -g shadow -m 755 mysql_auth /usr/lib/squid/mysql_auth

root@indiangnu.org:/home/arun/mysql_auth-0.8# install -o root -g root -m 700 mypasswd /usr/local/bin/squid-passwd

root@indiangnu.org:/home/arun/mysql_auth-0.8# make -p /usr/local/squid/etc/
root@indiangnu.org:/home/arun/mysql_auth-0.8#

root@indiangnu.org:/home/arun/mysql_auth-0.8# install -o proxy -g root -m 600 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf
root@indiangnu.org:/home/arun/mysql_auth-0.8# install -o proxy -g root -m 600 src/mysql_auth.conf /usr/local/squid/etc/mysql_auth.conf.default
root@indiangnu.org:/home/arun/mysql_auth-0.8#

4] please update squid.conf file and add this line to use authentication

###########################################
#This is used for MySQL authentication
auth_param basic program /usr/lib/squid/mysql_auth
#For squid with PAM authentication
#auth_param basic program /usr/lib/squid/pam_auth -1

auth_param basic children 5
auth_param basic realm Magnet Internet Authentication
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
###########################################

* Add ACL in squid file at proper location

acl password proxy_auth REQUIRED
acl acl_name proxy_auth “/etc/proxy/user.list”
acl allow_sites dstdom_regex -i “/etc/proxy/allow.sites”
acl block_sites dstdom_regex -i “/etc/proxy/block.sites”

* add rule for access/privleges
http_access allow allow_sites
http_access deny block_sites !acl_name

* Configuration file for Squid with MySQL authentication

root@indiangnu.org:/home/arun/mysql_auth-0.8# cat src/mysql_auth.conf
#
# mysql_auth.conf – an mysql authenticator config file
# this is the default name. you can call this by other name,
# but set up it in mysql_auth-source/src/define.h.
#
# comment: first character in line is ‘#’
# empty line (EOL at first) allowed
#
# format of parameters and their values:
# parameter – SPACE(S) and/or TAB(S) – value
#
# IMPORTANT: see the mysql_auth-source/scripts/create_script
# this configuration file made by this script
#
# by Ervin Hegedus, 2002, 2003

# hostname
#
# where is the mysql server – the server hostname or IP address;
# first ‘hostname’ directive, and after space(s) or tab(s) its
# value
#
# default:
###################################

hostname 192.168.1.50

###################################
# user
#
# which user can connect to database
# default:

###################################

user mysql_user

###################################
# password
#
# user’s password for database, that store the accounts
# default:

###################################

password mysql_passwd

###################################
# database
#
# mysql database name, where accounts places are
# default:

###################################

database mysql_auth

###################################
# mysql socket
#
# if mysqld doesn’t use INET socket, you must to set this parameter
# where is the location of mysqld socket; if mysqld use INET socket,
# put NULL value
# default:

###################################

mysqld_socket /var/run/mysqld/mysqld.sock

###################################
# next three directives tells what will the select query,
# like this:
# SELECT * FROM table WHERE user_column LIKE “username” AND password_column LIKE “password”
# where username and password comes from client in HTTP header,
# and user_column and password_column is the columns name in table
# this is an easy way to tune this program to your existing database

# table
#
# the table name, where accounts exist in user-password pair
# default:

###################################

table squid_users

###################################
# user_column
#
# user column name in table
# if you already have a database, what contains user-password
# pair, you can set it here

###################################

user_column user_name

###################################
# password_column
#
# password column name in table
# like user column name above
###################################

password_column user_passwd

###################################
# encrypt_password_form
#
# passwords are stored in encrypted form,
# using mysql internal ‘password()’ function
# this mean, you just storing the passwords encrypted format,
# Squid and clients doesn’t use encrypt form!
# The value is case insensitive (YES/yes or not one of these).
# For backward compatibility, default is NO.
#
###################################

#encrypt_password_form NO
encrypt_password_form YES

###################################

root@indiangnu.org:/home/arun/mysql_auth-0.8#

* SQL dump file for Squid with MySQL.

root@indiangnu.org:/home/arun/mysql_auth-0.8# cat scripts/create_script

DROP DATABASE IF EXISTS mysql_auth;

USE mysql;
DELETE FROM user WHERE User LIKE ‘mysql_user’;
DELETE FROM db WHERE User LIKE ‘mysql_user’;
DELETE FROM tables_priv WHERE User LIKE ‘mysql_user’;

CREATE DATABASE mysql_auth;

USE mysql_auth;

CREATE TABLE squid_users
(user_name VARCHAR(16) NOT NULL PRIMARY KEY,
user_passwd VARCHAR(64) BINARY NOT NULL);

GRANT SELECT,INSERT,UPDATE,DELETE ON mysql_auth.* TO ‘mysql_user@’localhost’ IDENTIFIED BY ‘mysql_passwd’;
GRANT SELECT,INSERT,UPDATE,DELETE ON mysql_auth.* TO ‘mysql_user@’192.168.1.50’ IDENTIFIED BY ‘mysql_passwd’;

root@indiangnu.org:/home/arun/mysql_auth-0.8#

* How to create DB and import this file…

* login with root/admin user of MySQL

root@indiangnu.org:/home/arun/mysql_auth-0.8# mysql -u root -p < scripts/create_script

Enter password:

root@indiangnu.org:/home/arun/mysql_auth-0.8#

root@indiangnu.org:/home/arun/mysql_auth-0.8# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6805 to server version: 5.0.21-Debian_3ubuntu1-log

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> show databases;

* check output and restart squid service

Thank you,

Arun

sify autodialer – with expect tools

sify autodialer – with expect tools

1] command to start Sify internet connection automatically

root@indiangnu.org:~# cat /usr/local/bin/sify_autodialer
#!/bin/bash
/usr/bin/sifyconnect -o
/etc/init.d/sifybb stop
sifyd
/etc/sify/sifyautoconnect
/usr/bin/sifyconnect –info

root@indiangnu.org:~#

2] Modify  sify configuration file

root@indiangnu.org:~# head -n 5 /etc/sify/sifyautoconnect

#!/usr/bin/expect -f
#
# This Expect script was generated by autoexpect

# Expect and autoexpect were both written by Don Libes, NIST.
#
…..

….
…..
root@indiangnu.org:~# tail /etc/sify/sifyautoconnect
#
############################
#Add below line at the end of
set timeout -1
spawn /usr/bin/sifyconnect -l
match_max 100000
expect -exact “username :”
send — “myusername\r”
expect -exact “password :”
send — “mypassword\r”
expect eof
############################

root@indiangnu.org:~#

HTTP and HTTPS with Apache server

HTTP and HTTPS with Apache server

Apache is the most widely used web server. For secure HTTP protocol we need to check whether mod_ssl (Secure Socket Layer) module of Apache is installed/loaded or not… this mod_ssl module may be loaded as static or daynamic module. The static mean SSL support will be part of apache binary and in case of dynamic loading the so ie shared object file will be load by apache during run time.

  • How to chceck- is mod_ssl loaded ?

[root@indiangnu.org ~]# /usr/local/apache/bin/httpd -l
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_so.c
mod_setenvif.c
mod_ssl.c
mod_frontpage.c
suexec: enabled; valid wrapper /usr/local/apache/bin/suexec
[root@indiangnu.org ~]# httpd -l

  • Apache configuration file

#set port 80 for HTTP and 443 for HTTPS

<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

# Setting to vitual hosting

NameVirtualHost 192.168.1.100:80
NameVirtualHost 192.168.1.100:443

#virtual hosting for HTTP

<VirtualHost 192.168.1.100:80>
ServerName nishit.indiangnu.org
ServerAlias www.nishit.indiangnu.org
DocumentRoot /home/nishit/public_html
#BytesLog /usr/local/apache/domlogs/nishit.indiangnu.org-bytes_log
CustomLog /usr/local/apache/domlogs/nishit.indiangnu.org combined
ScriptAlias /cgi-bin/ /home/nishit/public_html/cgi-bin/
</VirtualHost>

# vitual hosting for HTTPS
<VirtualHost 192.168.1.100:443>
SSLEngine On
SSLCertificateFile
/usr/local/apache/conf/ssl.crt/indiangnu.org.crt
SSLCertificateKeyFile
/usr/local/apache/conf/ssl.key/indiangnu.org.key
ServerName nishit.indiangnu.org
ServerAlias www.nishit.indiangnu.org
ServerAdmin webmaster@nishit.indiangnu.org
DocumentRoot /home/nishit/public_html
</VirtualHost>

#done

# Now restart apache server and check on which port apache is listening

[root@indiangnu.org ~]# netstat -nlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14037/httpd
[root@indiangnu.org ~]# netstat -nlp | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 14037/httpd
[root@indiangnu.org~]#

#Then restart apache and browse the sites

  • How to generate SSL Certificate

1)

[root@indiangnu.org~]# openssl genrsa -out /etc/ssl/certs/indiangnu.org.key 1024
Generating RSA private key, 1024 bit long modulus
…………..++++++
……………………………………………………..++++++
e is 65537 (0x10001)

2)

[root@indiangnu.org~]# openssl rsa -in /etc/ssl/certs/indiangnu.org.key -out /etc/ssl/certs/indiangnu.org.pem
writing RSA key
[root@indiangnu.org~]# ls
indiangnu.org.key
[root@indiangnu.org~]# cat indiangnu.org.key
—–BEGIN RSA PRIVATE KEY—–
MIICXAIBAAKBgQDIPCf524g9caXTu7nGd4Tsu+ou84e5L9uBeQ3u00b4A7z5j89M
8+bec9E4n4pd0QCBVgO6snCrd/BHKpa8QkL/o6nJaww3jPuNlPmw95GpjwETDTvv
9wH+k/eZtNWTG4vz5txUklcLekXrwPfBGWVkLQK9T0DfZFUdjYtZX6d/VQIDAQAB
AoGAayoe7w96bAAeEyLee4TOBHFSFYzK7+bYIQQr280Bp41An4RDG1lSD26G5Dom
sK1CCvaBCnOj73FCjKQThnAkMH8+PjugVJOknjrP4gZ+yGNN2QATG9RKfLOJ/Uzy
CNWCUynGFp8EXcoldMcGvtcGZeMx4WN12QtGTGXrkJj6FYUCQQD/v3J4K+ofA9Kx
ujKjthzasjGS+Lb48BWqy+SzSzIJWI04vsxTxnf1INzCwqVlrJiJUVrZR36GKaTr
0f6i6mOfAkEAyG6ydcmyc0eZnCpqicYsOQ+861M6sKw9Xt0YMfFV4rbybTToKZTL
2OjWhvN484KiAsvD1F+DD6UTizy4D6OYiwJBAJA4CLglo3/b6wuYQYg6YSkehYAo
yx20XbOUCSLmS5AjpHeUeKrhZ7IO1w7pLtYYL2h4PS/79ih4AW2OXPbIEGcCQDzF
i6i5KjlX6VR3a+wwQTJf+jkj+DSfVNBRm0dxVEg0jlbcZtRMwG4ZUwqCAhdbcYIF
hG/9McDpnX5nP6vGP7cCQF4BmpeqQ+pGlyCIh+oE7O7FZxxL8Q/ucRRqDUcKtcZr
opKSxvs6Uez9l14TqgiFVKShB3CRuBCFkAxyYqxYafI=
—–END RSA PRIVATE KEY—–

3)

[root@indiangnu.org~]# openssl req -new -key /etc/ssl/certs/indiangnu.org.key -out /etc/ssl/certs/indiangnu.org.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:MH
Locality Name (eg, city) [Newbury]:Mumbai
Organization Name (eg, company) [My Company Ltd]:IndianGNU.org
Organizational Unit Name (eg, section) []:System
Common Name (eg, your name or your server’s hostname) []:nishit.indiangnu.org
Email Address []:to@nishit.indiangnu.org

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@indiangnu.org~]#

4) If you want to force an SSL connection and redirect all traffic to port 80 to port 443 (HTTPS), use this instead:

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

Thank you,

Arun

Willing to contribute ? – openLSM

Willing to contribute ? – openLSM

Introduction- openLSM – is open source Linux Server Management project. This project is hosted by sourceforge.net.

We all know how our life is easy due to open source projects and communites. But there are very few Indians who were contributing to Global open and free software community. We really don’t know why?..

* openLSM projects is started by IndianGNU.org to fullfill this gap. Let’s contribute to global open and free software community.

* Please visit the project sites for more details –

http://sourceforge.net/projects/openlsm/

http://openlsm.sourceforge.net/

http://www.indiangnu.org/index.php/projects