Sunday, 4 October 2020

How to setup SSL certificate for apache

 Step:1 Generate key for Apache in linux.

[root@hostname test]# openssl genrsa -out postrga.key 2048

Generating RSA private key, 2048 bit long modulus

.............................+++

..............................................................+++

e is 65537 (0x10001)

[root@hostname test]# ls

postrga.key

Step:2 Generate csr from postrga key.

[root@hostname test]# openssl req -new -key postrga.key -out postrga.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:QA

State or Province Name (full name) []:DOHA

Locality Name (eg, city) [Default City]:Doha

Organization Name (eg, company) [Default Company Ltd]:B bank

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:hostname

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:welcome123

An optional company name []:NA

[root@hostname test]# ls -lrt

total 8

-rw-r-----. 1 root root 1679 Oct  5 09:22 postrga.key

-rw-r-----. 1 root root 1058 Oct  5 09:25 postrga.csr

Step:3 Validate key.

[root@hostname test]# openssl rsa -in postrga.key -check

RSA key ok

writing RSA key

-----BEGIN RSA PRIVATE KEY-----

MIIEpAIBAAKCAQEAzIXG3I02jOPsGdlqMj1h2U3/vCZoXfEdPY/0uZpM5FHjuo38

0UggfO88ZtMECgsPwEy2mmJ9w55S+/aJoojwdDyZgT2VOPIwRsheTh0zD9s374Y8

ZSTbmCSVIPeunw6N5iUW7qYH99VgLPo87hwbJauetDRxDF9A1OT0lTCxI/dO3dHb

/mYGdc1tbmpifENrgYZJmHKRHiKWVNDrzI9FyyjIUF2ziCFXQf0c+ZaIT0zj7L5H

Uv0rvJkFKfc6QQdbfryOtqhTVIpE81TQ9ygw3M0pARReo4pj4VyYWvw5/orCpmQ0

kE5w2j2aAkLbieWpMut4MwtEo0MzaePiDsZ7qwIDAQABAoIBABdEoPs2lZ4x0Aqg

0ZQlp5wxY4bkV7tYUxtN5Wm4REc1idMPlFO7APc1wIlyOGNsHr6h+6RU0DoRKR/B

TKdRLQoMWup5NyDjbNqgsRnx+H01U4fMndJj/xewEcdOZm9yGHK2hYVhHkbz350+

WvA8Alqmy8d0r+fYbmfKJIlUoNKWfC7lVTndg6WWCVqhJ/Dtgd8zHf9c1eH2XcOM

NNTTlLhpOc/TKyCeQChpbUeqLm71eJuMOzKHo71ZhuSUBWmQvnTZ3XgvRpJ/2nt9

ut5TTzz0XBS/x/UMoTOVBeCuAp3IiXfTWHQZ2tEeKHVOb/HIGf5To7XHydyT++PI

kgoLmgECgYEA6a2yQErTjLn//jkXpilC0EuDJPp1o92fstLPDokRqJJKLrf06Q5A

Adp5oEImjfqIxu0JiB6q5duHL0NxYF5Zi0XCdjYL4+NZq2GQMwz02VX61A9jQ6dj

oe2Y/GQp6HNFPJRsEH7PHDrJ7r7pIiazS2yCYsDaNWY/d3KbdibvrfMCgYEA4A8c

K6kKUhLRUPiIe/pecziWd3wa9hU9reFAwKlh0YxxM6dYe8nDpEhrq1/VZj2PHYNi

qUXNqbDR9u1KLXhxG9d0hcD/XLP9nQZ/up3nEKaPjKpq5qFZohUPpRt+tAXxxch3

CFhI+0Aa5NOYK6VkgLaPeAG6aS7OJ+wkg3ApEWkCgYEAq/nRfc+T8bXR2N9bsEYd

jf6E/en2OisZJRpQmHn4LP+86LUp4XtDUBnh+Te1+DeyAfThVvR7Ab+WtgoEns/R

RtaIT0dnaMghbifXYDrg2DKW7wqEG35NrRaXyOhOj2yGQBdbkKhC9Juvka2fFis1

OQUa0GLuNO6TNu15zHLLYlECgYEA0/r3uAbyELxk9Kpu1n0FpxU+pkTwbSmjdULL

tHuMZGjvIOOOv28gfelWlIjSqSxMnquTSHsWHRmBTJErwOFWgfTR9UmnT9mqdEmV

xsVlu0caQQdqpFC7MLGkX50nvsJw/6Ktm2OLiMoZp6zZJ1IPSAdwrSVVa/YwbWzp

DsGq2SECgYA3Q6U0ZQAyUZyYUVXXr1a6O1rtdLcZFQ2GhHTOEMnS10LsHULH20Oz

6iUsqs7Pq/cp24QJPix/9TJUGILJUDRKF9MLIHEwa8QgI1nZPCHUGfbvd6GM3bPi

Ox1ESgJahisOE+6uE2Y6kHbr3C7X/UF8sSZ3SGYy/VRybDT5DiQjCw==

-----END RSA PRIVATE KEY-----

Step: 4 Validate generate CSR.

[root@hostname test]# openssl req -text -noout -verify -in postrga.csr

verify OK

Certificate Request:

    Data:

        Version: 0 (0x0)

        Subject: C=QA, ST=DOHA, L=Doha, O=B bank, OU=IT, CN=hostname

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:cc:85:c6:dc:8d:36:8c:e3:ec:19:d9:6a:32:3d:

                    61:d9:4d:ff:bc:26:68:5d:f1:1d:3d:8f:f4:b9:9a:

                    4c:e4:51:e3:ba:8d:fc:d1:48:20:7c:ef:3c:66:d3:

                    04:0a:0b:0f:c0:4c:b6:9a:62:7d:c3:9e:52:fb:f6:

                    89:a2:88:f0:74:3c:99:81:3d:95:38:f2:30:46:c8:

                    5e:4e:1d:33:0f:db:37:ef:86:3c:65:24:db:98:24:

                    95:20:f7:ae:9f:0e:8d:e6:25:16:ee:a6:07:f7:d5:

                    60:2c:fa:3c:ee:1c:1b:25:ab:9e:b4:34:71:0c:5f:

                    40:d4:e4:f4:95:30:b1:23:f7:4e:dd:d1:db:fe:66:

                    06:75:cd:6d:6e:6a:62:7c:43:6b:81:86:49:98:72:

                    91:1e:22:96:54:d0:eb:cc:8f:45:cb:28:c8:50:5d:

                    b3:88:21:57:41:fd:1c:f9:96:88:4f:4c:e3:ec:be:

                    47:52:fd:2b:bc:99:05:29:f7:3a:41:07:5b:7e:bc:

                    8e:b6:a8:53:54:8a:44:f3:54:d0:f7:28:30:dc:cd:

                    29:01:14:5e:a3:8a:63:e1:5c:98:5a:fc:39:fe:8a:

                    c2:a6:64:34:90:4e:70:da:3d:9a:02:42:db:89:e5:

                    a9:32:eb:78:33:0b:44:a3:43:33:69:e3:e2:0e:c6:

                    7b:ab

                Exponent: 65537 (0x10001)

        Attributes:

            unstructuredName         :NA

            challengePassword        :welcome123

    Signature Algorithm: sha256WithRSAEncryption

         0a:65:b6:45:ee:16:2d:f7:c4:8a:9c:22:56:a8:f9:dd:01:34:

         dc:dd:25:ba:91:7d:21:b1:d9:40:02:a7:9d:53:17:30:c6:06:

         36:0e:6f:ea:ab:04:47:69:ac:9e:a3:4f:0a:38:59:75:2f:95:

         62:a1:b2:eb:85:73:94:c2:55:c8:47:ea:c8:97:a7:a0:28:69:

         ff:e3:7e:e8:36:0b:01:f4:b7:46:97:76:b1:2a:14:8e:46:16:

         66:2b:f1:2e:53:a2:5a:11:c5:3c:25:03:dc:aa:fd:d3:a7:96:

         b8:97:b9:6d:36:ff:ef:72:83:58:24:e4:05:97:8c:fa:87:22:

         12:ca:e1:c6:f4:7d:40:dc:c3:1b:59:0e:60:7f:cd:87:af:4b:

         38:59:a6:50:5b:7d:bf:d6:65:97:d3:e2:30:6c:ab:d8:ee:cf:

         b8:c2:ca:9a:8d:2f:68:fa:05:92:17:6d:8e:67:7b:c3:d0:8b:

         57:f9:7f:c6:44:5d:12:4a:27:a2:c7:4f:b0:2e:43:df:f1:d4:

         c9:94:87:e9:5e:21:82:ed:d7:56:1d:5d:bb:70:81:72:f8:b6:

         f5:ad:8b:d1:2d:f5:38:68:33:b6:2e:0c:2c:33:f1:80:44:46:

         0c:8b:f0:5b:52:91:53:81:9d:74:f5:5c:7d:d6:14:af:3c:18:

         8d:55:18:a9

[root@hostname test]# ls

postrga.csr  postrga.key

Step: 5 Send csr file to Digicert authority to get the cert file.

Step: 6 Copy all the files in below path which is given by Digicert authority.

[root@hostname test]# ls /root/test/

postrga.csr  postrga.key

Step:6 Now you can configure this path /root/test/ in ssl.


OS Watcher Installation in RAC

 Step:1 Download and untar the oswbb812.tar under the grid user in RAC on the both nodes. Follow the OS Watcher User's Guide (Doc ID 153...