Friday, December 23, 2022

Generate secure https certificate for localhost using openssl commands

Create another config file from openssl configuration file. 

sudo cp /usr/lib/ssl/openssl.cnf /etc/ssl/app.localhost.cnf

Now copy below code in the respective section of copied configuration file /etc/ssl/app.localhost.cnf 

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical, CA:TRUE, pathlen:3
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#extendedKeyUsage=serverAuth
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = app.localhost
DNS.2 = localhost
DNS.3 = app1.localhost


Uncomment line. 

req_extensions = v3_req

Create CA Certificate : 

openssl genrsa -aes256 -out ca.key.pem 2048

chmod 400 ca.key.pem 

openssl req -new -x509 -subj "/CN=applocalhostca" -extensions v3_ca -days 3650 -key ca.key.pem -sha256 -out ca.pem -config /etc/ssl/app.localhost.cnf 

openssl x509 -in ca.pem -text -noout

Create Server certificate signed by CA : 

openssl genrsa -out app.localhost.key.pem 2048

openssl req -subj "/CN=app.localhost" -extensions v3_req -sha256 -new -key app.localhost.key.pem -out app.localhost.csr

openssl x509 -req -extensions v3_req -days 3650 -sha256 -in app.localhost.csr -CA ca.pem -CAkey ca.key.pem -CAcreateserial -out app.localhost.crt -extfile /etc/ssl/app.localhost.cnf

openssl x509 -in app.localhost.crt -text -noout

Now add ca.pem in chrome and firefox,
Chrome > privacy and security > security > manage certificates > authority
firefox > privacy and security > view certificates > authority
 

Use these crt and key in web server as ssl certificates.
Now open this virtualhost with https. Warning should not be appeared.

Tuesday, December 13, 2022

Check cpu usage of last 30 days

To get this, /usr/bin/sar should be installed. It is a default package.
cpu logs should be there in /var/log/sa folder in centos or redhat
 

If there is no /var/log/sa folder in ubuntu so the logs are stored in /var/log/sysstat. There is daily file of stored log.


usrname@hostname:~/Desktop$ ls /var/log/sysstat
sa09  sa10  sa11  sa12  sa13  sa14  sa15  sar09  sar10  sar11  sar13  sar14

You can find last 30 days logs here.
Suppose To check the logs of 15th, run command
sar -f /var/log/sysstat/sa15

                             CPU     %user     %nice   %system   %iowait    %steal     %idle
11:45:01 AM IST     all         15.59      1.82      3.71          2.11          0.00         76.77
11:55:02 AM IST     all         14.55      0.00      3.59          3.55          0.00         78.31
12:05:01 PM IST     all         14.24      0.00      3.30          0.71          0.00         81.75
12:15:01 PM IST     all         14.06      0.00      3.31          0.58          0.00         82.06
12:25:02 PM IST     all         14.02      0.00      3.39          0.88          0.00         81.71
12:35:01 PM IST     all         15.12      0.00      3.32          0.79          0.00         80.77
12:45:01 PM IST     all         13.96      0.00      3.36          1.09          0.00         81.59
12:55:02 PM IST     all         12.23      0.06      3.13          2.70          0.00         81.87
01:05:01 PM IST     all          2.12       0.00      1.00          0.56          0.00         96.32
01:15:01 PM IST     all         10.70      0.00      3.49          2.65          0.00         83.16
01:25:01 PM IST     all         13.24      0.03      3.99          2.80          0.00         79.94
01:35:01 PM IST     all         11.66      0.04      3.39          3.13          0.00         81.78

You will get the cpu usage of complete day. Above is a part of the output.

If logs are not stored, active enabling the flag in file.
sudo nano /etc/default/sysstat
ENABLED="true"

Restart service
sudo systemctl restart sysstat.service

Thursday, December 8, 2022

Configure localhost with secure https

 

Steps :

sudo apt install libnss3-tools -y 

wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 

sudo cp mkcert-v1.4.3-linux-amd64 /usr/local/bin/mkcert 

sudo chmod +x /usr/local/bin/mkcert 

mkcert -install

Now use your virtualhost name in the below command instead of app.localhost. You can generate same certificate for multiple virtualhosts. Add multiple virtualhosts space separated in the below command.

mkcert app.localhost localhost 127.0.0.1 

Use certificates in Apache ssl config, and restart Apache. Now open localhost and other virtualhosts in the browser. it should be secured.