This documentation can used to generate a request that can be submitted to any of these CA types.
|
|
- Laurence Scott Harper
- 6 years ago
- Views:
Transcription
1 Nagios Core - Configuring SSL/TLS Article Number: 595 Rating: 5/5 from 1 votes Last Updated: Thu, Jul 20, 2017 at 8:09 PM C o nf igur ing S S L/TLS Fo r Na gio s C o r e This KB article describes how to configure your Nagios Core server to use certificates for SSL/TLS. This KB article is also to be used an initial point for troubleshooting SSL/TLS connections. This guide is broken up into several sections and covers different operating system (OS) distributions. If your OS Distribution is not included in this guide then please contact us to see if we can get it added. Some distributions may be missing as we don't have access to a test environment that allows us to develop the documentation. Nagios Core is the version used when creating this KB article. No te : This guide is based on Nagios Core being installed using the following KB article: Documentation - Installing Nagios Core From Source Te rmino lo gy For your information: SSL = Secure Sockets Layer TLS = Transport Layer Security TLS replaces SSL, however the tools used to implement both generally use SSL in their name/directives. For simplicity reasons, the rest of this KB article will use the term SSL. To implement SSL you need to generate a certificate. When you generate a certificate, you create a request that needs to be signed by a Certificate Authority (CA). This CA can be: A trusted company like VeriSign An internal CA that is part of your IT infrastructure, like a Microsoft Windows CA The Nagios Core server itself (self signed) The CA will then provide you with a signed certificate. This documentation can used to generate a request that can be submitted to any of these CA types. Edit ing File s In many steps of this article you will be required to edit files. This documentation will use the vi text editor. When using the vi editor: To make changes press i on the keyboard first to enter insert mode Press Esc to exit insert mode When you have finished, save the changes in vi by typing :wq and press Enter Please select your OS:
2 Red Hat Enterprise Linux (RHEL) CentOS Oracle Linux Ubuntu SUSE SLES opensuse Leap Debian Raspbian Fedora Arch Linux Gentoo FreeBSD Solaris Apple OS X C e nt O S RHEL O r a c le Linux Pre re quis it e s Perform these steps to install the pre- requisite packages. yum install -y mod_ssl openssl All of the remaining steps will be performed from within the root user's home directory to ensure the files you create are not accessible to anyone except the root user. Change into the home directory with this command: cd ~ G e ne rat e Privat e Ke y File The first step is to generate the private key file, execute the following command: openssl genrsa -out keyfile.key 2048 That would have generated some random text. G e ne rat e C e rt if ic at e Re que s t File Next you will generate the certificate request file by executing the following command: openssl req -new -key keyfile.key -out certrequest.csr
3 You will need to supply some values, some can be left blank, however the most important value is the C o mmo n Na me. In the example below you can see that core-013.domain.local has been used which means that when you access the Nagios Core server in your web browser, this is the address you will need to use. This is particularly important, if these don't match then you will get warnings in your web browser. More detailed information about this can be found in the following KB article: The following is an example: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [XX]:AU State or Province Name (full name) []:NSW Locality Name (eg, city) [Default City]:Sydney Organization Name (eg, company) [Default Company Ltd]:My Company Pty Ltd Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:core-013.domain.local Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: As you can see above a password was not supplied, it is not necessary. Sign C e rt if ic at e Re que s t At this point you have created a certificate request that needs to be signed by a CA. Us ing A Trus te d C A C o mp a ny If you are going to use a trusted company like VeriSign to provide you with a certificate you will need to send them a copy of the certificate request. This can be viewed by executing the following command: cat certrequest.csr You'll get a lot of random text, this is what you will need to provide to your trusted CA. You must provide the CA with everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST lines. Once they send you the signed certificate you will need to copy the certificate into a new file called certfile.crt. The certificate you receive will also be a lot of random text, so you can just paste that text into the new file which you can open with the vi editor: vi certfile.crt You must paste everything including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines when pasting them into the file. Save the file and close vi.
4 You can now proceed to the C o p y File s step. Us ing A Mic ro s o ft Wind o ws C A If you are going to use a Microsoft Windows CA to sign your certificate request please follow the steps in this KB article: After following the KB article you will have the certfile.crt file and you can proceed to the C o p y File s step. S e lf S ig ning The C e rtific a te You can also self- sign the certificate by executing the following command: openssl x509 -req -days 365 -in certrequest.csr -signkey keyfile.key -out certfile.crt Which should produce output saying the Signature was OK and it was Getting Private Key. No te : When you self sign a certificate you will get warnings in your web browser. More detailed information about this can be found in the following KB article: C o py File s You need to copy the certificate files to the correct location and set permissions, execute the following commands: cp certfile.crt /etc/pki/tls/certs/ cp keyfile.key /etc/pki/tls/private/ chmod go-rwx /etc/pki/tls/certs/certfile.crt chmod go-rwx /etc/pki/tls/private/keyfile.key Updat e Apac he C o nf igurat io n Now you have to tell the Apache web server where to look for it. Open the /etc/httpd/conf.d/ssl.conf file in vi by executing the following command: vi /etc/httpd/conf.d/ssl.conf Find these lines and update them as follows: SSLCertificateFile /etc/pki/tls/certs/certfile.crt SSLCertificateKeyFile /etc/pki/tls/private/keyfile.key Tip : typing /efile and pressing Enter in vi should take you directly to this section in the file. Save the changes, you have finished editing this file. Open the /etc/httpd/conf/httpd.conf file in vi by executing the following command: vi /etc/httpd/conf/httpd.conf
5 Add the following lines to the end of the file (press S HIFT + G ): RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) Save the changes, you have finished editing this file. Re s t art Apac he We b Se rve r You need to restart Apache for the new certificate key to be used. ===== CentOS 5.x / 6.x RHEL 5.x / 6.x Oracle Linux 5.x / 6.x ===== service httpd restart ===== CentOS 7.x RHEL 7.x Oracle Linux 7.x ===== systemctl restart httpd.service Fire wall Rule s You need to allow port 443 inbound traffic on the local firewall so you can reach the Nagios Core web interface. ===== CentOS 5.x / 6.x RHEL 5.x / 6.x Oracle Linux 5.x / 6.x ===== iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT service iptables save ip6tables -I INPUT -p tcp --destination-port 443 -j ACCEPT service ip6tables save ===== CentOS 7.x RHEL 7.x Oracle Linux 7.x ===== firewall-cmd --zone=public --add-port=443/tcp firewall-cmd --zone=public --add-port=443/tcp --permanent Te s t C e rt if ic at e Now test your connection to the server by directing your web browser to Note: There is no nagios/ extension in the URL, you are just testing a connection to Apache to see if the certificate works. You may get a self signed certificate warning, but that is OK, you can just add a security exception. If is working you'll see the Apache test web page. You will now be able to access your Nagios Core server by directing your web browser to More detailed information about this can be found in the following KB article: If it returns an error check your firewall and backtrack through this document, making sure you've performed all the steps listed. No t e s On Re dire c t ing
6 With this configuration, if a user types in their web browser, it will redirect them to which can cause certificate warnings. If you wanted to redirect them to then you simply need to change the RewriteRule in the /etc/httpd/conf/httpd.conf file. RewriteRule (.*) Then restart the httpd service. More detailed information about this can be found in the following KB article: Ubunt u Pre re quis it e s Perform these steps to install the pre- requisite packages. sudo apt-get update sudo apt-get install -y openssl All of the remaining steps will be performed from within the root user's home directory to ensure the files you create are not accessible to anyone except the root user. Change into the home directory with this command: cd ~ G e ne rat e Privat e Ke y File The first step is to generate the private key file, execute the following command: openssl genrsa -out keyfile.key 2048 That would have generated some random text. G e ne rat e C e rt if ic at e Re que s t File Next you will generate the certificate request file by executing the following command: openssl req -new -key keyfile.key -out certrequest.csr You will need to supply some values, some can be left blank, however the most important value is the C o mmo n Na me. In the example below you can see that core-047.domain.local has been used which means that when you access the Nagios Core server in your web browser, this is the address you will need to use. This is particularly important, if these don't match then you will get warnings in your web browser. More detailed information about this can be found in the following KB article: The following is an example: You are about to be asked to enter information that will be incorporated into your certificate request.
7 What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:NSW Locality Name (eg, city) []:Sydney Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company Pty Ltd Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:core-047.domain.local Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: As you can see above a password was not supplied, it is not necessary. Sign C e rt if ic at e Re que s t At this point you have created a certificate request that needs to be signed by a CA. Us ing A Trus te d C A C o mp a ny If you are going to use a trusted company like VeriSign to provide you with a certificate you will need to send them a copy of the certificate request. This can be viewed by executing the following command: cat certrequest.csr You'll get a lot of random text, this is what you will need to provide to your trusted CA. You must provide the CA with everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST lines. Once they send you the signed certificate you will need to copy the certificate into a new file called certfile.crt. The certificate you receive will also be a lot of random text, so you can just paste that text into the new file which you can open with the vi editor: vi certfile.crt You must paste everything including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines when pasting them into the file. Save the file and close vi. You can now proceed to the C o p y File s step. Us ing A Mic ro s o ft Wind o ws C A If you are going to use a Microsoft Windows CA to sign your certificate request please follow the steps in this KB article: After following the KB article you will have the certfile.crt file and you can proceed to the C o p y File s step.
8 S e lf S ig ning The C e rtific a te You can also self- sign the certificate by executing the following command: openssl x509 -req -days 365 -in certrequest.csr -signkey keyfile.key -out certfile.crt Which should produce output saying the Signature was OK and it was Getting Private Key. No te : When you self sign a certificate you will get warnings in your web browser. More detailed information about this can be found in the following KB article: C o py File s You need to copy the certificate files to the correct location and set permissions, execute the following commands: sudo cp certfile.crt /etc/ssl/certs/ sudo cp keyfile.key /etc/ssl/private/ sudo chmod go-rwx /etc/ssl/certs/certfile.crt sudo chmod go-rwx /etc/ssl/private/keyfile.key Updat e Apac he C o nf igurat io n Enable the mod_ssl module in Apache by executing the following command: sudo a2enmod ssl sudo a2enmod rewrite Now you have to tell the Apache web server where to look for it. Open the following file in vi by executing the following command: ===== Ubuntu 13.x ===== sudo vi /etc/apache2/sites-available/default-ssl ===== Ubuntu 14.x / 15.x / 16.x / 17.x ===== sudo vi /etc/apache2/sites-available/default-ssl.conf Find these lines and update them as follows: SSLCertificateFile /etc/ssl/certs/certfile.crt SSLCertificateKeyFile /etc/ssl/private/keyfile.key Tip : typing /efile and pressing Enter in vi should take you directly to this section in the file. Save the changes, you have finished editing this file. Open the following file in vi by executing the following command: ===== Ubuntu 13.x ===== sudo vi /etc/apache2/sites-available/default
9 sudo vi /etc/apache2/sites-available/default ===== Ubuntu 14.x / 15.x / 16.x / 17.x ===== sudo vi /etc/apache2/sites-available/000-default.conf Navigate to the end of the file (press S HIFT + G ), and before </VirtualHost> add the following:: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) Save the changes, you have finished editing this file. Now you have to enable this configuration in Apache by executing the following command: ===== Ubuntu 13.x ===== sudo a2ensite default-ssl ===== Ubuntu 14.x / 15.x / 16.x / 17.x ===== sudo a2ensite default-ssl.conf Re lo ad Apac he We b Se rve r You need to reload Apache for the new certificate key to be used. ===== Ubuntu 13.x / 14.x ===== sudo service apache2 reload ===== Ubuntu 15.x / 16.x / 17.x ===== sudo systemctl reload apache2.service Fire wall Rule s You need to allow port 443 inbound traffic on the local firewall so you can reach the Nagios Core web interface. sudo ufw allow https sudo ufw reload Te s t C e rt if ic at e Now test your connection to the server by directing your web browser to Note: There is no nagios/ extension in the URL, you are just testing a connection to Apache to see if the certificate works.
10 You may get a self signed certificate warning, but that is OK, you can just add a security exception. If is working you'll see the Apache test web page. You will now be able to access your Nagios Core server by directing your web browser to More detailed information about this can be found in the following KB article: If it returns an error check your firewall and backtrack through this document, making sure you've performed all the steps listed. No t e s On Re dire c t ing With this configuration, if a user types in their web browser, it will redirect them to which can cause certificate warnings. If you wanted to redirect them to then you simply need to change the RewriteRule. RewriteRule (.*) Then reload the apache2 service. More detailed information about this can be found in the following KB article: S US E S LES o pe ns US E Le a p Pre re quis it e s Perform these steps to install the pre- requisite packages. sudo zypper --non-interactive install openssl All of the remaining steps will be performed from within the root user's home directory to ensure the files you create are not accessible to anyone except the root user. Change into the home directory with this command: cd ~ G e ne rat e Privat e Ke y File The first step is to generate the private key file, execute the following command: openssl genrsa -out keyfile.key 2048 That would have generated some random text. G e ne rat e C e rt if ic at e Re que s t File Next you will generate the certificate request file by executing the following command: openssl req -new -key keyfile.key -out certrequest.csr You will need to supply some values, some can be left blank, however the most important value is the C o mmo n
11 You will need to supply some values, some can be left blank, however the most important value is the C o mmo n Na me. In the example below you can see that core-045.domain.local has been used which means that when you access the Nagios Core server in your web browser, this is the address you will need to use. This is particularly important, if these don't match then you will get warnings in your web browser. More detailed information about this can be found in the following KB article: The following is an example: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:NSW Locality Name (eg, city) []:Sydney Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company Pty Ltd Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:core-045.domain.local Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: As you can see above a password was not supplied, it is not necessary. Sign C e rt if ic at e Re que s t At this point you have created a certificate request that needs to be signed by a CA. Us ing A Trus te d C A C o mp a ny If you are going to use a trusted company like VeriSign to provide you with a certificate you will need to send them a copy of the certificate request. This can be viewed by executing the following command: cat certrequest.csr You'll get a lot of random text, this is what you will need to provide to your trusted CA. You must provide the CA with everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST lines. Once they send you the signed certificate you will need to copy the certificate into a new file called certfile.crt. The certificate you receive will also be a lot of random text, so you can just paste that text into the new file which you can open with the vi editor: vi certfile.crt You must paste everything including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines when pasting them into the file. Save the file and close vi. You can now proceed to the C o p y File s step.
12 You can now proceed to the C o p y File s step. Us ing A Mic ro s o ft Wind o ws C A If you are going to use a Microsoft Windows CA to sign your certificate request please follow the steps in this KB article: After following the KB article you will have the certfile.crt file and you can proceed to the C o p y File s step. S e lf S ig ning The C e rtific a te You can also self- sign the certificate by executing the following command: openssl x509 -req -days 365 -in certrequest.csr -signkey keyfile.key -out certfile.crt Which should produce output saying the Signature was OK and it was Getting Private Key. No te : When you self sign a certificate you will get warnings in your web browser. More detailed information about this can be found in the following KB article: C o py File s You need to copy the certificate files to the correct location and set permissions, execute the following commands: sudo cp certfile.crt /etc/apache2/ssl.crt/ sudo cp keyfile.key /etc/apache2/ssl.key/ sudo chmod go-rwx /etc/apache2/ssl.crt/certfile.crt sudo chmod go-rwx /etc/apache2/ssl.key/keyfile.key Updat e Apac he C o nf igurat io n Now you have to tell the Apache web server where to look for it. There is a template vhost-ssl.template file that will be copied and then modified. Execute the following commands: sudo cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/vhost-ssl.conf sudo vi /etc/apache2/vhosts.d/vhost-ssl.conf Find these lines and update them as follows: SSLCertificateFile /etc/apache2/ssl.crt/certfile.crt SSLCertificateKeyFile /etc/apache2/ssl.key/keyfile.key Tip : typing /efile and pressing Enter in vi should take you directly to this section in the file. Save the changes, you have finished editing this file. Open the /etc/apache2/default-server.conf file in vi by executing the following command: sudo vi /etc/apache2/default-server.conf Add the following lines to the end of the file (press S HIFT + G ):
13 Add the following lines to the end of the file (press S HIFT + G ): RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) Save the changes, you have finished editing this file. Now you have to enable SSL in Apache by executing the following commands: sudo /usr/sbin/a2enmod rewrite sudo /usr/sbin/a2enmod ssl sudo /usr/sbin/a2enflag SSL Re s t art Apac he We b Se rve r You need to restart Apache for the new certificate key to be used. ===== SUSE SLES 11.x ===== sudo /sbin/service apache2 restart ===== SUSE SLES 12.x opensuse ===== sudo systemctl restart apache2.service Fire wall Rule s You need to allow port 443 inbound traffic on the local firewall so you can reach the Nagios Core web interface. ===== SUSE SLES 11.x ===== Port 443 is enabled when Apache is configure, nothing needs to be done. ===== SUSE SLES 12.x ===== sudo /usr/sbin/susefirewall2 open EXT TCP 443 sudo systemctl restart SuSEfirewall2.service ===== opensuse ===== Port 443 is enabled when Apache is configure, nothing needs to be done. Te s t C e rt if ic at e Now test your connection to the server by directing your web browser to Note: There is no nagios/ extension in the URL, you are just testing a connection to Apache to see if the certificate works. You may get a self signed certificate warning, but that is OK, you can just add a security exception. If is working you'll see the Apache test web page. You will now be able to access your Nagios Core server by directing your web
14 see the Apache test web page. You will now be able to access your Nagios Core server by directing your web browser to More detailed information about this can be found in the following KB article: If it returns an error check your firewall and backtrack through this document, making sure you've performed all the steps listed. No t e s On Re dire c t ing With this configuration, if a user types in their web browser, it will redirect them to which can cause certificate warnings. If you wanted to redirect them to then you simply need to change the RewriteRule. RewriteRule (.*) Then reload the apache2 service. More detailed information about this can be found in the following KB article: De bia n Ra s pbia n All steps on Debian require to run as root. To become root simply run: Debian: su Raspbian: sudo -i All commands from this point onwards will be as root. Pre re quis it e s Perform these steps to install the pre- requisite packages. apt-get update apt-get install -y openssl All of the remaining steps will be performed from within the root user's home directory to ensure the files you create are not accessible to anyone except the root user. Change into the home directory with this command: cd ~ G e ne rat e Privat e Ke y File The first step is to generate the private key file, execute the following command:
15 openssl genrsa -out keyfile.key 2048 That would have generated some random text. G e ne rat e C e rt if ic at e Re que s t File Next you will generate the certificate request file by executing the following command: openssl req -new -key keyfile.key -out certrequest.csr You will need to supply some values, some can be left blank, however the most important value is the C o mmo n Na me. In the example below you can see that core-033.domain.local has been used which means that when you access the Nagios Core server in your web browser, this is the address you will need to use. This is particularly important, if these don't match then you will get warnings in your web browser. More detailed information about this can be found in the following KB article: The following is an example: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:NSW Locality Name (eg, city) []:Sydney Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company Pty Ltd Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:core-033.domain.local Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: As you can see above a password was not supplied, it is not necessary. Sign C e rt if ic at e Re que s t At this point you have created a certificate request that needs to be signed by a CA. Us ing A Trus te d C A C o mp a ny If you are going to use a trusted company like VeriSign to provide you with a certificate you will need to send them a copy of the certificate request. This can be viewed by executing the following command: cat certrequest.csr You'll get a lot of random text, this is what you will need to provide to your trusted CA. You must provide the CA with
16 You'll get a lot of random text, this is what you will need to provide to your trusted CA. You must provide the CA with everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST lines. Once they send you the signed certificate you will need to copy the certificate into a new file called certfile.crt. The certificate you receive will also be a lot of random text, so you can just paste that text into the new file which you can open with the vi editor: vi certfile.crt You must paste everything including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines when pasting them into the file. Save the file and close vi. You can now proceed to the C o p y File s step. Us ing A Mic ro s o ft Wind o ws C A If you are going to use a Microsoft Windows CA to sign your certificate request please follow the steps in this KB article: After following the KB article you will have the certfile.crt file and you can proceed to the C o p y File s step. S e lf S ig ning The C e rtific a te You can also self- sign the certificate by executing the following command: openssl x509 -req -days 365 -in certrequest.csr -signkey keyfile.key -out certfile.crt Which should produce output saying the Signature was OK and it was Getting Private Key. No te : When you self sign a certificate you will get warnings in your web browser. More detailed information about this can be found in the following KB article: C o py File s You need to copy the certificate files to the correct location and set permissions, execute the following commands: cp certfile.crt /etc/ssl/certs/ cp keyfile.key /etc/ssl/private/ chmod go-rwx /etc/ssl/certs/certfile.crt chmod go-rwx /etc/ssl/private/keyfile.key Updat e Apac he C o nf igurat io n Enable the mod_ssl module in Apache by executing the following command: sudo a2enmod ssl sudo a2enmod rewrite Now you have to tell the Apache web server where to look for it. Open the following file in vi by executing the following command: ===== Debian 7.x =====
17 vi /etc/apache2/sites-available/default-ssl ===== Debian 8.x ===== vi /etc/apache2/sites-available/default-ssl.conf Find these lines and update them as follows: SSLCertificateFile /etc/ssl/certs/certfile.crt SSLCertificateKeyFile /etc/ssl/private/keyfile.key Tip : typing /efile and pressing Enter in vi should take you directly to this section in the file. Save the changes, you have finished editing this file. Open the following file in vi by executing the following command: ===== Debian 7.x ===== vi /etc/apache2/sites-available/default ===== Debian 8.x ===== vi /etc/apache2/sites-available/000-default.conf Navigate to the end of the file (press S HIFT + G ), and before </VirtualHost> add the following:: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) Save the changes, you have finished editing this file. Now you have to enable this configuration in Apache by executing the following command: ===== Debian 7.x ===== a2ensite default-ssl ===== Debian 8.x ===== a2ensite default-ssl.conf Re lo ad Apac he We b Se rve r You need to reload Apache for the new certificate key to be used.
18 ===== Debian 7.x ===== service apache2 reload ===== Debian 8.x ===== systemctl reload apache2.service Fire wall Rule s You need to allow port 443 inbound traffic on the local firewall so you can reach the Nagios Core web interface. iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT apt-get install -y iptables-persistent If prompted, answer yes to saving existing rules Te s t C e rt if ic at e Now test your connection to the server by directing your web browser to Note: There is no nagios/ extension in the URL, you are just testing a connection to Apache to see if the certificate works. You may get a self signed certificate warning, but that is OK, you can just add a security exception. If is working you'll see the Apache test web page. You will now be able to access your Nagios Core server by directing your web browser to More detailed information about this can be found in the following KB article: If it returns an error check your firewall and backtrack through this document, making sure you've performed all the steps listed. No t e s On Re dire c t ing With this configuration, if a user types in their web browser, it will redirect them to which can cause certificate warnings. If you wanted to redirect them to then you simply need to change the RewriteRule. RewriteRule (.*) Then reload the apache2 service. More detailed information about this can be found in the following KB article: Fe do r a Pre re quis it e s Perform these steps to install the pre- requisite packages. dnf install -y mod_ssl openssl
19 dnf install -y mod_ssl openssl dnf update -y All of the remaining steps will be performed from within the root user's home directory to ensure the files you create are not accessible to anyone except the root user. Change into the home directory with this command: cd ~ G e ne rat e Privat e Ke y File The first step is to generate the private key file, execute the following command: openssl genrsa -out keyfile.key 2048 That would have generated some random text. G e ne rat e C e rt if ic at e Re que s t File Next you will generate the certificate request file by executing the following command: openssl req -new -key keyfile.key -out certrequest.csr You will need to supply some values, some can be left blank, however the most important value is the C o mmo n Na me. In the example below you can see that core-038.domain.local has been used which means that when you access the Nagios Core server in your web browser, this is the address you will need to use. This is particularly important, if these don't match then you will get warnings in your web browser. More detailed information about this can be found in the following KB article: The following is an example: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [XX]:AU State or Province Name (full name) []:NSW Locality Name (eg, city) [Default City]:Sydney Organization Name (eg, company) [Default Company Ltd]:My Company Pty Ltd Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:core-038.domain.local Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: As you can see above a password was not supplied, it is not necessary.
20 Sign C e rt if ic at e Re que s t At this point you have created a certificate request that needs to be signed by a CA. Us ing A Trus te d C A C o mp a ny If you are going to use a trusted company like VeriSign to provide you with a certificate you will need to send them a copy of the certificate request. This can be viewed by executing the following command: cat certrequest.csr You'll get a lot of random text, this is what you will need to provide to your trusted CA. You must provide the CA with everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST lines. Once they send you the signed certificate you will need to copy the certificate into a new file called certfile.crt. The certificate you receive will also be a lot of random text, so you can just paste that text into the new file which you can open with the vi editor: vi certfile.crt You must paste everything including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines when pasting them into the file. Save the file and close vi. You can now proceed to the C o p y File s step. Us ing A Mic ro s o ft Wind o ws C A If you are going to use a Microsoft Windows CA to sign your certificate request please follow the steps in this KB article: After following the KB article you will have the certfile.crt file and you can proceed to the C o p y File s step. S e lf S ig ning The C e rtific a te You can also self- sign the certificate by executing the following command: openssl x509 -req -days 365 -in certrequest.csr -signkey keyfile.key -out certfile.crt Which should produce output saying the Signature was OK and it was Getting Private Key. No te : When you self sign a certificate you will get warnings in your web browser. More detailed information about this can be found in the following KB article: C o py File s You need to copy the certificate files to the correct location and set permissions, execute the following commands: cp certfile.crt /etc/pki/tls/certs/ cp keyfile.key /etc/pki/tls/private/ chmod go-rwx /etc/pki/tls/certs/certfile.crt chmod go-rwx /etc/pki/tls/private/keyfile.key
21 Updat e Apac he C o nf igurat io n Now you have to tell the Apache web server where to look for it. Open the /etc/httpd/conf.d/ssl.conf file in vi by executing the following command: vi /etc/httpd/conf.d/ssl.conf Find these lines and update them as follows: SSLCertificateFile /etc/pki/tls/certs/certfile.crt SSLCertificateKeyFile /etc/pki/tls/private/keyfile.key Tip : typing /efile and pressing Enter in vi should take you directly to this section in the file. Save the changes, you have finished editing this file. Open the /etc/httpd/conf/httpd.conf file in vi by executing the following command: vi /etc/httpd/conf/httpd.conf Add the following lines to the end of the file (press S HIFT + G ): RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) Save the changes, you have finished editing this file. Re s t art Apac he We b Se rve r You need to restart Apache for the new certificate key to be used. systemctl restart httpd.service Fire wall Rule s You need to allow port 443 inbound traffic on the local firewall so you can reach the Nagios Core web interface. firewall-cmd --zone=fedoraserver --add-port=443/tcp firewall-cmd --zone=fedoraserver --add-port=443/tcp --permanent Te s t C e rt if ic at e Now test your connection to the server by directing your web browser to Note: There is no nagios/ extension in the URL, you are just testing a connection to Apache to see if the certificate works.
22 You may get a self signed certificate warning, but that is OK, you can just add a security exception. If is working you'll see the Apache test web page. You will now be able to access your Nagios Core server by directing your web browser to More detailed information about this can be found in the following KB article: If it returns an error check your firewall and backtrack through this document, making sure you've performed all the steps listed. No t e s On Re dire c t ing With this configuration, if a user types in their web browser, it will redirect them to which can cause certificate warnings. If you wanted to redirect them to then you simply need to change the RewriteRule in the /etc/httpd/conf/httpd.conf file. RewriteRule (.*) Then restart the httpd service. More detailed information about this can be found in the following KB article: Ar c h Linux Pre re quis it e s Perform these steps to install the pre- requisite packages. pacman --noconfirm -Syyu pacman --noconfirm -S openssl All of the remaining steps will be performed from within the root user's home directory to ensure the files you create are not accessible to anyone except the root user. Change into the home directory with this command: cd ~ G e ne rat e Privat e Ke y File The first step is to generate the private key file, execute the following command: openssl genrsa -out keyfile.key 2048 That would have generated some random text. G e ne rat e C e rt if ic at e Re que s t File Next you will generate the certificate request file by executing the following command: openssl req -new -key keyfile.key -out certrequest.csr
23 You will need to supply some values, some can be left blank, however the most important value is the C o mmo n Na me. In the example below you can see that core-088.domain.local has been used which means that when you access the Nagios Core server in your web browser, this is the address you will need to use. This is particularly important, if these don't match then you will get warnings in your web browser. More detailed information about this can be found in the following KB article: The following is an example: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:NSW Locality Name (eg, city) []:Sydney Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company Pty Ltd Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:core-088.domain.local Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: As you can see above a password was not supplied, it is not necessary. Sign C e rt if ic at e Re que s t At this point you have created a certificate request that needs to be signed by a CA. Us ing A Trus te d C A C o mp a ny If you are going to use a trusted company like VeriSign to provide you with a certificate you will need to send them a copy of the certificate request. This can be viewed by executing the following command: cat certrequest.csr You'll get a lot of random text, this is what you will need to provide to your trusted CA. You must provide the CA with everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST lines. Once they send you the signed certificate you will need to copy the certificate into a new file called certfile.crt. The certificate you receive will also be a lot of random text, so you can just paste that text into the new file which you can open with the vi editor: vi certfile.crt You must paste everything including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines when pasting them into the file. Save the file and close vi.
24 You can now proceed to the C o p y File s step. Us ing A Mic ro s o ft Wind o ws C A If you are going to use a Microsoft Windows CA to sign your certificate request please follow the steps in this KB article: After following the KB article you will have the certfile.crt file and you can proceed to the C o p y File s step. S e lf S ig ning The C e rtific a te You can also self- sign the certificate by executing the following command: openssl x509 -req -days 365 -in certrequest.csr -signkey keyfile.key -out certfile.crt Which should produce output saying the Signature was OK and it was Getting Private Key. No te : When you self sign a certificate you will get warnings in your web browser. More detailed information about this can be found in the following KB article: C o py File s You need to copy the certificate files to the correct location and set permissions, execute the following commands: cp certfile.crt /etc/httpd/conf/ cp keyfile.key /etc/httpd/conf/ chmod go-rwx /etc/httpd/conf/certfile.crt chmod go-rwx /etc/httpd/conf/keyfile.key Updat e Apac he C o nf igurat io n Now you have to tell the Apache web server where to look for it. Open the /etc/httpd/conf/extra/httpdssl.conf file in vi by executing the following command: vi /etc/httpd/conf/extra/httpd-ssl.conf Find these lines and update them as follows: SSLCertificateFile /etc/httpd/conf/certfile.crt SSLCertificateKeyFile /etc/httpd/conf/keyfile.key Tip : typing /efile and pressing Enter in vi should take you directly to this section in the file. Save the changes, you have finished editing this file. Open the /etc/httpd/conf/httpd.conf file in vi by executing the following command: vi /etc/httpd/conf/httpd.conf
25 Find the following lines and remove the # from the beginning: LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so LoadModule rewrite_module modules/mod_rewrite.so Include conf/extra/httpd-ssl.conf Add the following lines to the end of the file (press S HIFT + G ): RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) Save the changes, you have finished editing this file. Re s t art Apac he We b Se rve r You need to restart Apache for the new certificate key to be used. systemctl daemon-reload systemctl restart httpd.service Fire wall Rule s Arch Linux does not have a firewall enabled in a fresh installation. Please refer to the Arch Linux documentation on allowing TCP port 443 inbound. Te s t C e rt if ic at e Now test your connection to the server by directing your web browser to Note: There is no nagios/ extension in the URL, you are just testing a connection to Apache to see if the certificate works. You may get a self signed certificate warning, but that is OK, you can just add a security exception. If is working you'll see the Apache test web page. You will now be able to access your Nagios Core server by directing your web browser to More detailed information about this can be found in the following KB article: If it returns an error check your firewall and backtrack through this document, making sure you've performed all the steps listed. No t e s On Re dire c t ing With this configuration, if a user types in their web browser, it will redirect them to which can cause certificate warnings. If you wanted to redirect them to then you simply need to change the RewriteRule in the /etc/httpd/conf/httpd.conf file. RewriteRule (.*)
26 Then restart the httpd service. More detailed information about this can be found in the following KB article: G e nt o o Pre re quis it e s The existing Apache installation will already have the prerequisites installed. G e ne rat e Privat e Ke y File The first step is to generate the private key file, execute the following command: openssl genrsa -out keyfile.key 2048 That would have generated some random text. G e ne rat e C e rt if ic at e Re que s t File Next you will generate the certificate request file by executing the following command: openssl req -new -key keyfile.key -out certrequest.csr You will need to supply some values, some can be left blank, however the most important value is the C o mmo n Na me. In the example below you can see that core-044.domain.local has been used which means that when you access the Nagios Core server in your web browser, this is the address you will need to use. This is particularly important, if these don't match then you will get warnings in your web browser. More detailed information about this can be found in the following KB article: The following is an example: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:NSW Locality Name (eg, city) []:Sydney Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company Pty Ltd Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:core-044.domain.local Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
27 As you can see above a password was not supplied, it is not necessary. Sign C e rt if ic at e Re que s t At this point you have created a certificate request that needs to be signed by a CA. Us ing A Trus te d C A C o mp a ny If you are going to use a trusted company like VeriSign to provide you with a certificate you will need to send them a copy of the certificate request. This can be viewed by executing the following command: cat certrequest.csr You'll get a lot of random text, this is what you will need to provide to your trusted CA. You must provide the CA with everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST lines. Once they send you the signed certificate you will need to copy the certificate into a new file called certfile.crt. The certificate you receive will also be a lot of random text, so you can just paste that text into the new file which you can open with the vi editor: vi certfile.crt You must paste everything including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines when pasting them into the file. Save the file and close vi. You can now proceed to the C o p y File s step. Us ing A Mic ro s o ft Wind o ws C A If you are going to use a Microsoft Windows CA to sign your certificate request please follow the steps in this KB article: After following the KB article you will have the certfile.crt file and you can proceed to the C o p y File s step. S e lf S ig ning The C e rtific a te You can also self- sign the certificate by executing the following command: openssl x509 -req -days 365 -in certrequest.csr -signkey keyfile.key -out certfile.crt Which should produce output saying the Signature was OK and it was Getting Private Key. No te : When you self sign a certificate you will get warnings in your web browser. More detailed information about this can be found in the following KB article: C o py File s You need to copy the certificate files to the correct location and set permissions, execute the following commands: cp certfile.crt /etc/ssl/apache2/
An internal CA that is part of your IT infrastructure, like a Microsoft Windows CA
Purpose This document will describe how to setup to use SSL/TLS to provide encrypted connections to the. This document can also be used as an initial point for troubleshooting SSL/TLS connections. Target
More informationArticle Number: 602 Rating: Unrated Last Updated: Tue, Jan 2, 2018 at 5:13 PM
NRDP - Installing NRDP From Source Article Number: 602 Rating: Unrated Last Updated: Tue, Jan 2, 2018 at 5:13 PM I ns t a lling NRDP Fr o m S o ur c e This document describes how to install Nagios Remote
More informationPurpose. Target Audience. Overview. Prerequisites. Nagios Log Server. Sending NXLogs With SSL/TLS
Purpose This document describes how to setup encryption between and NXLog on Windows using self signed certificates. Target Audience This document is intended for use by Administrators who would like encryption
More informationLAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate
LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate In this example we are using apnictraining.net as domain name. # super user command. $ normal user command. N replace with your group
More informationThis guide is broken up into several sections and covers different Linux distributions and non- Linux operating systems.
NRPE - How To Uninstall NRPE Article Number: 741 Rating: Unrated Last Updated: Fri, Aug 11, 2017 at 1:02 AM Unins t a lling NRPE This document describes how to unins ta ll NRPE that is installed from source.
More informationPurpose. Target Audience. Solution Overview NCPA. Using NCPA For Passive Checks
Using For Passive Checks Purpose This document describes how to configure the Nagios Cross Platform Agent () to send passive check results to Nagios XI or Nagios Core using Nagios Remote Data Processor
More information2. Installing OpenBiblio 1.0 on a Windows computer
Table of Contents Installing OpenBiblio 1. System requirements... 1 2. Installing OpenBiblio 1.0 on a Windows computer... 1 2.1. Install prerequisite software... 1 2.2. Install OpenBiblio... 2 2.3. Using
More informationPurpose. Target Audience. Install SNMP On The Remote Linux Machine. Nagios XI. Monitoring Linux Using SNMP
Purpose This document describes how to monitor Linux machines with using SNMP. SNMP is an agentless method of monitoring network devices and servers, and is often preferable to installing dedicated agents
More informationArticle Number: 802 Rating: 4/5 from 1 votes Last Updated: Wed, Mar 7, 2018 at 5:20 PM
Nagios Core - Performance Graphs Using InfluxDB + Nagflux + Grafana + Article Number: 802 Rating: 4/5 from 1 votes Last Updated: Wed, Mar 7, 2018 at 5:20 PM Na gio s C o r e - Pe r f o r ma nc e G r a
More informationYour Apache ssl.conf in /etc/httpd.conf.d directory has the following SSLCertificate related directives.
If you ever need to use HTTPS or SSL with your website, you will need to have an SSL certificate created, which your Apache web server would use to hand out to the web browsers of the site visitors. The
More informationArticle Number: 801 Rating: Unrated Last Updated: Tue, Mar 13, 2018 at 9:19 PM
Nagios Core - Performance Graphs Using PNP4Nagios Article Number: 801 Rating: Unrated Last Updated: Tue, Mar 13, 2018 at 9:19 PM Na gio s C o r e - Pe r f o r ma nc e G r a phs Us ing PNP4Na gio s This
More informationOffloading NDO2DB To Remote Server
Purpose This document is meant to show a step-by-step guide for offloading the NDO2DB daemon from the central server to an external, remote server. NDO2DB is an acronym of "Nagios Data Output To Database"
More informationشرکت توسعه ارتباطات پردیس پارس. owncloud. The last file sharing platform you'll ever need
شرکت توسعه ارتباطات پردیس پارس owncloud The last file sharing platform you'll ever need. Explore the Features: Click Sync and Share Your Data, with Ease A Safe Home for All Your Data Your Data is Where
More informationArticle Number: 569 Rating: 2.7/5 from 3 votes Last Updated: Tue, Sep 12, 2017 at 2:54 AM
Nagios Plugins - Installing Nagios Plugins From Source Article Number: 569 Rating: 2.7/5 from 3 votes Last Updated: Tue, Sep 12, 2017 at 2:54 AM O ve r vie w This KB article provides instructions on installing
More informationInstalling an SSL certificate on your server
Installing an SSL certificate on your server Contents Introduction... 2 Preparing your certificate... 2 Installing your Certificate... 3 IIS 8... 3 IIS 7... 7 Apache... 10 Plesk 12... 11 Plesk Onyx...
More informationController Installation
The following describes the controller installation process. Installing the Controller, page 1 Controller Deployment, page 2 Controller Virtual Hard Disk Storage, page 4 Custom Controller Web UI Certificates,
More informationBitnami Pimcore for Huawei Enterprise Cloud
Bitnami Pimcore for Huawei Enterprise Cloud Description Pimcore is the open source platform for managing digital experiences. It is the consolidated platform for web content management, product information
More informationBitnami ez Publish for Huawei Enterprise Cloud
Bitnami ez Publish for Huawei Enterprise Cloud Description ez Publish is an Enterprise Content Management platform with an easy to use Web Content Management System. It includes role-based multi-user access,
More informationSecure Websites Using SSL And Certificates
By punk0mi Published: 2007-05-16 17:14 Secure Websites Using SSL And Certificates This how-to will guide you through the entire process of setting up a secure website using SSL and digital certificates.
More informationBitnami Tiny Tiny RSS for Huawei Enterprise Cloud
Bitnami Tiny Tiny RSS for Huawei Enterprise Cloud Description Tiny Tiny RSS is an open source web-based news feed (RSS/Atom) reader and aggregator, designed to allow you to read news from any location,
More informationBitnami Piwik for Huawei Enterprise Cloud
Bitnami Piwik for Huawei Enterprise Cloud Description Piwik is a real time web analytics software program. It provides detailed reports on website visitors: the search engines and keywords they used, the
More informationBitnami Re:dash for Huawei Enterprise Cloud
Bitnami Re:dash for Huawei Enterprise Cloud Description Re:dash is an open source data visualization and collaboration tool. It was designed to allow fast and easy access to billions of records in all
More informationSetting up the Apache Web Server
1 Setting up the Apache Web Server The Apache Web Server (Hyper Text Transfer Protocol) is the most popular web server available. The project gained popularity with Linux in the 1990 s as they teamed up
More informationBitnami Dolibarr for Huawei Enterprise Cloud
Bitnami Dolibarr for Huawei Enterprise Cloud Description Dolibarr is an open source, free software package for small and medium companies, foundations or freelancers. It includes different features for
More informationBitnami Coppermine for Huawei Enterprise Cloud
Bitnami Coppermine for Huawei Enterprise Cloud Description Coppermine is a multi-purpose, full-featured web picture gallery. It includes user management, private galleries, automatic thumbnail creation,
More informationThere are separate firewall daemons for for IPv4 and IPv6 and hence there are separate commands which are provided below.
SNMP Trap - Firewall Rules Article Number: 87 Rating: 1/5 from 1 votes Last Updated: Tue, Dec 18, 2018 at 5:25 PM Fir e wa ll Rule s These steps explain how to check if the Operating System (OS) of the
More informationBitnami OroCRM for Huawei Enterprise Cloud
Bitnami OroCRM for Huawei Enterprise Cloud Description OroCRM is a flexible open-source CRM application. OroCRM supports your business no matter the vertical. If you are a traditional B2B company, franchise,
More informationOrchid Core VMS Installation Guide
Orchid Core VMS Installation Guide Version 2.2.2 Orchid Core VMS Installation Guide v2.2.2 1 C O N T E N T S About the Orchid Core VMS Installation Guide 2 Installation 3 Working in Windows 3 Working in
More informationBitnami ProcessMaker Community Edition for Huawei Enterprise Cloud
Bitnami ProcessMaker Community Edition for Huawei Enterprise Cloud Description ProcessMaker is an easy-to-use, open source workflow automation and Business Process Management platform, designed so Business
More informationMac OSX Certificate Enrollment Procedure
Mac OSX Certificate Enrollment Procedure 1. Log on to your Macintosh machine, open a terminal to create a key: openssl genrsa -des3 -out dpvpn-cert.key 1024 2. Create a CSR file with the newly created
More informationAuthenticating and Importing Users with Active Directory and LDAP
Purpose This document describes how to integrate Nagios with Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) to allow user authentication and validation with an AD or LDAP infrastructure
More informationOrchid Fusion VMS Installation Guide
Orchid Fusion VMS Installation Guide Version 2.4.0 Orchid Fusion VMS Installation Guide v2.4.0 1 C O N T E N T S About the Orchid Fusion VMS Installation Guide 2 Installation 3 Working in Windows 3 Working
More informationAuthenticating and Importing Users with AD and LDAP
Purpose This document describes how to integrate with Active Directory (AD) or Lightweight Directory Access Protocol (LDAP). This allows user authentication and validation through the interface. This is
More informationPublic-key Infrastructure
Public-key Infrastructure Cryptosystems Cryptosystems Symmetric Asymmetric (public-key) RSA Public key: n=3233, e=17 Private key: d=2753 Let m=65 Encryption: c = 65 17 (mod 3233) = 2790 Decryption: m =
More informationBitnami TestLink for Huawei Enterprise Cloud
Bitnami TestLink for Huawei Enterprise Cloud Description TestLink is test management software that facilitates software quality assurance. It offers support for test cases, test suites, test plans, test
More informationBitnami OSQA for Huawei Enterprise Cloud
Bitnami OSQA for Huawei Enterprise Cloud Description OSQA is a question and answer system that helps manage and grow online communities similar to Stack Overflow. First steps with the Bitnami OSQA Stack
More informationBitnami Mantis for Huawei Enterprise Cloud
Bitnami Mantis for Huawei Enterprise Cloud Description Mantis is a complete bug-tracking system that includes role-based access controls, changelog support, built-in reporting and more. A mobile client
More informationBitnami ERPNext for Huawei Enterprise Cloud
Bitnami ERPNext for Huawei Enterprise Cloud Description ERPNext is an open source, web based application that helps small and medium sized business manage their accounting, inventory, sales, purchase,
More informationFasthosts Customer Support Generating Certificate Signing Requests
Fasthosts Customer Support Generating Certificate Signing Requests Generating a CSR is the first step to take when you want to apply an SSL certificate to a domain on your server. This manual covers how
More informationThis document is intended for use by Nagios Administrators that want to use Slack for notifications.
Purpose This document describes how integrate the Slack messaging platform with. This integration will allow to send notifications to Slack channels, enabling teams to see the health of their devices monitored
More informationMSE System and Appliance Hardening Guidelines
MSE System and Appliance Hardening Guidelines This appendix describes the hardening of MSE, which requires some services and processes to be exposed to function properly. This is referred to as MSE Appliance
More informationSSL Configuration: an example. July 2016
SSL Configuration: an example July 2016 This document details a walkthrough example of SSL configuration in an EM managed mongodb environment. SSL certificates are used to enforce certificate based security
More informationPublic-Key Infrastructure (PKI) Lab
SEED Labs PKI Lab 1 Public-Key Infrastructure (PKI) Lab Copyright 2018 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award
More informationAuthenticating and Importing Users with AD and LDAP
Purpose This document describes how to integrate with Active Directory (AD) or Lightweight Directory Access Protocol (LDAP). This allows user authentication and validation through the interface. This is
More informationInstall some base packages. I recommend following this guide as root on a new VPS or using sudo su, it will make running setup just a touch easier.
Nagios 4 on Ubuntu 16 Install some base packages. I recommend following this guide as root on a new VPS or using sudo su, it will make running setup just a touch easier. apt-get install php-gd build-essential
More informationGenerating Certificate Signing Requests
SSL Generating Certificate Signing Requests Page 1 Contents Introduction... 1 What is a CSR?... 2 IIS 8... 2 IIS 7... 7 Apache... 12 Generate a Key Pair... 12 Generate to CSR... 13 Backup your private
More informationPractical Exercise: Smartcard-based authentication in HTTP
MIECT: Security 2015-16 Practical Exercise: Smartcard-based authentication in HTTP November 24, 2015 Due date: no date Changelog v1.0 - Initial Version. 1 Introduction Smartcards can be used to authenticate
More information14. Configuring Telnet in Knoppix
14. Configuring Telnet in Knoppix Estimated Time: 45 Minutes Objective In this lab, the student will learn how to configure the Telnet service on a system so that the user can remotely administer a Knoppix
More informationPublic-key Infrastructure
Public-key Infrastructure Public-key Infrastructure A set of hardware, software, people, policies, and procedures. To create, manage, distribute, use, store, and revoke digital certificates. Encryption,
More informationGenesys Interaction Recording Solution Guide. WebDAV Requirements
Genesys Interaction Recording Solution Guide WebDAV Requirements 11/24/2017 Contents 1 WebDAV Requirements 1.1 Deploying the WebDAV Server 1.2 Configuring TLS for the WebDAV Server 1.3 Next Step Genesys
More informationBitnami Open Atrium for Huawei Enterprise Cloud
Bitnami Open Atrium for Huawei Enterprise Cloud Description Open Atrium is designed to help teams collaborate by providing an intranet platform that includes a blog, a wiki, a calendar, a to do list, a
More informationUCON-IP-NEO Operation Web Interface
UCON-IP-NEO Operation Web Interface copyright G&D 25/01/2012 Web Interface version 2.30 Subject to possible errors and technical modifications License notes G&D license Copyright G&D GmbH 2003-2012: All
More informationPublic-key Infrastructure
Public-key Infrastructure Public-key Infrastructure A set of hardware, software, people, policies, and procedures. To create, manage, distribute, use, store, and revoke digital certificates. Encryption,
More informationMoab Viewpoint. Reference Guide August 2016
Moab Viewpoint Reference Guide 9.0.2 August 2016 2016 Adaptive Computing Enterprises, Inc. All rights reserved. Distribution of this document for commercial purposes in either hard or soft copy form is
More informationBitnami Spree for Huawei Enterprise Cloud
Bitnami Spree for Huawei Enterprise Cloud Description Spree is an e-commerce platform that was designed to make customization and upgrades as simple as possible. It includes support for product variants,
More informationRed Hat Enterprise Linux 7 Getting Started with Cockpit
Red Hat Enterprise Linux 7 Getting Started with Cockpit Getting Started with Cockpit Red Hat Enterprise Linux Documentation Team Red Hat Enterprise Linux 7 Getting Started with Cockpit Getting Started
More informationSSL, Credit Card Transactions. CS174 Chris Pollett Nov. 5, 2007.
SSL, Credit Card Transactions CS174 Chris Pollett Nov. 5, 2007. Outline HTTPS and the Secure Socket Layer Credit Card Transactions HTTPS and the Secure Socket Layer When we use HTTP to browse the web,
More informationHow to Enable Client Certificate Authentication on Avi
Page 1 of 11 How to Enable Client Certificate Authentication on Avi Vantage view online Overview This article explains how to enable client certificate authentication on an Avi Vantage. When client certificate
More informationTeradici PCoIP Connection Manager 1.8 and Security Gateway 1.14
Teradici PCoIP Connection Manager 1.8 and Security Gateway 1.14 TER1502010/A-1.8-1.14 Contents Document History 4 Who Should Read This Guide? 5 PCoIP Connection Manager and PCoIP Security Gateway Overview
More informationServer software page. Certificate Signing Request (CSR) Generation. Software
Server software page Certificate Signing Request (CSR) Generation Software Apache (mod_ssl and OpenSSL)... 2 cpanel and WHM... 3 Microsoft Exchange 2007... 8 Microsoft Exchange 2010... 9 F5 BigIP... 13
More informationUsing ISE 2.2 Internal Certificate Authority (CA) to Deploy Certificates to Cisco Platform Exchange Grid (pxgrid) Clients
Using ISE 2.2 Internal Certificate Authority (CA) to Deploy Certificates to Cisco Platform Exchange Grid (pxgrid) Clients Author: John Eppich Table of Contents About this Document... 4 Using ISE 2.2 Internal
More informationApache Httpd Manual Conf Virtualhost Redirect
Apache Httpd Manual Conf Virtualhost Redirect Most linux distributions setup Apache with set of Note that it used to be named httpd.conf, if you In an Apache config file you will likely have a VirtualHost
More informationLinux Postfix Smtp (mail Server) Ssl Certificate Installation And Configuration
Linux Postfix Smtp (mail Server) Ssl Certificate Installation And Configuration Dec 30, 2014. HOW TO: Configure Godaddy Cert for Mail SSL instruction set to add a Godaddy cert (with intermediary file)
More informationSpreedbox Getting Started Guide
Spreedbox Getting Started Guide Last Updated: September 2017 CONTENTS 1. Introduction... 3 2. Prerequisites... 4 3. Opening the box... 5 4. USB Manual, Quick Start Guide & MAC Sticker... 6 5. International
More informationDeltek Maconomy. Navigator Installation
Deltek Maconomy Navigator 1.0.1 Installation January 30, 2015 While Deltek has attempted to verify that the information in this document is accurate and complete, some typographical or technical errors
More informationeroaming platform Secure Connection Guide
eroaming platform Secure Connection Guide Contents 1. Revisions overview... 3 2. Abbrevations... 4 3. Preconditions... 5 3.1. OpenSSL... 5 3.2. Requirements for your PKCS10 CSR... 5 3.3. Java Keytool...
More informationOffloading MySQL to Remote Server
Purpose This document is meant to show a step-by-step guide for offloading the MySQL services from the central server to an external, remote server. Target Audience This document is intended for use by
More informationBitnami Phabricator for Huawei Enterprise Cloud
Bitnami Phabricator for Huawei Enterprise Cloud IMPORTANT: Phabricator requires you to access the application using a specific domain. This domain is the public IP address for the cloud server. Description
More informationVIRTUAL GPU LICENSE SERVER VERSION , , AND 5.1.0
VIRTUAL GPU LICENSE SERVER VERSION 2018.10, 2018.06, AND 5.1.0 DU-07754-001 _v7.0 through 7.2 March 2019 User Guide TABLE OF CONTENTS Chapter 1. Introduction to the NVIDIA vgpu Software License Server...
More informationBitnami Trac for Huawei Enterprise Cloud
Bitnami Trac for Huawei Enterprise Cloud Description Trac is an enhanced wiki and issue tracking system for software development projects. It provides interfaces to Subversion and Git, an integrated Wiki
More informationmobilefish.com Create self signed certificates with Subject Alternative Names
Create self signed certificates with Subject Alternative Names INTRO In this video I will explain how to create a self signed certificate with Subject Alternative Names (SAN). CERTIFICATE WITH SUBJECT
More informationInstalling SmartSense on HDP
1 Installing SmartSense on HDP Date of Publish: 2018-07-12 http://docs.hortonworks.com Contents SmartSense installation... 3 SmartSense system requirements... 3 Operating system, JDK, and browser requirements...3
More informationMoab Viewpoint. Administrator Guide October 2015 Revised December 15, 2015
Moab Viewpoint Administrator Guide 9.0.0 October 2015 Revised December 15, 2015 2015 Adaptive Computing Enterprises, Inc. All rights reserved. Distribution of this document for commercial purposes in either
More informationImage Management Service. User Guide. Issue 03. Date
Issue 03 Date 2016-10-19 Contents Contents Change History... v 1 Overview... 6 1.1 Concept... 6 1.1.1 What Is Image Management Service?... 6 1.1.2 OSs for Public Images Supported by IMS... 7 1.1.3 Image
More informationBitnami JFrog Artifactory for Huawei Enterprise Cloud
Bitnami JFrog Artifactory for Huawei Enterprise Cloud Description JFrog Artifactory is a Binary Repository Manager for Maven, Ivy, Gradle modules, etc. Integrates with CI servers for fully traceable builds.
More informationRed Hat Gluster Storage 3.3
Red Hat Gluster Storage 3.3 Quick Start Guide Getting Started with Web Administration Last Updated: 2017-12-15 Red Hat Gluster Storage 3.3 Quick Start Guide Getting Started with Web Administration Rakesh
More informationHTTPS Setup using mod_ssl on CentOS 5.8. Jeong Chul. tland12.wordpress.com. Computer Science ITC and RUPP in Cambodia
HTTPS Setup using mod_ssl on CentOS 5.8 Jeong Chul tland12.wordpress.com Computer Science ITC and RUPP in Cambodia HTTPS Setup using mod_ssl on CentOS 5.8 Part 1 Basic concepts on SSL Step 1 Secure Socket
More informationCA Nimsoft Unified Management Portal
CA Nimsoft Unified Management Portal DMZ Guide 6.5 Document Revision History Document Version Date Changes 1.0 12/15/2011 Initial version for UMP 2.6. Modified the instructions for configuring the Apache
More informationGetting Started with the VQE Startup Configuration Utility
CHAPTER 2 Getting Started with the VQE Startup Configuration Utility This chapter explains how to use the Cisco VQE Startup Configuration Utility to perform the initial configuration tasks needed to get
More informationExercises Basics of Web Security Experiential Learning Workshop
Exercises Basics of Web Security Experiential Learning Workshop 1 General Guidelines 1. Make a team of two unless stated otherwise. 2. For each exercise, use wireshark capture to verify contents 3. Ensure
More informationDownloading and installing Db2 Developer Community Edition on Red Hat Enterprise Linux Roger E. Sanders Yujing Ke Published on October 24, 2018
Downloading and installing Db2 Developer Community Edition on Red Hat Enterprise Linux Roger E. Sanders Yujing Ke Published on October 24, 2018 This guide will help you download and install IBM Db2 software,
More informationSCCM Plug-in User Guide. Version 3.0
SCCM Plug-in User Guide Version 3.0 JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software 301 4th Ave
More informationBitnami Moodle for Huawei Enterprise Cloud
Bitnami Moodle for Huawei Enterprise Cloud Description Moodle is a Course Management System that is designed using sound pedagogical principles to help educators create effective online learning communities.
More informationUCServer Webservice Release. Best Practice
UCServer Webservice Release Best Practice Legal Information/Imprint The information contained in this document reflects the state of knowledge at the time the document was created. Errors and subsequent
More informationDownloading and installing Db2 Developer Community Edition on Ubuntu Linux Roger E. Sanders Yujing Ke Published on October 24, 2018
Downloading and installing Db2 Developer Community Edition on Ubuntu Linux Roger E. Sanders Yujing Ke Published on October 24, 2018 This guide will help you download and install IBM Db2 software, Data
More informationRed Hat Enterprise Linux Atomic Host 7 Getting Started with Cockpit
Red Hat Enterprise Linux Atomic Host 7 Getting Started with Cockpit Getting Started with Cockpit Red Hat Atomic Host Documentation Team Red Hat Enterprise Linux Atomic Host 7 Getting Started with Cockpit
More informationVIRTUAL GPU LICENSE SERVER VERSION AND 5.1.0
VIRTUAL GPU LICENSE SERVER VERSION 2018.06 AND 5.1.0 DU-07754-001 _v6.0 through 6.2 July 2018 User Guide TABLE OF CONTENTS Chapter 1. Introduction to the NVIDIA vgpu Software License Server... 1 1.1. Overview
More informationInstall Apache, PHP And MySQL On CentOS 7 (LAMP)
Install Apache, PHP And MySQL On CentOS 7 (LAMP) Version 1.0 Authors: Till Brehm , Falko Timme Updates: Srijan Kishore Follow Howtoforge
More informationSecuring Communications with your Apache HTTP Server. Lars Eilebrecht
with your Apache HTTP Server Lars Eilebrecht Lars@apache.org About Me Lars Eilebrecht Independent IT Consultant Contributor to the Apache HTTP Server project since 1996 Member of the ASF Security Team
More informationFlush Dns Settings Linux Redhat 5 Step Step
Flush Dns Settings Linux Redhat 5 Step Step Setup Cahing DNS Server in RHEL/CentOS 7. DNS cache servers are used to resolve any DNS query they receive. Operating System : CentOS Linux release 7.0.1406
More informationGateDefender Performa updates from a local Web server
GateDefender Performa updates from a local Web server Copyright notice Panda Security 2008. All rights reserved. Neither the documents nor the programs that you may access may be copied, reproduced, translated
More informationNimsoft Unified Management Portal
Nimsoft Unified Management Portal DMZ Guide 6.0 Document Revision History Document Version Date Changes 1.0 12/15/2011 Initial version for UMP 2.6. Modified the instructions for configuring the Apache
More informationBitnami DokuWiki for Huawei Enterprise Cloud
Bitnami DokuWiki for Huawei Enterprise Cloud Description DokuWiki is a standards-compliant, simple to use wiki optimized for creating documentation. It is targeted at developer teams, workgroups, and small
More informationRed Hat Ceph Storage 3
Red Hat Ceph Storage 3 Monitoring Ceph for Ubuntu with Nagios Monitoring Ceph for Ubuntu with Nagios Core. Last Updated: 2018-09-07 Red Hat Ceph Storage 3 Monitoring Ceph for Ubuntu with Nagios Monitoring
More informationCisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at
Document Date: May 16, 2017 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL
More informationCertificate service - test bench. Project to establish the National Incomes Register
Certificate service - test bench Project to establish the National Incomes Register 2 (9) CONTENTS 1 Foreword... 3 2 Test materials... 3 2.1 Parameters used in the test bench services... 3 2.2 Test bench
More informationUsing SSL/TLS with Active Directory / LDAP
Purpose This document describes how to install the required certificate on the for use with LDAP or Active Directory (AD) Integration in. This process is required if your LDAP / AD server has a self signed
More informationArticle Number: 406 Rating: 3/5 from 2 votes Last Updated: Mon, Jun 5, 2017 at 3:08 AM. This document describes how to install NDOUtils from source.
NDOUtils - Installing NDOUtils Article Number: 406 Rating: 3/5 from 2 votes Last Updated: Mon, Jun 5, 2017 at 3:08 AM O ve r vie w This document describes how to install NDOUtils from source. This guide
More informationClient Authenticated SSL Server Setup Guide for Apache Webservers
1 of 18 PROTECTID Client Authenticated SSL Server Setup Guide for Apache Webservers Document: MK UM 02180405 01 ProtectIDclientAuthSSLsetupApache.doc 2 of 18 Copyright 2005 Sentry Project Management All
More informationHPE Knowledge Article
HPE Knowledge Article HPE 5930/5940 Switch Series - Connect to OVSDB Client Article Number mmr_sf-en_us000021071 Environment HPE 5930/5940 switches can be configured as OVSDB servers. One common use case
More information