Todd Smith Org

April 28, 2009

Compile Bind 9 on Ubuntu / Debian

Filed under: Server Technology,Unix Administration,Web Hosting — admin @ 1:09 pm

Quick, and dirty:

apt-get install libssl-dev
wget http://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz
./configure --prefix=/opt/bind9 --with-openssl=yes --sysconfdir=/etc/bind --with-randomdev=/dev/urandom
make && make install

Setup the named.conf, options, loggin, and zones

named.conf

include "/etc/bind/named.logging";

include "/etc/bind/named.options";



        zone "." {
                type hint;
                file "root.cache";
        };



include "/etc/bind/named.master";

include "/etc/bind/named.reverse";

named.logging

logging {
        channel "querylog" {
          file "/var/log/query.log";
          print-time yes;
        };
        channel default_log {
          file "/var/log/named.log";
          print-time yes;
        };
        category queries { querylog; };
        category default { default_log; default_debug; };
        category lame-servers { null; };
};

named.options

acl "toddsmithorg_networks"  { 23.35.27.1/25; };
acl "client_networks" { 192.198.140.0/25; };
options {
        directory "/var/named";
        pid-file "/var/run/named.pid";
        allow-recursion { toddsmithorg_networks; client_networks; };
        version "no thankyou";
        notify no;
        listen-on port 53 {
                127.0.0.1;
                23.35.27.10;
        };
        allow-transfer {
                23.35.27.11;
        };
};

named.master

zone "toddsmith.org" IN {
        type master;
        file "toddsmith.org";
};

Setup your init script

#! /bin/sh

NAMED_ROOT="/opt/bind9"

case "$1" in
    start)
        echo -n "Starting named... "
        $NAMED_ROOT/sbin/named -u named -c /etc/bind/named.conf && echo OK
        ;;
    stop)
        echo -n "Stopping named... "
        kill -15 `cat /var/run/named.pid` && echo OK
        ;;
    restart|reload)
        $0 stop  &&  $0 start
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|reload}"
        exit 1
esac
exit 0

This should get you started

Ubuntu / Debian NFS Client

Filed under: Unix Administration — admin @ 11:21 am

NFS requires portmap to be installed. Install the following packages to install support for an NFS client.

sudo apt-get install portmap nfs-common

April 23, 2009

Compile a Linux Kernel on Cent OS

Filed under: Server Technology,Unix Administration,Web Hosting — admin @ 10:22 pm

The CentOS Way

Install the development utils, libs and headers

yum install gcc gcc-c++ kernel-devel ncurses-devel rpm-build

Grab a new kernel

wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.29.1.tar.gz
tar zxvf linux-2.6.29.1
cd !$

Make sure you enable support for at least the hardware in the machine you’re compiling the kernel on (safe bet). You can use the lspci command to figure out what that is

[root@c1024 linux-2.6.29.1]# lspci 
00:00.0 Host bridge: Intel Corporation 82G33/G31/P35/P31 Express DRAM Controller (rev 10)
00:02.0 VGA compatible controller: Intel Corporation 82G33/G31 Express Integrated Graphics Controller (rev 10)
00:1c.0 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 1 (rev 01)
00:1d.0 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #1 (rev 01)
00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2 (rev 01)
00:1d.2 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #3 (rev 01)
00:1d.3 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #4 (rev 01)
00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller (rev 01)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev e1)
00:1f.0 ISA bridge: Intel Corporation 82801GB/GR (ICH7 Family) LPC Interface Bridge (rev 01)
00:1f.1 IDE interface: Intel Corporation 82801G (ICH7 Family) IDE Controller (rev 01)
00:1f.2 IDE interface: Intel Corporation 82801GB/GR/GH (ICH7 Family) SATA IDE Controller (rev 01)
00:1f.3 SMBus: Intel Corporation 82801G (ICH7 Family) SMBus Controller (rev 01)
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E PCI Express Fast Ethernet controller (rev 01)
[root@c1024 linux-2.6.29.1]#

Create your kernel config. (If you already have one, just create a new file called .config and put your kernel configuration in it.

make menuconfig

or

make config

Once you have completed your kernel configuration, you can build the kernel and create an RPM for installation on other hosts. I have a Core2Quad CPU in this system, so I’ll set the number of jobs to 5 -j5

make -j5 rpm

After it has built (without errors) you need to install the kernel from RPM, do a directory listing to see what the name of the file that was built is:

ls /usr/src/redhat/RPMS/`uname -m`
cd !$
rpm -ivh kernel-2.6.29.1.x86_64.rpm

Okay, now create an initial ramdisk for the kernel (initrd)

mkinitrd /boot/initrd-2.6.29.1.img 2.6.29.1

Now edit your /boot/grub/menu.lst to include the new kernel and you’re all set!

Enjoy.

April 20, 2009

Setup RAID on Ubuntu Desktop

Filed under: Uncategorized — admin @ 9:37 am

I have a client who needed a nice little web design station using open source software. One of the requirements is to have RAID. So, having used linux software RAID for about 10 years now, I am very comfortable with it. Unfortunately the installer in Ubuntu Intrepid does not seem to have support for configuring the software RAID, LVM, Encryption and all that rot.

So let’s do it from the terminal, Install as normal and then use the following process.

Change the partition types on your disk to 0xfd. I reconfigured /dev/sda as follows:

root@ubuntu:~# fdisk -l /dev/sda

Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x965c0f26

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          20      160618+  fd  Linux raid autodetect
/dev/sda2              21       60000   481789350   fd  Linux raid autodetect
/dev/sda3           60001       60801     6434032+  83  Linux
root@ubuntu:~#

Then copy that partition table to /dev/sdb

dd if=/dev/sda of=/dev/sdb count=1 bs=512

Now reboot, or Call “Call ioctl() to re-read partition table.”

Now it’s time to install mdadm

apt-get -f -y install mdadm

And finally, setup the RAID

mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1
mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sda2 /dev/sdb2

Verify the raid status with:

cat /proc/mdstat

Change the /etc/fstab

instead of LABEL=blahblah

change to /dev/md0

I’m sorry, this is incomplete

R

April 18, 2009

Configure XenServer 5.0 Free for Software RAID 1

Filed under: Server Technology,Unix Administration — admin @ 4:35 pm

I used the notes from some guy on the Citrix forums. I wish that I had his name so I could give him credit but it’s not here on the stuff I printed out.

On with the show.

To make this work, you need to drives in your system. The second drive must be identical or larger than the first, and you must have installed XenServer to the first drive without selecting the second drive as part of the storage pool.

Install XenServer as usual. Do not select any extra drives as storage pools.

After installation, boot up, and login into console 3 (Alt-F3) as root

type fdisk -l to list the partitions:

Most likely your disks are represented by SCSI device names under linux / XenServer 5.0

in that case your boot disk would be /dev/sda,

To copy the partition table from /dev/sda to /dev/sdb you can use dd

dd if=/dev/sda of=/dev/sdb bs=512 count=1

Now set the partition table up on /dev/sdb the way it should be for Linux RAID. This means setting the partition types to 0xfd.

I used the following command:

echo -e "\nt\n1\nfd\nt\n3\nfd\nw\nx" | fdisk /dev/sdb

That tells says to fdisk, “tag partition 1 as type 0xfd, tag partition 3 as type 0xfd”

Check to make sure the /dev/md? devices are present

[ -e /dev/md0 ] || mknod /dev/md0 b 9 0
[ -e /dev/md1 ] || mknod /dev/md1 b 9 1

Startup the degraded RAID devices

mdadm --create /dev/md0 --level=1 --raid-devices=2 missing /dev/sdb1
mdadm --create /dev/md1 --level=1 --raid-devices=2 missing /dev/sdb3

The following procedure is directly from the other guys notes. I’ve modified the commands to what I think works a little better.

pvcreate /dev/md1
volume_group=`vgscan | grep VG | awk -F \" '{print $2}'`
vgextend $volume_group /dev/md1
pvmove /dev/sda3 /dev/md1
# If this is a fresh install, then there won't be any data to move
vgreduce $volume_group /dev/sda3

Now we’re ready to copy the filesystem over to the RAID device /dev/md0

mkfs.ext3 /dev/md0
cd / && mount /dev/md0 /mnt && rsync -a --progress --exclude=/sys --exclude=/proc --exclude=/dev/shm --exclude=/dev/pts / /mnt
mkdir /mnt/sys
mkdir /mnt/proc
sed -r -i 's,LABEL=root-\w+ ,/dev/md0 ,g' /mnt/etc/fstab

Now let’s setup initrd

mkdir /root/initrd && cd /root/initrd
zcat /boot/initrd-`uname -r`.img | cpio -i && \
cp /lib/modules/`uname -r`/kernel/drivers/md/raid1.ko lib

Now we have to edit the init file

q="echo Waiting for driver initialization."
sed -r -i "s,^${q}$,\n\necho Loading raid1.ko module\ninsmod /lib/raid1.ko\n${q}\n,g" init
q="resume /var/swap/swap.001"
sed -r -i "s,^${q}$,${q}\necho Running raidautorun\nraidautorun /dev/md0\nraidautorun /dev/md1,g" init
r=`grep mkroot /root/initrd/init`
sed -r -i "s|^${r}$|${r/sda1/md0}|g" init

Now we’ll copy the initial ramdisk to the /boot on the new RAID

find . -print | cpio -o -c | gzip -c > /boot/initrd-`uname -r`.img
sed -r -i 's,LABEL=root-\w+ ,/dev/md0 ,g' /mnt/etc/fstab
sed -r -i 's,LABEL=root-\w+ ,/dev/md0 ,g' /etc/fstab

And setup the boot loader

sed -r -i 's,root=LABEL=root-\w+ ,root=/dev/md0 ,g' /mnt/boot/extlinux.conf
sed -r -i 's,root=LABEL=root-\w+ ,root=/dev/md0 ,g' /boot/extlinux.conf
cat /usr/lib/syslinux/mbr.bin > /dev/sdb
cd /mnt && extlinux -i boot/
extlinux -i boot/

If you’ve done this remotely, you can try the following.

cp /mnt/boot/extlinux.conf /boot/
cp /mnt/boot/initrd-`uname -r`.img /boot

Unmount /dev/md0, sync, and reboot

cd ; umount /mnt || umount /dev/md0
sync
reboot

First we tag the partitions as type Linux raid, then we have to add /dev/sda to the RAID.

echo -e "\nt\n1\nfd\nt\n3\nfd\nw\nx" | fdisk /dev/sda
mdadm -a /dev/md0 /dev/sda1
mdadm -a /dev/md1 /dev/sda3

Troubleshooting

The first time I did this procedure I got stuck because my rsync didn’t copy /proc and /sys like I asked it not to. So I had to add the step of creating those two directories so they could be mounted at boot.

After messing around with it a little, I came up with this command line to boot XenServer 5 from extlinux.

mboot.c32 /boot/xen.gz dom0_mem=752M --- /boot/vmlinuz-2.6-xen root=/dev/md0  single --- /boot/initrd-2.6-xen.img

April 17, 2009

Intel AMT bios support

Filed under: Device Configuration,Server Technology — admin @ 12:51 pm

Intel AMT, allows enhanced hardware-based isolation and recovery for embedded systems that go offline, and the IntelĀ® Rapid Recover Technology, which allows embedded devices to recover data and return the system to an operational status in the event of hard drive failure or massive data corruption.

Intel VT-d Bios Support

Filed under: Device Configuration,Server Technology — admin @ 12:50 pm

A technology in the Intel Q35 chipset; Intel VT-d, provides advanced remote management capabilities for I/O devices. The technology enables partitioning of I/O devices to virtual machines to distribute system resources and protect assets. Intel VT-d will improve performance by increasing the bandwidth and lowering the latency attributed to software virtualization. Industrial automation applications and network appliances are two key segments that could benefit from this technology.

April 9, 2009

Extreme Summit 48s NAT Howto

Filed under: Device Configuration — admin @ 3:26 pm

This is a simple HOWTO configuration for NAT on an Extreme Summit 48s

This assumes two VLANs an internal and external:

Nat Configuration

The steps to get NAT running are:

  1. Add a NAT rule
  2. Set the NAT timeout
  3. Configure “internal” vlan(s)
  4. Configure “external” vlan(s)
  5. enable nat

Assuming you have an external vlan called “ext” and an internal block of IPs at 172.16.166.0/24 and an external address 198.168.0.10/32; you can use the following:

Configure a NAT rule

configure nat add “ext” map source 172.16.166.1/32 to 198.168.0.10/32

Configure the NAT timeout

configure nat timeout 300

Configure the internal VLAN for NAT

configure nat “webserver-internal” inside

Configure the external VLAN for NAT

configure nat ext outside
configure nat Default outside

Enable NAT

enable nat

That should be all there is to it. I hope this worked for you.

April 1, 2009

Howto Create your own Certificate Authority (the easy way)

Filed under: Security Technology,Unix Administration,Web Hosting — admin @ 6:54 pm

Create your own Certificate Authority in less than 10 minutes

This allows you to create a Certificate Authority otherwise known as a CA so you can sign your own certificates. This script has two requirements. A *nix machine with /bin/sh, /bin/bash or a compatible shell, and openssl from the OpenSSL project. You can start the timer now…

I’ve written a script to greatly simplify and automate the processes of both creating the Certificate Authority, and creating Certificates. The script has two basic functions:

  1. Create a Certificate Authority
  2. Create keys, certificates, and certificate signing requests, and sign them using the Certificate Authority

Directions for Use

To get this all setup in running, you just need to create a directory, create two files, and execute one of them. Edit the openssl.cnf with your favorite text editor (vim, emacs, nano, pico, ed, joe, whatever), put in your info and then run CAAdmin.sh to get started

From here open a terminal to get started

Create a working directory (copy and paste this block of code into your terminal)

mkdir Certificate_Authority_Admin
cd Certificate_Authority_Admin

Create openssl.cnf (copy and paste this block of code into your terminal)

cat << EoF > openssl.cnf
#
# OpenSSL configuration file.
# 

# Establish working directory.
dir = "CA"

[ ca ]
default_ca = CA_default 

[ CA_default ]
serial = $dir/serial
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/public/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 730
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match 

[ policy_match ]
countryName = supplied
stateOrProvinceName = supplied
organizationName = supplied
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req

[ req_distinguished_name ]
# Variable name   Prompt string
#----------------------   ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64

# Default values for the above, for consistency and less typing.
# Variable name   Value
#------------------------------   ------------------------------
0.organizationName_default = ToddSmith, Org
organizationalUnitName_default = Secure Services
countryName_default = US
localityName_default = Los Angeles
emailAddress_default = ca@toddsmith.org
stateOrProvinceName_default = California
commonName_default = toddsmith.org

[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always 

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
EoF

Create the CAAdmin Script (copy and paste this block of code into your terminal)

cat << EoF > CAAdmin.sh
#!/bin/bash
cadir=CA
conf="openssl.cnf"
cwd=`pwd`

echo -n "Do you want to create a Certificate Authority? [yes or no] : " && read answer
if [ "X$answer" == "Xyes" ] ; then
        mkdir -p CA
        cd CA
        mkdir public crl newcerts private
        echo 01 > serial
        cp /dev/null index.txt
        if [ ! -f ../openssl.cnf ] ; then
                echo "Must setup an openssl.cnf"
                exit 1
        fi
        openssl req -new -x509 -keyout private/cakey.pem -out public/cacert.pem -days 365 -config ../openssl.cnf
        cd $cwd
fi

echo -n "Do you want to create a certificate for an SSL enabled server? [yes or no] : " && read answer
[ $answer == "yes" ] || exit 1

echo -n "What is the name of this cert / key? (certfilename) : " && read certfile
if [ $certfile != "" ] ; then
        unset answer
        openssl req -new -nodes -out req.pem -config $conf && \
        mv key.pem "${certfile}.key.pem" && \
        mv req.pem "${certfile}.req.pem" && \
        openssl req -in "${certfile}.req.pem" -text -verify -noout && \
        echo -n "Does information look correct? [yes or no] : " && read answer
        if [ $answer == "yes" ] ; then
                unset answer
                openssl ca -out "${certfile}.crt.pem" -config "$conf" -infiles "${certfile}.req.pem"
        fi
        echo -n "Do you want to strip the certificate? [yes or no] : " && read answer
        if [ $answer == "yes" ] ; then
                unset answer
                mv "${certfile}.crt.pem" "${certfile}.crt.tmp"
                openssl x509 -in "${certfile}.crt.tmp" -out "${certfile}.crt.pem" && \
                export key_stripped=1 && \
                rm "${certfile}.crt.tmp"
        fi
        if [ $key_stripped == 1 ] ; then
                echo -n "Do you want to create a combined cert/key file? [yes or no] : " && read answer
                if [ $answer == "yes" ] ; then
                        unset answer;
                        cat ${certfile}.crt.pem ${certfile}.key.pem > ${certfile}.crtkey.pem
                fi
        fi
fi
EoF

Edit the openssl.cnf with your favorite editor to customize it for you.

Now I’m gonna run you through the script one time and you can see how simple it is.

tsmith@tejinashi:~/Certificate_Authority_Admin$ ls
CAAdmin.sh      openssl.cnf
tsmith@tejinashi:~/Certificate_Authority_Admin$ sh CAAdmin.sh
Do you want to create a Certificate Authority? [yes or no] : yes
Generating a 1024 bit RSA private key
....................++++++
.++++++
writing new private key to 'private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Organization Name (company) [ToddSmith, Org]:
Organizational Unit Name (department, division) [Secure Services]:
Email Address [ca@toddsmith.org]:
Locality Name (city, district) [Los Angeles]:
State or Province Name (full name) [California]:
Country Name (2 letter code) [US]:
Common Name (hostname, IP, or your name) [toddsmith.org]:
Do you want to create a certificate for an SSL enabled server? [yes or no] : yes
What is the name of this cert / key? [certfile] : mail.toddsmith.org
Generating a 1024 bit RSA private key
..............................++++++
............................................++++++
writing new private key to 'key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Organization Name (company) [ToddSmith, Org]:
Organizational Unit Name (department, division) [Secure Services]:
Email Address [ca@toddsmith.org]:
Locality Name (city, district) [Los Angeles]:
State or Province Name (full name) [California]:
Country Name (2 letter code) [US]:
Common Name (hostname, IP, or your name) [toddsmith.org]:mail.toddsmith.org
verify OK
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: O=ToddSmith, Org, OU=Secure Services/emailAddress=ca@toddsmith.org, L=Los Angeles, ST=California, C=US, CN=mail.toddsmith.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:d1:be:57:f7:e1:35:5b:01:fb:0d:20:06:23:dc:
                    44:f7:89:0e:f7:f6:71:5f:17:91:58:01:99:2f:75:
                    00:0d:e1:d7:0b:35:c1:90:e8:f9:56:a5:82:7b:a1:
                    97:79:b1:5b:7e:70:fd:cd:e0:95:5d:d1:f4:38:4d:
                    3f:00:fe:8a:a0:9a:66:2a:3c:45:27:e0:b1:98:3d:
                    40:2b:03:3c:5e:95:e1:48:79:a9:03:65:78:19:9b:
                    e9:39:06:6f:d6:ad:6f:12:55:dd:18:45:76:50:fd:
                    40:9a:60:7e:53:fb:67:0d:1b:1e:7f:e6:70:0d:ab:
                    2b:4c:45:5e:0e:df:c9:3f:5d
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                56:61:49:B0:F8:DA:58:9E:4A:14:EF:3B:61:D4:74:AF:B6:AF:3A:ED
    Signature Algorithm: md5WithRSAEncryption
        b5:8d:6f:16:87:1f:cb:78:16:03:9f:95:cf:4b:8d:b8:81:c0:
        a9:e4:a0:de:c1:72:b0:3c:c8:2f:26:5e:ff:af:24:de:68:76:
        e9:d0:f3:36:6d:d6:ea:40:27:19:33:91:ec:89:42:7b:ac:18:
        82:59:bf:c3:22:83:77:79:19:a1:05:92:6f:43:be:17:0d:c0:
        e8:f5:f6:a0:fe:1b:05:ab:fd:56:b8:3a:3b:81:d0:e3:c4:60:
        14:db:2f:de:27:a7:da:bc:72:10:e7:de:77:16:18:5e:30:81:
        d2:c6:1e:bf:96:f6:23:42:c2:0a:2e:3e:15:ff:bf:82:be:9d:
        0d:16
Does information look correct? [yes or no] : yes
Using configuration from openssl.cnf
Enter pass phrase for CA/private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName      :P RINTABLE:'ToddSmith, Org'
organizationalUnitName:PRINTABLE:'Secure Services'
localityName          :P RINTABLE:'Los Angeles'
stateOrProvinceName   :P RINTABLE:'California'
countryName           :P RINTABLE:'US'
commonName            :P RINTABLE:'mail.toddsmith.org'
Certificate is to be certified until Apr  2 01:42:45 2011 GMT (730 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Do you want to strip the certificate? [yes or no] : yes
Do you want to create a combined cert/key file? [yes or no] : yes
tsmith@tejinashi:~/Certificate_Authority_Admin$ ls -1
CA
CAAdmin.sh
mail.toddsmith.org.crt.pem
mail.toddsmith.org.crtkey.pem
mail.toddsmith.org.key.pem
mail.toddsmith.org.req.pem
openssl.cnf
tsmith@tejinashi:~/Certificate_Authority_Admin$

There you have it. If you want to create another key, run it again. From this point forward you will probably want to answer “no” when the script asks if you want to create a new Certificate Authority. I have not tested it.

I hope that you found this useful.

Powered by WordPress