• Cisco Unified Communications Manager 12 Install Errors on Proxmox/KVM


    The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs. qemu-kvm command: /usr/libexec/qemu-kvm -version QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard ........
  • How To Use Letsencrypt SSL/TLS Encryption to Create Certificates without installing on the target machine


    For some reason, perhaps you don't want to run a daemon or let Letsencrypt have access to your production server. There is a way to use it like a normal CSR/CA setup in manual mode. ./letsencrypt-auto certonly --manual -d realtechtalk.com - www.realtechtalk.com   Eventually you will get prompted to create a certain path and file with certain data: Create a file containing just this data: Casdfasfadsfsad........
  • letsencrypt certbot error "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80."


    ./certbot-auto --apache certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): yourdomain.com Obtaining a new certificate Performing the following challenges: http-01 challenge for yourdomain.com Cleaning........
  • VMWare ESXi 6.7 SSH/PowerShell CLI Commands


    [root@localhost:~] BootModuleConfig.sh echo host-ind nfcd........
  • [warn] VirtualHost 10.2.5.101:443 overlaps with VirtualHost 10.2.5.101:443, the first has precedence, perhaps you need a NameVirtualHost directive


    [root@thetor2017 conf]# service httpd restart Stopping httpd: [ OK ] Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers, lowering MaxClients to 300. To increase........
  • OVF Tool: Error: Task failed on server: This host does not support Intel VT-x. VMWare VCenter install On ESXi ERror


    Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled: cat /sys/module/kvm_intel/parameters/nested Y cat /sys/module/kvm_intel/parameters/ept Y OVF Tool: Disk progress: 99% OVF Tool: Transfer Completed OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance- OVF Tool: Task p........
  • VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI


    #mount the VCSA DVD mount /dev/sr0 /mnt/cd #alternatively you could mount the iso directly mount -o loop vcsa.iso /your/mount/path #for this purpose we are using the CLI installer on Linux cd /mnt/cd/vcsa-cli-installer/lin64 #no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file ./vcsa-deploy Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........
  • Cannot create gradle for conversations


    The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location. Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error export ANDROID_HOME=/home/user/Downloads/tools/ Conversations-master$ ./gradlew Downloading https://services.gradle.org/distributions/grad........
  • Installing SSL Certificate with Chain Intermediary CA File


    Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!). In the Apache vhost conf for the domain here is what you add: SSLCACertificateFile /path/to/your/cafile.pem Here is a full example of an SSL Vhost config in Apache using a CA Certificate file ........
  • M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected fedora-archive.ip-connect.vn.ua, got DNS:mirror.ip-connect.vn.ua


    You are using Centos 5 which is deprecated so nothing in yum will work until you follow this post to use the vault: http://realtechtalk.com/Centos_59_Working_Vault_Repo_file-1921-articles yum update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * epel: fedora-archive.ip-connect.vn.ua Traceback........
  • [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Err


    [Wed Sep 20 15:34:44 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Sep 20 15:34:44 2017] [error] Init: Unable to read server certificate from file /www/ssl-certs/server.crt [Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Sep 20 15:34:44 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error........
  • Apache SSL very slow response with Firefox Freezes/Loads Very slow when checking self-signed SSL certificate


    I was sure this was a Centos bug with OpenSSL, Apache, MySQL or even PHP. I tried everything but nothing helped. One clue is that if you check the Apache logs you will see nothing in the access logs until minutes later (this means Firefox has not even passed your request to the remote Apache/htttpd server). When even accepting the invalid certificate message that would show up minutes later when trying to "View the Certificate" Firefox would freeze. This bu........
  • [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) - Apache Error Solution


    Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key How can you fix it and do it properly? Step 1.) Make a new Private KeyCreate server pass key:........
  • How to verify SSL SHA-1 Certificate Fingerprnit Signature of your mail/web server to avoid hijacking/man-in-the-middle attacks


    This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually. So your e-mail/web client will show you an SHA-1 fingerprint like this: "Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain. It will also show you........
  • Centos 5 OpenSSL does not support TLS 1.2 Apache Error


    [Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down [Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert' [Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled [Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
  • How to Properly Secure SSL/TLS Apache Settings against Heartbleed Poodle (TLS) Poodle (SSLv3) FREAK BEAST CRIME


    Many users still are not aware but simply patching OpenSSL does not secure you against many known and easy to exploit attacks that will render your encryption useless by an attacker. Use the following setings in /etc/httpd/conf.d/ssl.conf SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !CAMELLIA !SEED !3DES !RC4 !aNULL !eNULL !LOW !MD5 !EXP !PSK !........
  • curl: (35) SSL connect error solution


    curl -k https://somesite.org curl: (35) SSL connect error The site used to work until I got a new SSL cert Updating curl with (yum -y install curl) made it work again. ........
  • Avocent 8020 KVM Java Icedtea Viewer


    It seems every other updated version of Java or Icedtea breaks things and I will save the frustration of Java for another post. *If you get the icedteaweb window but nothing loads or prompts it is probably your security settings that won't even prompt to run it. See this article to solve that problem. To fix this error you need to edit the java.security file m........
  • CPanel SNI error


    Your server does not support SNI, so all of your SSL websites must use the same SSL certificate. An update to the certificate on an existing SSL website will affect all of your SSL websites, and new SSL websites must use the currently installed certificate.........
  • Unable to configure RSA server private key SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch


    [Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key [Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The above is an accurate description of what is wrong. In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........
  • Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again


    Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again You have to upgrade the ca-certs for epel but need to disable it before that can happen. yum upgrade ca-certificates --disablerepo=epel........
  • cPanel How to set SSL and Dedicated IP in cPanel


    Account Functions -> Change Site's IP Address Choose the domain and then click "Change" Choose the new IP 1.) Setup SSL Certificate in cPanel Click on "SSL/TLS Manager" under the "Security" section. 2.) Under " Private Keys (KEY)" Click "Generate, view, upload, or delete your private keys." Choose "Key Size: 4096........
  • Apache SNI is not needed what is the issue?


    Iread this article and still don't understand the issue. If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate. http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :) [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! B........
  • "Cannot load certificate file keys/server.crt: error:0906D06C:PEM" OpenVPN Solution


    Cannot load certificate file keys/server.crt: error:0906D06C:PEM The .crt is blank empty because when generating it I kept hitting enter for the defaults and this caused the crt not to be signed. Certificate is to be certified until Dec 18 00:35:49 2022 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y So if you get messages like these, a........
  • CPanel error: "Your SSL certificate failed to install on your site."


    This error in my experience is user error although CPanel doesn't help, this message doesn't give you much to go on. Let's talk more about the process of setting up SSL with CPanel. Your site must have a dedicated/non-shared IP to even have the option of creating an SSL Certificate. You must create a Private Key (do not delete this private key!) You must create a CSR (Certificate Signing Request) Use CSR to create cert........
  • Error code: sec_error_unknown_issuer Solution Valid SSL Certificate Throwing Error in Firefox


    So you've just purchased your SSL cert, renewed it and installed it or maybe you've had it installed and working fine all the time with all other browsers but you've upgraded to a recent version of Firefox and suddenly get the warning "Error code: sec_error_unknown_issuer" error. This is terrible since if you bought an SSL cert, you are most likely using it for trust purposes for your business and obviously that message will scare away most potential customers.........
  • Directadmin Enable SSL


    It's really silly how DA doesn't enable SSL by default but is otherwise a stable, fast and secure control panel. Here's a copy and paste way of enabling SSL for Directadmin in just a few seconds: *setup SSL openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes That creates the public certificate and private key pair in the location Directadmin expects to fi........
  • The Importance of a High Quality Power Supply/Power Supplies To Prevent Overheating/System Crash/Hardware Damage


    For years I've always built cheap systems believing that there is little difference in more expensive components when it comes to reliability and quality, I generally believe this still except for Power Supplies. I've always bought cheap cases with nice sounding 350-550W stock/cheap/crap power supplies and haven't had any issues for the most part until recently. One such case is an NGEAR case with a 550W Optimax power supply, I always read that these supplies don't produce the........
  • PayPal Solution - Error Detected Error Message We were unable to decrypt the certificate id. We were unable to decrypt the certificate id.


    Error Detected........
  • Directadmin DA Install Guide


    yum -y install openssl* gcc-c++ gcc flex g++ make;wget http://www.directadmin.com/setup.sh;chmod +x ./setup.sh;./setup.sh #enable SSL /usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem chmod 400 /usr/local/directadmin/conf/cakey.pem sed -i "s/SSL=0/SSL=1/g" /usr/local/dire........
  • Dovecot Enable SSL/TLS with your certificate


    Dovecot enable SSL (by default it uses an old expired cert if you choose pop3s and imaps as protocols) =================== Create Cert & Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key mkdir /etc/mailssl chmod 700 /etc/mailssl cp server.* /etc/mailssl Edit /etc/dovecot.conf ssl_cert_file = /etc/mailssl/server.crt s........
  • Postfix Enable SSL/TLS with your certificate


    Create Cert & Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key mkdir /etc/mailssl chmod 700 /etc/mailssl cp server.* /etc/mailssl Postfix SSL config Edit /etc/postfix/main.cf: #SSL stuff smtpd_tls_cert_file = /etc/mailssl/server.crt smtpd_tls_key_file = /etc/mailssl/server.key To make smtps w........
  • Installing Webmin & Enabling SSL


    Webmin Setup Centos 5: wget http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html&ts=1294339690&use_mirror=surfnet [1] 24229 [2] 24230 [root@host ~]# --2011-01-06 21:48:20-- http://downloads.sourceforge.net/project/webadmin/webmin/1.530/webmin-1.530-1.noarch.rpm?r=http%3A%2F%2Fwww.webmin.com%2Fstandard.html Resolving downloads.sourceforge.net... 216.34.181.........
  • PHP CURL SSL won't work or connect


    I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself). * About to connect() to ip.ip.ip.ip port 25000 * Trying ip.ip.ip.ip... * connected * Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000 * succes........
  • FUSE/Curlftpfs mount ftp account as drive partition in Linux


    This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc.. Name curlftpfs - mount a ftp host as a local directory Synopsis........
  • cPanel complaint - No Shared SSL! cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9


    I've recently used CPanel on the admin side for the first time and have to say I hate it. Everything from the layout to the functionality screams "hackish". It just lacks so many common sense features and way of working. I was never 100% impressed with Plesk but the basics were definitely laid out and done in a sensible manner, even though it is made by a Russian company, they definitely thought about how to make a Control Panel. I have no idea why people........
  • Picking an FTPD (vsftpd) Server in Linux Centos/Debian


    I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find. yum search ftp Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * rpmforge: ftp-stud.fht-esslingen.de * base: mirrors.netdna.com * updates: updates.interworx.info * addons: yum.singlehop.com * extras: mirrors.netdna.com rpmforge........
  • My list of handy security links - Ongoing


    My list of handy security links - Ongoing[b:6f8d25be68][size=18:6f8d25be68]News[/size:6f8d25be68][/b:6f8d25be68] Security Focus http://www.securityfocus.net - Nice Security News Site CERT http://www.cert.org/ Common Criteria (see if your OS/software is EAL4 certified) EAL(Evaluation Assurance Levels is the industry standard for evaluation of security in software) http://www.commoncriteria.com [size=18:6f8d25be68][b:6f8d25be68]Tools[........
  • Other Security Web Sites


    Other Security Web SitesSeveral websites actively track security issues. This list provides you with the major providers of security information on the Web. Many of these organizations also provide newsletters and mailings to announce changes or security threats: Center for Education and Research in Information Assurance and Security (CERIAS) CERIAS is an industry-sponsored center at Purdue University that is focused on technology and relate........
  • Apache/Mod_SSL not serving the right/expected certificate?


    There is actually by default a "Default SSL" vhost that can mess things up for you and can cause surprising and unexpected results. Default Apache SSL Cert in /etc/httpd/conf.d/ssl.conf there is a default SSL Virtual Host which screws things up by offering itself instead of the SSL cert I specify in my own vhosts........
  • Create/Enable SSL Certificates for Apache on Linux/Unix Systems eg. Redhat,Centos,Debian


    Shortcut/Easiest Way To Create A Self-Signed Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below. If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
  • Latest Articles

  • Centos 7 how to save iptables rules like Centos 6
  • nfs tuning maximum amount of connections
  • qemu-kvm error "Could not initialize SDL(No available video device) - exiting"
  • Centos 7 tftpd will not work with selinux enabled
  • Debian Ubuntu Mint Howto Create Bridge (br0)
  • How To Control Interface that dhcpd server listens to on Debian based Linux like Mint and Ubuntu
  • LUKS unable to type password to unlock during boot on Debian, Ubuntu and Mint
  • Debian Ubuntu and Linux Mint Broken Kernel After Date - New Extra Module Naming Convention
  • Wordpress overwrites and wipes out custom htaccess rules and changes soluton
  • Apache htaccess and mod_rewrite how to redirect and force all URLs and visitors to the SSL / HTTPS version
  • python 3 pip cannot install mysql module
  • QEMU-KVM won't boot Windows 2016 or 2019 server on an Intel Core i3
  • Virtualbox vbox not starting
  • Bind / named not responding to queries solution
  • Linux Mint How To Set Desktop Background Image From Bash Prompt CLI
  • ImageMagick Convert PDF Not Authorized
  • ImageMagick Converted PDF to JPEG some files have a black background solution
  • Linux Mint Mate Customize the Lock screen messages and hide username and real name
  • Ubuntu/Gnome/Mint/Centos How To Take a partial screenshot
  • ssh how to verify your host key / avoid MIM attacks