[Wed Nov 01 18:47:08 2023] [error] Unable to configure verify locations for client authentication [Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line [Wed Nov 01 18:47:08 2023] [error] SSL Library Error: 185090057 error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib It actually gives us a good clue that at last one component of our cert is invalid/improperl........

By default if you create a private key for SSH, it will create something like .ssh/id_rsa Linux will always search for and offer this key when connecting to servers. If you put extra keys in your .ssh directory like id_rsa_realtechtalk.com, they will be ignored by default and NOT used or offered (you can verify this with ssh -v) and see it is not being offered. Here is how you add the extra SSH keys so they are all offered: #this gives........

Be very careful about what filename you specify in dhcpd.conf if you get an error like this: NBP filesize is 0 Bytes PXE-E23:Client received TFTP error from server. If you specify "BOOTx64.efi" then the file had better not be called "BOOTx64.EFI" as it is case sensitive. It's really a case of th........

There is a random bug that sometimes occurs with Vbox NAT mode DNS, although it has never happened in the past and Vbox was working fine until recently. The symptom is that you can see it does get an IP+ DNS from the Vbox NAT DHCP. Below we use resolvectl dns and verify the DNS server is set to 10.0.2.3 which is the DNS from Vbox NAT. We can ping it but it does not respond to any DNS requests when we use dig @10.0.2.3 realtechtalk.com........

Why choose OpenVPN instead of a firewall appliance? OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time. When comparing OpenVPN with traditional firewal........

In newer of versions of Virtualbox, especially above 6.0 (eg. 6.1 like the example below), a lot of times the "Enable Nested VT-x/AMD-V". If you are having this issue, you will see the option is grayed out. It doesn't mean that your computer does not support virtualization, although it is possible it is disabled in the BIOS. You can verify........

Just run this apt install command sudo apt install pepperflashplugin-nonfree browser-plugin-freshplayer-pepperflash After this restart your browser and check Adobe's site to verify if your Pepper flash is working and showing at least version 32. https://helpx.adobe.com/flash-player.html As you'll see below it will download the latest version which is currently 32 and this was not possible with the old/crappy deprecated adobe-flash plu........

yum -y install wget unzip wget https://download.nextcloud.com/server/releases/nextcloud-18.0.2.zip unzip nextcloud-18.0.2.zip yum -y install php php-mysqlnd php-json php-zip php-dom php-xml php-libxml php-mbstring php-gd mysql mysql-server Last metadata expiration check: 0:58:02 ago on Fri 13 Mar 2020 02:12:49 PM EDT. Dependencies resolved. ===================================================================........

The reason for doing this is that the installer doesn't seem to work properly for LUKS and the server installer doesn't even support LUKS anymore. When you use the GUI install on Desktop for LUKS it won't boot and will just hang after you enter your password. So the only reliable way is to do it ourselves. 1.) Make a default minimal install of Ubuntu 2.) Have a secondary disk on the server or VM. 3.)........

SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique. If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem. But how about connecting to an existing server for the first time on a new machine or client? A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the sam........

Install Errors on Version 12: This error happened on QEMU emulator version 2.11.1 pve-qemu-kvm_2.11.1-5 on Proxmox/Debian but installing on QEMU.12 on Centos 6 did not produce the error. *Update it is not related to the OS or QEMU version. This happened in Centos 6 too after a second install. What really causes this even though you successfully install........

The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs. qemu-kvm command: /usr/libexec/qemu-kvm -version QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard ........

If you don't aleady have it, you'll need EPEL Install LXC yum -y install lxc lxc-templates Loaded plugins: fastestmirror Setting up Install Process Loading mirror speeds from cached hostfile * base: mirror.it.ubc.ca * epel: mirrors.kernel.org * extras: mirror.it.ubc.ca * updates:........

Below are the common errors you'll get with named AKA bind if your time is incorrect. The simplest solution is to install and run ntpd to correct your system's time (install ntpd if it is not installed) systemctl start ntpd systemctl enable ntpd Dec 20 13:36:16 hostingbox named[2169]: error (no valid DS) resolving 'develop.waxrain.com/A/IN': 14.215.150.17#53........

initiator = client target = server These are the first concepts you should understand which is that in iscsi essentially the "initiator" is the client and the "target" is the server. iSCSI is derived from the old fashioned SCSI that us oldtimers grew to love. The "i" stands for Internet and the SCSI stands for "Small Computers Systems Interface" (SCSI). iSCSI Target (Server)Setup targetcli is the pac........

Server Side Config 1.) First install nfs-utils yum -y install nfs-utils 2.) Configure nfs share Create a directory for your NFS share mkdir /datastore Create your NFS share in /etc/exports echo "/datastore 10.220.101.0/24(rw,sync,no_root_squash)" >> /etc/exports systemctl restart nfs........

Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled: cat /sys/module/kvm_intel/parameters/nested Y cat /sys/module/kvm_intel/parameters/ept Y OVF Tool: Disk progress: 99% OVF Tool: Transfer Completed OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance- OVF Tool: Task p........

#mount the VCSA DVD mount /dev/sr0 /mnt/cd #alternatively you could mount the iso directly mount -o loop vcsa.iso /your/mount/path #for this purpose we are using the CLI installer on Linux cd /mnt/cd/vcsa-cli-installer/lin64 #no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file ./vcsa-deploy Usage: vcsa-deploy [-h] [--version] [--supported-deploymen........

Starting with newer versions of OpenVPN Ibelieve 2.2+ you need to have "script-security 3" set or you can't execute a third party script. Prior to that you could also use the auth-user-pass-verify like this: auth-user-pass-verify ./validate.pl "$username $password $ip" via-env Options error: the --auth-user-pass-verify directive should have at most 2 parameters. To pass a list of arguments as one of the paramete........

Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!). In the Apache vhost conf for the domain here is what you add: SSLCACertificateFile /path/to/your/cafile.pem Here is a full example of an SSL Vhost config in Apache using a CA Certificate file ........

This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually. So your e-mail/web client will show you an SHA-1 fingerprint like this: "Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain. It will also show you........

2017-01-12 14:25:36 529 (ERROR): The installer was unable to verify that your kernel supports IPv6. 2017-01-12 14:25:36 530 (ERROR): The message received when trying to create an IPv6 socket was Address already in use 2017-01-12 14:25:36 531 (ERROR): Please ensure that the ipv6 module is enabled and loaded in your kernel. 2017-01-12 14:25:36 532 (FATAL): Exiting... Solution This happened........

vzkernel-2.6.32-042stab116.2.x86_64.rpm&n........

This can happen because port 80 is not open, or your license has expired and/or your IP is out of date and also if the license server itself from cPanel is having issues. In most cases as long as you have a valid license the following command will solve it: /usr/local/cpanel/cpkeyclt Updating cPanel license...Done. Update succeeded. Building global cache for cpanel...Done Cannot........

There was a problem importing one of the Python modules required to run yum. The error leading to this problem was: No module named yum Please install a package which provides this module, or verify that the module is installed correctly. It's possible that the above module doesn't match the current version of Python, which is: 2.7.9 (default, Apr 21 2016, 16:51:58) [GCC 4.4.7 20120313........

openvpn 2.3.10-1.el6 issues in the .conf auth-user-pass-verify "passwordcheck $username $password $untrusted_ip" via-env auth-env does not work correctly in OpenVPN 2.3: Sat Apr 23 02:30:22 2016 - $username - $untrusted_ip - login failure But OpenVPN 2.2 does work as expected. It could be that the specified script automatically receive........

grub> root (hd0,0) root (hd0,0) Filesystem type is ext2fs, partition type 0xfd grub> setup (hd0) setup (hd0) But if you do: root (hd1,0) setup (hd1) it does work, I think hd0/sda had a GPT partition that was not removed properly (what I did was just dd bs=512 count=1 the partition table from another drive since the partition table should be identical). Checking if "/boot/grub/........

[Tue Jun 23 02:05:52 2015] [error] Unable to configure RSA server private key [Tue Jun 23 02:05:52 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The above is an accurate description of what is wrong. In our case the client made a simple mistake of thinking the localhost.crt and localhost.key (default key locations for Apache SSL in Centos) were in the same directory but they we........

Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again You have to upgrade the ca-certs for epel but need to disable it before that can happen. yum upgrade ca-certificates --disablerepo=epel........

wget http://download-location sudo tar xjvf thunderbird-24.2.0.tar.bz2 -C /opt ln -s /opt/thunderbird/thunderbird /usr/bin/thunderbird [sudo] password for one: ln: creating symbolic link `/usr/bin/thunderbird': File exists sudo rm /usr/bin/thunderbird ln -s /opt/thunderbird/thunderbird /usr/bin/thunderbird The above is how Idid it, if you don't do it properly you'll find that you are still using the old version (........

wget http://download-location mv /usr/bin/firefox /usr/bin/firefox-old sudo tar xjvf firefox-26.0.tar.bz2 -C /opt ln -s /opt/firefox/firefox /usr/bin/firefox The above is how Idid it, if you don't do it properly you'll find that you are still using the old version (so verify in About that it is the new version). I've verified the above method works perfectly, it's great if you're using an older version of Linux and need to update the most........

I flashed an LSI Logic firmware to it and it broke the BIOS (cannot do Ctrl+R) for booting purposes but allows other functionality to work normally. I tried downgrading to a Dell firmware for Perc 6i but it won't work, not even with MegaCli wget http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN --2013-08-26 12:53:39-- http://downloads.dell.com/FOLDER00416606M/1/SAS-RAID_Firmware_W83M2_LN32_6.3.1-0003_A14.BIN Resolvi........

This is basically URL decoding to the decimal code but nothing in PHPworks how you'd expect it. Here are online tools to verify and check your work, it's important when querying databases with non-English characters: http://yehg.net/encoding/index.php# http://meyerweb.com/eric/tools/dencoder/ http://www.codetable.net/decimal/65398 Japanese: http://symbolcodes.tlt.psu.edu/bylanguage/japanesechartkatakana.html Charat code for PHP:........

Crashing with a RAID 1 array and when burning a CD. Screen goes blank (no video signal) and system stops responding during heavier loads. Is this a defective power supply or is it possible I have too many devices connected to the same rail? How can I verify/troubleshoot this?........

This happened to a customer Asterisk server and it somehow found the ID of the registration account to the upstream SIP server and was railing connection attempts (it filled up the console and there were literally thousands per second). Basically this caused all incoming and outgoing calls to fail. It was a temporary fix but the solution was to block that specific IP, it's hard to stop it 100% because the customer needs the default SIP port.........

Client Log OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_d........

I like badblocks and don't know a better more reliable way of checking the drive. If there are no errors from badblocks and dmesg doesn't produce any SATA related errors, the drive should be good (for now at least). I also prefer to do read and write mode, yes it takes ages but it is really the best way of doing it. This gives me the most confidence in knowing that a drive, especially a new one is at least OK at the moment. To test in read only mode........

I had a system running a 128MB live CD image with 2.8 gigs of available RAM and the OOM kernel killer went crazy when using dd for more than 8 minutes and kept killing everything. I've read that this is due to a low-memory issue and paging in the kernel and 32-bit systems with lots of RAM. I even enabled swapspace on my LiveCD and the issue happened 25 minutes into dd rather than 8 minutes, so what gives? Also no swap space was ever used! cat /proc/s........

CPU/Kernel/MB/RAID problem? Jan 5 12:45:05 testbox kernel: [653298.890004] BUG: soft lockup - CPU#0 stuck for 61s! [hal-acl-tool:4168] Jan 5 12:45:05 testbox kernel: [653298.890005] Modules linked in: vmnet vmci vmmon binfmt_misc drbd video output input_polldev ocfs2_stackglue ocfs2_dlmfs ocfs2_dlm ocfs2_nodemanager configfs k8temp hwmon_vid lp snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi........

http://apt.sw.be/redhat/el5/en/i386/test/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: rpmforge-testing. Please verify its path and try again Notice it is complaining about "rpmforge-testing", just disable it for now: Solution is to edit the repo: vi /etc/yum.repos.d/rpmforge-testing.repo........

I spent so much time debugging this, most sites don't tell you a very important option to use with CURL and you will only find out this is the problem by running the PHP script from the command line you get the following output that shows the issue (I don't see any way to get this output from Apache itself). * About to connect() to ip.ip.ip.ip port 25000 * Trying ip.ip.ip.ip... * connected * Connected to ip.ip.ip.ip (ip.ip.ip.ip) port 25000 * succes........

This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc.. Name curlftpfs - mount a ftp host as a local directory Synopsis........

This is based on Debian Linux but should apply equally to any *nix distro. Install LUKS/crypt-setup apt-get install cryptsetup Setup your LUKS Partition Of course change /dev/md2 with whatever partition you intend to use LUKS on. cryptsetup --verbose --verify-passphrase luksFormat /dev/md2 You'll be asked to verify your decryption password twice *DO NOT FORGET THIS PASSWORD AS IT IS NOT RECOVERABLE!........

PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist: [code:1:1fd0f3abbe] if (!file_exists($OPENSSL)) { //echo "ERROR: OPENSSL $OPENSSL not foundn"; }[/code:1:1fd0f3abbe] I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........

Roxio/Sonic complaints - No verification of burnt ISO ImageThe only thing Nero does better is that it has the option to verify the data written from an ISO/CD Image! Why can't all burning utilities have this feature?........

Shortcut/Easiest Way To Create A Self-Signed Key: openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below. If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........

Here is an example that I recently found, most PR checkers will say this domain is PR8 or will say "cannot analyze PR". The example is domain "bonserotica.com" view Google's cache of the homepage and you'll see as in the picture below, it lists a different URL, which means they used a redirect to a high PR site to fool you and the PR checkers.........

When trying to even cd or ls the mounted OCFS2 partition it crashes. Ithink this is a combination of VMWare Server's problem and the way I mounted and symlinked to it. More than anything this shows the problem and lack of forsight with VMWare, but also that OCFS2 is easily crashed if you do strange things. Output of /var/log/messages for OCFS2 Apr 10 15:57:45 localhost kernel: [84331.691258] Modules linked in: vmnet vmci vmmon ocfs2_stac........

There's a lot of outdated information and confusion for system administrator's out there. One annoying task for many an Administrator has been backing up data in Linux. You don't need any GUI tools such as K3B or GnomeBaker. Both are excellent tools but for veteran command line users working remotely, using the keyboard is a great and possibly automated way to save yourself pain and hassle. At a later date we'll cover how scripting can automatically backup certain........