How to create an SSL Certificate on Apache for CentOS

SSL Certificate on Apache for CentOS About Self-Signed Certificates An SSL certificate is a way to encrypt a site’s information in order to create a more secure connection to your VPS.Additionally, the certificate is able to show the web hosting’s identification information to any site visitor.Certificate Authorities can issue SSL certificates which confirm the virtual server’s details as a self-signed certificate that holds no 3rd party corroboration. Step 1 - Install Mod SSL In order to set up a self-assigned SSL certificate, we will need to ensure that first the Apache and Mod SSL are installed on our VPS. You can install both using one command. yum install mod_ssl Step 2 - Create a New Directory Now, you will have to create a new directory in which you will store the vps server key and certificate. mkdir /etc/httpd/ssl Step 3 - Create a Self-Signed Certificate While you ask for a new certificate, you will specify how long the certificate will remain valid for by changing the ‘365’ to the number of days you wish. This is because the default the certificate will expire after one year. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt With the command, you are going to be creating both the self-assigned SSL certificate and the vps server key which protects it before putting both of them inside the new directory.The command should prompt a terminal to present a list of fields that have to be filled in. This is the most important line, “Common Name”. Type your official vps server domain name here or, if you don’t have one yet, then use your site’s IP address. into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. You'll have a couple fields but you may leave some blank. For a few fields there will be a default value, If you enter '.', the field will be left blank. -----Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:NYCOrganization Name (eg, company)[Internet Widgits Pty Ltd]: Awesome IncOrganizational Unit Name (eg, section) []:Dept of MerrimentCommon Name (e.g. server FQDN or YOUR name) []:domain.com Email Address []:[email protected] Step 4 - Set Up the Certificate After you have all of the needed components for the finished certificate, what you need to do next is set up the virtual host to present the new certificate.Open up the SSL config file. vi /etc/httpd/conf.d/ssl.conf Search for the section that starts with ‘<VirtualHost_default_:443>' and then make some quick changes.Now uncomment the ‘DocumentRoot’ and ‘ServerName’ line. Then, replace ‘domain.com' with your own DNS approved vps server domain name or server IP address, it should be the same as the common name on the certificate. ServerName domaincom:443 Look for the following three lines and then ensure they match the extensions shown below. SSLEngine onSSLCertificateFile /etc/httpd/ssl/apache.crtSSLCertificateKeyFile /etc/httpd/ssl/apache.key You are now done. After restarting the Apache server, it will be reloaded along with every change in place. Step 5 - Restart Apache You are now done. After restarting the Apache server it will be reloaded along with every change in place.  /etc/init.d/httpd restart Go over to your web browser and type ‘https://yourdomain.ltd' to see the new certificate.

By | Aug 6

How to install LDAP on CentOS 7

How to install LDAP on CentOS 7 In this tutorial, we will teach you how to install LDAP on CentOS 7. What is LDAP client LDAP is short for Lightweight Directory Access Protocol, it is an open, vendor-neutral, industry standard application protocol which helps access and maintains any distributed directory information services over an Internet Protocol (IP) network.LDAP is used to store any type of information and it is generally used as one component of a centralized authentication system. Installing LDAP on CentOS 7 Installing and configuring an OpenLDAP server on CentOS 7 is a simple task, follow the instructions below and you should get it installed in less than 10 minutes. Step 1: Updating the System Before you start installing any new software, you need to update your system packages to the latest available versions. # yum update   Step 2: Installing OpenLDAP Now, you have to install the packages OpenLDAP needs for its functionality. # yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel   Next, you need to initiate and enable it on boot. # systemctl start slapd.service # systemctl enable slapd.service  Execute the ‘slappasswd’ command to set a LDAP root password and save the output since we will be requiring it to configure OpenLDAP. # slappasswd   Configuring OpenLDAP server You can now start configuring the OpenLDAP server. First, create a couple of LDIF files and then execute the ‘ldapmodify' command to deploy the configuration to the server. The files are going to be stored in ‘/etc/openldap/slapd.d’ which should not be modified manually. OlcSuffix Variable The ‘db.ldif’ file is going to update the ‘olcSuffix’ variable and will append the distinguished name to queries which will be passed to the backend database. After this, it will configure the domain name and your LDAP server to provide account information as well as updating the ‘olcRootDN’ variable which specifies the root distinguished name user which will have administrator access to the LDAP server. Main Domain Our domain is going to be ‘field.dreamvps.com' and written within the ‘dbldif’ file. It should be like this: ‘dc=field,dc=dreamvps,dc=com’ and our root distinguished name is ‘cn=ldapadm,dc=field,dc=dreamvps,dc=com’. Step 3: Configuring OpenLDAP Create the ‘db.ldif’ file with nano or a text editor of your preference and enter in the content below in. # nano db.ldif dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=field,dc=dreamvps,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=ldapadm,dc=field,dc=dreamvps,dc=com dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootPW olcRootPW: hashed_output_from_the_slappasswd_command Next, deploy the configuration with ldapmodify. # ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif Now restrict monitor access only to the ldapadm user. # nano monitor.ldif dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=dreamvps,dc=com" read by * none Deploy the configuration change once more. # ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif You have to generate a certificate and a private key so that you can communicate securely with the OPenLDAP server.  Run the following command to do it. openssl req -new -x509 -nodes -out \ /etc/openldap/certs/myldap.field.dreamvps.com.cert \ -keyout /etc/openldap/certs/myldap.field.dreamvps.com.key \ -days 365 Now change the owner and group permissions so OpenLDAP is able to read the files. # chown -R ldap:ldap /etc/openldap/certs Next, you will have to create ‘certs.ldif’ to configure OpenLDAP to use the LDAPS protocol. # nano certs.ldif dn: cn=config changetype: modify replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/certs/myldap.field.dreamvps.com.cert dn: cn=config changetype: modify replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.dreamvps.com.key We may now deploy the configuration again. # ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif Now try out the configuration by executing the command below. # slaptest -u   Step 4: Setting up the OpenLDAP database You may now set up the LDAP database, begin by copying the sample database configuration file to ‘/var/lib/ldap’ and replacing the file permissions. # cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG # chown -R ldap:ldap /var/lib/ldap Append the LDAP schemas. # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif Now make the ‘base.ldif’ file for your domain. # nano base.ldif dn: dc=field,dc=dreamvps,dc=com dc: field objectClass: top objectClass: domain dn: cn=ldapadm,dc=field,dc=dreamvps,dc=com objectClass: organizationalRole cn: ldapadm description: LDAP Manager dn: ou=People,dc=field,dc=dreamvps,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=field,dc=dreamvps,dc=com objectClass: organizationalUnit ou: Group You now need to deploy those configuration changes to the OpenLDAP by using the ldapadm user: # ldapadd -x -W -D "cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" -f base.ldif Put in the root password once prompted.If you want to add users, it is simpler to append them using a GUI; we suggest using Apache Directory Studio or JXplorer for this.This is it, LDAP should now be installed on your CentOS 7 VPS.  

By | Aug 6

How to install SquirrelMail on CentOS 7

How to install SquirrelMail on CentOS 7 In this tutorial, we will teach you how to install SquirrelMail on CentOS 7. SquirrelMail SquirrelMail is one of the most popular Web-based email clients made in PHP. It has a built-in pure PHP support for IMAP and SMTP. Moreover, it's being made to render every page in pure HTML 4.0 without JavaScript needed for maximum compatibility across browsers. How to install SquirrelMail The installation and configuration of SquirrelMail is an easy and simple task. Remember that, if you have a VPS with WHM/cPanel or DirectAdmin, SquirrelMail will come pre-installed and ready to use with those control panels. SquirrelMail has only two requirements: A web server with PHP installed. PHP needs to be at least 4.1.0. PHP 4, PHP 5 and PHP 6 are all supported. Access to an IMAP server which supports IMAP 4 rev 1. Step 1: Login via SSH. To begin with, the SquirrelMail Installation, log into your CentOS 7 VPS via SSH as user root. ssh [email protected]_address -p PORT_NUMBER   Step 2: Updating every package installed. You need to ensure that every package installed on your server is up-to-date. yum -y update Step 3: Enabling EPEL repository. SquirrelMail package will not be available in the official CentOS 7 repository. Therefore, you will need to enable the EPEL repository using the command below. yum -y install epel-release Step 4: Installing SquirrelMail for CentOS 7. Next, start installing SquirrelMail which should be easy; it can be installed through CentOS package manager using the following command. yum -y install squirrelmail Step 5: Configuring SquirrelMail. After the webmail client is installed, you may configure it according to your needs by executing the configuration script.   cd /usr/share/squirrelmail/config/ ./conf.pl   SquirrelMail Configuration : Read: config.php (1.4.0)   ---------------------------------------------------------Main Menu -- Organization Preferences Server Settings Folder Defaults General Options Themes Address Books Message of the Day (MOTD) Plugins Database Languages Set pre-defined settings for specific IMAP servers C Turn color offS Save dataQ Quit Command >>   Step 6: Other Configurations. There are various other settings in the configuration file, however, the main things that need to be checked and configured are as follows: Set your default domain name (2. Server settings > 1. Domain) Addresses of IMAP and SMTP servers. Type of IMAP server I will also suggest that  you edit the organization preferences such as organization name, logo, title, and others. Step 7: Alternative Installation. Alternatively, you can install SquirrelMail by downloading its files from the official website and placing them in the document root directory of the web server. wget http://downloads.sourceforge.net/project/squirrelmail/stable/1.4.22/squirrelmail-webmail-1.4.22.zip unzip squirrelmail-webmail-1.4.22.zip -d /var/www/html/ mv /var/www/html/squirrelmail-webmail-1.4.22/ /var/www/html/squirrelmail After everything is installed and properly configured, you should be able to access SquirrelMail at 'SquirrelMail'. Login using your email account and begin managing your emails from a web browser.One more thing...Share this tutorial with your hosting administrators and networking experts friends.Thanks!

By | Aug 9