ฝัง
- เผยแพร่เมื่อ 28 ส.ค. 2024
- This video covers the method to install Certificate on Ubuntu/Linuxmint/Debian to Secure Apache. SSL is a web protocol that is used to send trafic between server and client in a secured manner.
For more explanation on this video: www.linuxhelp....
It was a little difficult to understand with the accent, but the content was spot on and it worked for me. Thanks
Hey, please... and I highly recommend this... make subtitles for your videos, not to be rude but we really cant understand you because of your very strong accent . self-made subtitles would really help your Chanel... you seem to make decent tutorials but nobody can understand what you are saying.
Thank you. This was helpful.
You're Welcome :-)
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
The x509 parameter indicates that this will be a self-signed certificate. Certificate Authorities do not verify self-signed certificates.
Right on point, no blah blah ... 👌
Thanks for the feedback :-)
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Thanks bro, this was much needed for me.
Glad to help you :-)
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Great video, very helpful. Thanks!
Thanks for the feedback :-)
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
The https connection still not "secured" in your video. but you mentioned "Secure apache" in title.
@Robert Smith bullshit, this is self-signed certificate This is why it is not accepted by the browser. You can use let's encrypt if you need free SSL cert. Anyway it worked for me.
Excellency.... :)
Thanks :-)
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
thank you
You're Welcome :-)
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Awesome video!! This solved my problem!
Thanks for the feedback :-)
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Worked!
hi thank you, its working fine
Thanks a lot. You help me!
Glad to helped! Thanks for the feedback :-)
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Hi i installed jenkins http that i converted into https ssl certificates so but that is not integrating to tuleap qhat can i do its asking sha 256 hostname not verified
It sounds like you're encountering an issue with Jenkins not integrating properly with Tuleap due to SSL certificate verification problems, specifically mentioning SHA-256 and hostname verification. Here are some steps you can take to troubleshoot and resolve this issue:
1. Verify SSL Certificate Installation
Make sure that your SSL certificate (which you converted to HTTPS) is correctly installed on your Jenkins server. Ensure the following:
The certificate chain is properly configured.
The certificate is signed by a trusted CA (Certificate Authority).
The private key matches the certificate.
There are no intermediate certificates missing.
2. Check Jenkins Configuration
Ensure that Jenkins is configured to use HTTPS properly:
Open your Jenkins configuration file (typically located at /etc/default/jenkins or /etc/sysconfig/jenkins on Linux systems).
Verify that JENKINS_HTTPS_KEYSTORE and JENKINS_HTTPS_KEYSTORE_PASSWORD (or similar) are correctly set to point to your SSL keystore and password.
3. Update Java Keystore (if necessary)
If you've updated or replaced your SSL certificate, ensure that Java (which Jenkins runs on) is using the updated certificate:
Convert your SSL certificate to a Java keystore format if needed:
openssl pkcs12 -export -in your_domain.crt -inkey your_private.key -out jenkins.p12 -name jenkins
keytool -importkeystore -srckeystore jenkins.p12 -srcstoretype PKCS12 -destkeystore jenkins.jks -deststoretype JKS
Restart Jenkins after updating the keystore.
4. Tuleap Configuration
Verify Tuleap's configuration to ensure it can communicate securely with Jenkins:
Check Tuleap's configuration for Jenkins integration settings.
Ensure Tuleap is configured to trust the SSL certificate presented by Jenkins.
5. Debug SSL/TLS Handshake
If the hostname verification is failing, it could be due to mismatched DNS names or the certificate's Subject Alternative Name (SAN) not including the Jenkins server's hostname.
Use OpenSSL to debug the SSL/TLS handshake:
openssl s_client -connect your_jenkins_server:443
Look for any errors or warnings related to the certificate validation.
6. Verify DNS Configuration
Ensure that the DNS name used to access Jenkins matches the Common Name (CN) or SAN of the SSL certificate.
7. Jenkins Plugin Updates
Ensure that both Jenkins and any relevant plugins (especially those related to SSL/TLS or integration with Tuleap) are updated to the latest versions. Older versions may have bugs or compatibility issues.
8. Debugging Logs
Check the Jenkins and Tuleap logs for any specific error messages related to SSL/TLS handshake failures or certificate validation issues. This can provide more insight into what's going wrong.
Thank you 🤗
Welcome :)
For more topics Subscribe to our Channel, th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Please read below error:
AH00526: Syntax error on line 3 of /etc/apache2/sites-enabled/mine-ssl.conf:
SSLCertificateFile: file '/etc/ssl/certs/my.crt' does not exist or is empty
Action 'configtest' failed.
* First of all, make sure all your commands would be run with Sudo.
* Sometimes it was caused because SELinux turned on and this file was inaccessible for apache user.
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Hi Sir
Great Video.
Can you create a video to show how to upload Diffie Hellman SSL certificate into Apache on Ubuntu Server ?
In your apache configuration after installation cert you can go to the location /etc/ssl/cert
and then run the below command for:
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
We will create a tutorial for that ASAP
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Thankyou man❤
Bro how to check list of certificates available in library and how to check expiry date of all certificates with name?
* Most distros put their certificates soft-link in system-wide location at /etc/ssl/certs.
* Key files go into /etc/ssl/private
* System-provided actual files are located at /usr/share/ca-certificates
* Custom certificates go into /usr/local/share/ca-certificates
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Couldn't understand the accent. Is it possible to enable subtitles
Yes we will enable.
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Indianglish
If I want to install the SSL for elasticsearch, then in this case can I will be need to add the SSL crt , key etc entries in elasticsearch.yml file or not ?
If yes then can you recommend me any other configuration link ?
Please update on priority :) Waiting just for your response !!!
Yes, when setting up SSL/TLS for Elasticsearch, you will need to configure the SSL certificate and private key in the elasticsearch.yml file. Here are the general steps to enable SSL for Elasticsearch:
Obtain an SSL certificate and private key from a trusted certificate authority (CA) or generate a self-signed certificate for testing purposes. Make sure you have the certificate file (crt), private key file (key), and any intermediate certificate files if applicable.
Copy the certificate files to a directory on your Elasticsearch server. For example, you can create a directory called certs within your Elasticsearch configuration directory and place the certificate and key files there.
Open the elasticsearch.yml file in a text editor. This file is typically located in the config directory of your Elasticsearch installation.
Locate the section for SSL/TLS settings in the elasticsearch.yml file. If the section does not exist, you can add it at the bottom of the file. It should look similar to the following:
# SSL/TLS Settings
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /path/to/certs/key.pem
xpack.security.http.ssl.certificate: /path/to/certs/cert.pem
xpack.security.http.ssl.certificate_authorities: ["/path/to/certs/ca.pem"]
Replace /path/to/certs/key.pem, /path/to/certs/cert.pem, and /path/to/certs/ca.pem with the actual paths to your SSL certificate and key files.
Save the elasticsearch.yml file and exit the text editor.
Restart Elasticsearch to apply the SSL configuration changes.
Please note that the specific configuration may vary depending on your Elasticsearch version and setup. It is recommended to refer to the official Elasticsearch documentation or the documentation provided by your Elasticsearch distribution for detailed and up-to-date instructions on configuring SSL/TLS.
Here are some useful links to the official Elasticsearch documentation on setting up SSL/TLS:
Encrypting Communications
www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html
Securing Elasticsearch
www.elastic.co/guide/en/elasticsearch/reference/current/securing-elasticsearch.html
These resources should provide you with more comprehensive information and examples on configuring SSL/TLS for Elasticsearch.
this procedure is dangerous not apply in your machine
exactly
Is it safe enough for a local "test" network that is getting a lot of SSL errors on its internal mail server page
why is dangerous?
I just heard hear(HARE)wehaveto
sir can u help me with the error "URLError: "
The x509 parameter indicates that this will be a self-signed certificate. Certificate Authorities do not verify self-signed certificates.
mkdir /var/www/mine answer cannot create directory
If you want to create directory inside parent directory you can use mkdir -p
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
@@linuxhelp5096 you can add sudo to elevate the command
may i ask what language is he speaking in?
english
Indianglish
SOUTH Indian English
Inglish
Robot language
Last command didn’t work for me
To reflex the changes what have you made in configuration you have to restart the service
by using anyone of the command:
sudo /etc/init.d/apache2 restart
sudo service apache2 restart
sudo service apache2 reload
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
what the .... is this
Help
AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/owncloud.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
If your output does not give specific information about the error location in Apache’s configuration files, you will need to examine journalctl output from the systemd logs.
sudo journalctl -u apache2.service --since today --no-pager
If you have an AH00526 error in your Apache configuration, look through the journalctl command.
the AH00526 error. Since this error is a general error related to an invalid setting or a typo in a configuration file
In this case it is a directive called SSLCertificateFile, which will only be valid if the ssl module is enabled.
sudo a2enmod ssl
sudo systemctl restart apache2.service
apachectl configtest command is useful for catching syntax errors before reloading apache with a new configuration. show for error message removing the directive will resolve the issue.
sudo apachectl configtest
Ref Link : th-cam.com/video/CRiwgzzlwO4/w-d-xo.html
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
Brooo if you know you speak hindi just put it on comment
indian
When I type mkdir /var/www/mine, I get mkdir: cannot create directory '/var/www/mine': No such file or directory exists
You can try with
mkdir -p /path-to-directory/directory-name
For more topics subscribe to our channel,
th-cam.com/channels/vTQ6WM-MSvCFVNCEtI6HPg.html
@@linuxhelp5096 so would that be
mkrdir -p /var/www/mine
?
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/ssl/private/my.key -out /etc/ssl/certs/my.crt
Thank me later
openssl req -x509 -nodes -days 90 -newkey rsa:2048 -keyout /etc/ssl/ssl/private/house.key -out /etc/ssl/certs/my.crt