Thursday, November 21, 2019

ssl tls installation for postfix mail server

** You can buy ssl (willcard ssl) for your domain and download files

#Generate private ssl key
openssl req -new -newkey rsa:2048 -nodes -out certreq.txt -keyout private.key

mkdir -p /etc/postfix/ssl

###### vi /etc/posfix/

# tls config
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/tayabkhan_com.key
smtpd_tls_cert_file = /etc/postfix/ssl/STAR_tayabkhan_com.crt
smtpd_tls_CAfile = /etc/postfix/ssl/

##### vi /etc/postfix/
#smtp      inet  n       -       n       -       -       smtpd
## for 587 port
submission   inet  n       -       n       -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
## for 465 port
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

# service postfix restart

##### vi /etc/dovecot/dovecot.conf
ssl = required
ssl_ca = </etc/pki/tls/certs/
ssl_cert = </etc/pki/tls/certs/STAR_tayabkhan_com.crt
ssl_key = </etc/pki/tls/private/tayabkhan_com.key
disable_plaintext_auth = yes

 /etc/dovecot/dovecot.conf has the following line:
  protocols = imap pop3 imaps pop3s

Edit the /etc/dovecot/conf.d/10-ssl.conf file in the following way:
ssl_disable = no

If  you save the certificate and private key in separate files:
  ssl_cert_file = </etc/ssl/certs/certificate.crt
  ssl_key_file = </etc/ssl/private/yourdomainname.key

 If  you save the certificate and private key in a single file:
  ssl_cert_file = </etc/ssl/certs/cert_and_key.crt
  ssl_key_file = </etc/ssl/certs/cert_and_key.crt

Monday, May 13, 2019

windows sever tomcat ssl create install and auto ssl redirect

**** Windows sever tomcat ssl create install and auto ssl redirect *****

(1)### Generate CSR for ssl certificate request

Goto CMD
cd  /d   F:\Program Files (x86)\BioSecurity\MainResource\tomcat\bin\jdk1.7\jre\bin\
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks -dname "c=BD, s=Dhaka, l=Gulshan, o=Tayab Khan Ltd, ou=ICT, CN=ATTENDANCE4" && keytool -certreq -alias server -file Server106.csr -keystore keystore.jks


keytool -genkey -keyalg RSA -keysize 2048 -dname "c=BD, s=Dhaka, l=Gulshan, o=Tayab Khan Ltd  , ou=ICT," -keystore
keytool -certreq -keyalg RSA -file Attendance4-106.csr -keystore  N$#RJKER3

Edit tomcat file server.xml

F:\Program Files (x86)\main\tomcat\conf\server.xml

(2)### Install ssl certificate on tomcat server

** Goto CMD  (run as administrator)
**cd  /d  E:\main\tomcat\bin\jdk1.7\jre\bin
**keytool.exe -import -file star_tayab_khan_dot_com.p7b -keystore -storepass "N$#RJKER3"

edit server.xml file
** E:\BioSecurity\MainResource\tomcat\conf

<Connector port="443" SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" 
maxThreads="150"  keystoreFile=" E:\main\tomcat\bin\jdk1.7\jre\bin\" 
keystorePass="W.#$%n(@nCUi2" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" />

** Restart tomcat service and check 

(3)#### Auto ssl redirect (http to https) force 443 redirect

** Open web.xml and place bellow codes before </web-app> tab

        <web-resource-name>Automatic Forward to HTTPS/SSL


** Open server.xml // add after <Hostname=localhost

<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

RewriteCond %{HTTPS} =off
RewriteRule ^(.*) https://%{HTTP_HOST}:443$1 [R=301]

also add 

<Connector port="8088" protocol="HTTP/1.1" URIEncoding="UTF-8" acceptCount="500" disableUploadTimeout="true" 
                   enableLookups="false" maxThreads="1000" minSpareThreads="50" connectionTimeout="20000" redirectPort="443"/>

 <Connector port="80" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

** Restart tomcat service and check 

Monday, April 8, 2019

Linux Hard Disk I/O Speed Test

 *** hdparm -Tt /dev/sda

 *** dd if=/dev/zero of=/tmp/output.img bs=1G count=1
rm /tmp/output.img