Pages

Thursday, November 21, 2019

ssl tls installation for postfix mail server


** You can buy ssl (willcard ssl) for your domain and download files
tayabkhan_com.key
STAR_tayabkhan_com.crt
server.ca-bundle

#OR
#Generate private ssl key
openssl req -new -newkey rsa:2048 -nodes -out certreq.txt -keyout private.key

mkdir -p /etc/postfix/ssl

###### vi /etc/posfix/main.cf

# tls config
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_tls_key_file = /etc/postfix/ssl/tayabkhan_com.key
smtpd_tls_cert_file = /etc/postfix/ssl/STAR_tayabkhan_com.crt
smtpd_tls_CAfile = /etc/postfix/ssl/server.ca-bundle



##### vi /etc/postfix/master.cf
#smtp      inet  n       -       n       -       -       smtpd
## for 587 port
submission   inet  n       -       n       -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
## for 465 port
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

# service postfix restart

##### vi /etc/dovecot/dovecot.conf
ssl = required
ssl_ca = </etc/pki/tls/certs/server.ca-bundle
ssl_cert = </etc/pki/tls/certs/STAR_tayabkhan_com.crt
ssl_key = </etc/pki/tls/private/tayabkhan_com.key
disable_plaintext_auth = yes


 /etc/dovecot/dovecot.conf has the following line:
  protocols = imap pop3 imaps pop3s



Edit the /etc/dovecot/conf.d/10-ssl.conf file in the following way:
ssl_disable = no

If  you save the certificate and private key in separate files:
  ssl_cert_file = </etc/ssl/certs/certificate.crt
  ssl_key_file = </etc/ssl/private/yourdomainname.key

 If  you save the certificate and private key in a single file:
  ssl_cert_file = </etc/ssl/certs/cert_and_key.crt
  ssl_key_file = </etc/ssl/certs/cert_and_key.crt

Monday, May 13, 2019

windows sever tomcat ssl create install and auto ssl redirect


**** Windows sever tomcat ssl create install and auto ssl redirect *****
-------------------------------------------------------------------------------------

(1)### Generate CSR for ssl certificate request


Goto CMD
cd  /d   F:\Program Files (x86)\BioSecurity\MainResource\tomcat\bin\jdk1.7\jre\bin\
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks -dname "c=BD, s=Dhaka, l=Gulshan, o=Tayab Khan Ltd, ou=ICT, fqdn=attendance.tayabkhan.com CN=ATTENDANCE4 DN=tayabkhan.com" && keytool -certreq -alias server -file Server106.csr -keystore keystore.jks

//or///

keytool -genkey -keyalg RSA -keysize 2048 -dname "c=BD, s=Dhaka, l=Gulshan, o=Tayab Khan Ltd  , ou=ICT, CN=attendance.tayabkhan.com DN=tayabkhan.com" -keystore tayabkhan.com.keystore
keytool -certreq -keyalg RSA -file Attendance4-106.csr -keystore tayabkhan.com.keystore  N$#RJKER3


Edit tomcat file server.xml



F:\Program Files (x86)\main\tomcat\conf\server.xml


(2)### Install ssl certificate on tomcat server



** Goto CMD  (run as administrator)
**cd  /d  E:\main\tomcat\bin\jdk1.7\jre\bin
**keytool.exe -import -file star_tayab_khan_dot_com.p7b -keystore tayabkhan.com.keystore -storepass "N$#RJKER3"

edit server.xml file
** E:\BioSecurity\MainResource\tomcat\conf

<Connector port="443" SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" 
maxThreads="150"  keystoreFile=" E:\main\tomcat\bin\jdk1.7\jre\bin\tayabkhan.com.keystore" 
keystorePass="W.#$%n(@nCUi2" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" />

** Restart tomcat service and check 


(3)#### Auto ssl redirect (http to https) force 443 redirect



** Open web.xml and place bellow codes before </web-app> tab


  <security-constraint>
        <web-resource-collection>
        <web-resource-name>Automatic Forward to HTTPS/SSL
        </web-resource-name>
        <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>


</web-app>

** Open server.xml // add after <Hostname=localhost

<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

RewriteCond %{HTTPS} =off
RewriteRule ^(.*) https://%{HTTP_HOST}:443$1 [R=301]

also add 


<Connector port="8088" protocol="HTTP/1.1" URIEncoding="UTF-8" acceptCount="500" disableUploadTimeout="true" 
                   enableLookups="false" maxThreads="1000" minSpareThreads="50" connectionTimeout="20000" redirectPort="443"/>

 <Connector port="80" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

** Restart tomcat service and check 


Monday, April 8, 2019

Linux Hard Disk I/O Speed Test




 *** hdparm -Tt /dev/sda

 *** dd if=/dev/zero of=/tmp/output.img bs=1G count=1
rm /tmp/output.img