How to generate a CSR on a Linux server

This article will discuss how to create a CSR (Certificate Signing Request) for an SSL in Linux. This is necessary if you are submitting a request for an SSL with another provider.

• SSH into the Linux server. If you are unsure of how to SSH, please see how to SSH on Windows | Mac .
• At the command prompt, type the following and hit Return. Change the bit length (2048) to the appropriate bit length for the SSL issuer. Typically 2048 is sufficient.

openssl req -nodes -newkey rsa:2048 -keyout domain.key -out domain.csr




Updated on 18 September 2014 - use sha2 algorithm as there has been a major security breach for sha1




openssl req -new -newkey rsa:2048 -nodes -sha256 -out domain.csr -keyout domain.key


To check CSR details:

openssl req -noout -text -in domain.csr




Fill out the requested information below. For the State, use the full name not an abbreviation. The Organization Name should be a publicly verifiable name (such as is listed on bank statements, bills, taxes, etc). The common name is the domain for which the SSL is being issued. For example, if you’re ordering an SSL for domain.com, then the name would be domain.com. If you’re ordering an SSL for www.domain.com, then the name would be www.domain.com.

You may chose to leave the email address and challenge password blank by simply hitting return when prompted.

Generating a 2048 bit RSA private key
………..+++
………………………..+++
writing new private key to ‘domain.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Newark
Locality Name (eg, city) [Newbury]:Delaware
Organization Name (eg, company) [My Company Ltd]:My Company Name
Organizational Unit Name (eg, section) []:Security
Common Name (eg, your name or your server’s hostname) []:www.domain.com
Email Address []:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

• Once the form is filled out, two files will be created in the directory in which the command was run. The filedomain.csr has the CSR for the SSL which will need to provide to the SSL issuer. It will look similar to the following:

—–BEGIN CERTIFICATE REQUEST—–
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk5ld2FyazERMA8G
A1UEBxMIRGVsYXdhcmUxGDAWBgNVBAoTD015IENvbXBhbnkgTmFtZTERMA8GA1UE
CxMIU2VjdXJpdHkxFzAVBgNVBAMTDnd3dy5kb21haW4uY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tL9PpRMD4JeB4jZkIXGT5k4AGpGf/FTSNfn
ENuADQFCco0E+w+HqcAYtDBHzTSuU76B6TYWURRnNLHmwX+f7GytD4tBhmDia3OQ
ffKNAZqI5uusU+Tt5qpW2qjLBeX6/jD/u5Fh75s3XIKJ5XdW5yiztOk/4LAqffx9
rR4bZac4k9nBBci6gCIK615vj+1H2wAe9t5bem/EW6bxEH1nMjenI/5siVsdtRMO
qk+6l7EqkJeGslsXcu9xsqKakAfia266xQvU24P6YCWvFvLUDr5SAvAfbO+zIGWZ
/3boR75C1NyiSopJDnXlwZ0HXNRWHBUys7ED4lEIeaQpMtTXgQIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAEY/wFSLWOt1S2bTt72l68K5pt0oaBaY0HX6DgPYUeP2
OR5JX5G7Cb4eVGDBWuDtVxxN2YrzzgD6ASj9pL0mzkYuFaRy3uUo0ZedzdPXgVX2
r+5OdjrewPpIgL2i91EB/JytAdgr5fVKQpaZntFu7DJHBVpcGrEN0Kan/OGg2ZU0
08yhyoejXtY1i8YUwPpoqD126N0xczYclMg/BaSME5R3Vbcr3i5Ruz0ByjoQtKSt
1Z8CWIiZNH1WhB2fy8Z2ARCsM1g2Xh43TqjRDhIIFU/dbDqmFHhvivxv2bzB9cbi
ureFe4oU8af7K9w4EbSzKgcqBOwNwnQy7DpcmIHXB4s=
—–END CERTIFICATE REQUEST—–

• The file domain.key has the key for the SSL which will you will need once the SSL is issued. The certificate, once issued, must match the key in order for the SSL to be installed. It will look similar to the following:

—–BEGIN RSA PRIVATE KEY—–
MIIEpQIBAAKCAQEA6tL9PpRMD4JeB4jZkIXGT5k4AGpGf/FTSNfnENuADQFCco0E
+w+HqcAYtDBHzTSuU76B6TYWURRnNLHmwX+f7GytD4tBhmDia3OQffKNAZqI5uus
U+Tt5qpW2qjLBeX6/jD/u5Fh75s3XIKJ5XdW5yiztOk/4LAqffx9rR4bZac4k9nB
Bci6gCIK615vj+1H2wAe9t5bem/EW6bxEH1nMjenI/5siVsdtRMOqk+6l7EqkJeG
slsXcu9xsqKakAfia266xQvU24P6YCWvFvLUDr5SAvAfbO+zIGWZ/3boR75C1Nyi
SopJDnXlwZ0HXNRWHBUys7ED4lEIeaQpMtTXgQIDAQABAoIBABTrAqAmebgP9uxY
5niXUhkZHwH6dZlEGBUvFmhMBVYjPJYTtdPfiEg40nqKqnq/LKBNIilyJf7HAIKT
LmkiQ06+R5RQ5V9hFgpYWxC9II56A6P+bnVyuTaJCf+kdaFq4Tbvinhc9QpxGzdk
cYA9Z0JkP83n0UbkqoRaj59yRSKC3TosSWCQ8TVTxWU8U36mTpCUIFvcgbQGIKph
irj8briWCM9xiErSESYP77WQxERvoW6brKD9jZ/BNmTMuQ+akOa8BxqP6LOx/bob
jqrmxsDkcmjzMXS8SCG3FkJk2K1Tam8aCqQHMBjbUFJByjIDnT237sue7qFmyQFJ
T2izt6ECgYEA95LBuszZS+cM3I/7mxRIPWoKb4ao881xNlYUvwboDMRAIFAlRNfV
c7Qjlt5TeVwlIvrYdL0L0d92FrXbh7lGcK2yOKFW4OrrlKySqXSto7c2LWy2DJkm
Hs9NO6ZDB/6X78UU4tVvFS5m/AA9J27Pk8lq/p4OuTki4yH3b3mLqJ0CgYEA8tEk
f2NeYk7YMm9Oc4fBlAF2CfJRwGf7GqwbT9Us04AWgv3XlohJaibGWJjVrHBCirAY
jxQsKhF2zjnxs9gWZ5k2PqvczTF2vs025tSimxbBcUOhMUNEaSr6ugTfjFkbdcTG
Wx/HyxH8cbYOYWKrbJSQknh8N+DO+N/y2yMt+zUCgYEAunZ+EwNWZiSPO0/2YMbV
4euMEJOLjJSfQB11YqsA+xyUb8HtT/x/d7WlWGv60tzj24Syorn/vQJhHpm5zm9s
7lDkemKJ3L0S0ddoXtjSLww+cdf/BV4TqADaWqLOuaa3KI93O6ElGP7p8cL8TEbZ
cKWzQDIrRLYT4J4kjoEs/sECgYEA6Qv575m7mLb7oUxbC18cV6UfWWSNOhGSW4Mb
o3+CSmwBLy/ansunSo50h8wIKDyGYP2qVIiT6rxgPoY2iNm4hy3xdi0U+oui4HWt
X9ZtSlSIzOCP8OwS2K07fxX2SImtZVa62fKimzBkDe8h1i4RQWFFcI7bCfZmL08h
k1ksZJECgYEAmQ73FoPsGv/uynBXVJWk3j7yDLNNHzbL9bIs5dQ9157RhInWRsNX
TvUdnukuB4hkaxvINz9mXn/2kJtsi/D5oWfrPKA1Gyzze9Rmr260p4ciy3q9YvBc
Issaav6wkaLRG9EtTU27ptda5ovYMLYE5OcrtDTtvaxFVaTRhzO9GWw=
—-END RSA PRIVATE KEY—-

 

''another skype instance may exist''

You want to login to skype but you cant because you receive the following error:
"'another skype instance may exist'"
This seems to be a common problem with skype and ubuntu.

Solution:

1] Open the terminal
2] cd into the folder /home/users/username/.Skype by typing the command
#cd /home/users/username/.Skype
#ls

You may see 3 files : shared.lck, shared.xml and skype_account

3] Move the folder skype_account to skype_account1
#mv skype_account skype_account1

4] Revert it back
#cp -arv  skype_account1 skype_account

Restart the skype and login!!!!

Does this work?
Leave me a comment.


 

Apache prefork vs worker mpm

Apache===> multithreaded Vs multiprocess

Apache comes in a few different flavors. The two most common are pre-forked (multi-process) and multi-threaded (worker).

The pre-forked flavor runs several copies of itself and each copy is designed to serve one visitor at a time. The multi-threaded model runs one, sometimes a few, copies of itself but each copy has several threads and each of those threads can serve one visitor at a time.

So, if you had 20 simultaneous requests to your server, the pre-forked version would need 20 copies of itself running to serve them all. In the same situation, the multi-threaded version might have only 1 copy running with 20 internal threads to serve the same requests.
Which one better?

Let’s outline what the pros and cons of each of the two choices are and that will hopefully help determine, based on what you’ll be serving up, which is better for you.

The multi-threaded version often faster and takes less memory. However, any additional modules running inside Apache must fully support a multi-threaded environment. Modules that are not 100% thread-safe can cause Apache to crash or behave strangely.

The pre-forked version takes more memory. However, the pre-forked version also alleviates the need for modules to be fully thread-safe.

One of the most common add-on modules, PHP, has some thread-safely problems. To be fair, the core of PHP is supposed to be fine in a multi-threaded Apache. However, some of the third-party libraries used by PHP are not thread-safe. This has the downside of needing to use the pre-forked version of Apache if you plan to use PHP running from inside Apache as a module (using mod_php, which is by far the most common way of running PHP).

In general, I recommend using the multi-threaded version of Apache only if you are confident that all of the rest of your software stack will support it. If it won’t, or you’re just unsure, then you should run the pre-forked version. Using more memory is definitely better than having things crash or be otherwise unstable.

When running PHP via mod_php, choose pre-forked. When running only static files (html, jpg, etc), choose multi-threaded. If passing on to a backend application server like Mongrel (for Ruby on Rails), the multi-threaded version works fine.

If you’re mixing and matching uses and even one use, in one virtual host, requires the pre-forked version, then pre-forked will need tobe your choice.
Installing each version

On Debian or Ubuntu, the pre-forked version can be installed like this:

sudo apt-get install apache2-mpm-prefork

For the multi-threaded version, install this package instead:

sudo apt-get install apache2-mpm-worker
Optimizing Apache to fit your server

Apache’s default settings for number of processes to run and maximum simultaneous clients to serve are a bit too high. Unless you have one of the biggest Servers, you’ll want to change them. Even for bigger servers it probably makes sense to review these and change them to fit your workload.
Pre-forked version

Again, on Debian and Ubuntu:

sudo nano /etc/apache2/apache2.conf

Find the section labeled “prefork”. There are 5 settings here:

StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0

By default, this tells Apache, when you start, create 5 copies of yourself, keep at least 5 around, don’t keep more than 10 idle servers, you may have up to 150 copies of yourself (1 to serve each client), and each child copy may live indefinitely (no maximum requests per child).

150 copies is too many for a small server. So let’s adjust these a bit:

StartServers 2
MinSpareServers 2
MaxSpareServers 6
MaxClients 20
MaxRequestsPerChild 0

The most important setting here is MaxClients. This is the maximum number of copies of Apache that will run at once. The rest are generally just somewhat proportional to this one number.

These are fairly conservative and have high odds of working for smaller environments. It is possible, if running enough RAM-hungry stuff, that even these are too high. If you’re running a medium-to-large sized server, these may be too small.

Go ahead and save the file and exit.
Multi-threaded version

As noted above, Apache’s default will use a lot of memory. Apache itself will use less here than in the pre-forked version, but it can still easily be too much.

sudo nano /etc/apache2/apache2.conf

Find the section labeled “worker”. There are 6 settings here:

StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0

In this case, Apache reads this as start 2 copies of yourself to begin with, each capable of serving 25 clients, cap the number of clients at 150 (which would be 6 copies of Apache at 25 clients each), and keep spare capacity between 25 and 75 threads, again with no limit on the lifespan of a child copy of Apache.

Let’s adjust these downward a bit:

StartServers 2
MaxClients 30
MinSpareThreads 7
MaxSpareThreads 15
ThreadsPerChild 15
MaxRequestsPerChild 0

MaxClients and ThreadsPerChild are the most important here as they will determine how many copies of Apache are running at once.

These are designed to work, in most cases, with even smaller servers. They are likely too conservative for larger servers in higher-traffic environments.

Save the file and exit.
Finishing up

After the above changes have been made, be sure to do a full restart on Apache:

sudo service apache2 restart
- See more at: http://blog.hemantthorat.com/apache-prefork-vs-worker-mpm/#sthash.KAsNCEBj.dpuf

Linux commands

1. scp from remote host to local host
#scp your_username@remotehost.com:test.txt /local/dir

2. To sort files based on size
#find / type f -size +100000k -exec ls -lh {} \;

3. Add an Existing user to a group
 #gpasswd -a userNamer groupName

and check using #groups userName

4. To take backup of a single database



# mysqldump -u root -p database_name > database_name.sql

5. To restore a single database

# mysql -u root -p database_name < database_name.sql

Make sure you have a database in the name "database_name" before executing this command.

6. Mysql command to check database size

# SELECT table_schema AS "Database name", SUM(data_length + index_length) / 1024 / 1024 AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema; 

How to reset/break root and other user's password in Ubuntu 12.04 & 12.10

Do the following procedure to Reset:


1) Restart Machine 

2) HOLD Shift Button ( You will get message “GRUB Loading“)

3) Select the Kernel ( Don’t select Recovery Mode)

4) Press the e key to edit the entry

5) Select the line starting with the word “linux”

6) Append the init=/bin/bash to the end of the linux line.

(I have to append "rw init=/bin/bash" on one 12.04.5 LTS Sony machine and the step 7 was not needed) 7) Now Press F10 to boot with provided option.

Now You need to mount File System ( / ) into Read-Write Mode

8) Type the command
#mount -o remount,rw /

Now execute passwd command to Reset root password.
9) For root User passwd 

Other User passwd

Cloud computing explained

Here I would like to explain  cloud computing simply for newbies.

Cloud computing is the next stage in the Internet's evolution, providing the means through which everything — from computing power to computing infrastructure, applications, business processes to personal collaboration — can be delivered to you as a service wherever and whenever you need.
The “cloud” in cloud computing can be defined as the set of hardware, networks, storage, services, and interfaces that combine to deliver aspects of computing as a service. Cloud services include the delivery of software, infrastructure, and storage over the Internet (either as separate components or a complete platform) based on user demand. (See Cloud Computing Models for the lowdown on the way clouds are used.)
Cloud computing has four essential characteristics: elasticity and the ability to scale up and down, self-service provisioning and automatic deprovisioning, application programming interfaces (APIs), billing and metering of service usage in a pay-as-you-go model. (Cloud Computing Characteristics discusses these elements in detail.) This flexibility is what is attracting individuals and businesses to move to the cloud.
The world of the cloud has lots of participants:

• The end user who doesn’t have to know anything about the underlying technology.
• Business management who needs to take responsibility for the governance of data or services living in a cloud. Cloud service providers must provide a predictable and guaranteed service level and security to all their constituents. (Find out what providers have to consider in Cloud Computing Issues.)
• The cloud service provider who is responsible for IT assets and maintenance.
  
  
  
  
   
  
  
   
  
  
  
  
  
  
  Cloud computing is offered in different forms: public clouds, private clouds, and hybrid clouds, which combine both public and private. (You can get a sense of the differences among these kinds of clouds in Deploying Public, Private, or Hybrids Clouds.)
  Cloud computing can completely change the way companies use technology to service customers, partners, and suppliers. Some businesses, such as Google and Amazon, already have most of their IT resources in the cloud. They have found that it can eliminate many of the complex constraints from the traditional computing environment, including space, time, power, and cost.
  
  
  The goal of cloud computing is to apply traditional supercomputing, or high-performance computing power, normally used by military and research facilities, to perform tens of trillions of computations per second, in consumer-oriented applications such as financial portfolios, to deliver personalized information, to provide data storage or to power large, immersive computer games.
  To do this, cloud computing uses networks of large groups of servers typically running low-cost consumer PC technology with specialized connections to spread data-processing chores across them. This shared IT infrastructure contains large pools of systems that are linked together. Often, virtualization techniques are used to maximize the power of cloud computing.
  
  
   See a simple video
  
  
  
  
  
  
  
  
  
  
  

  Cloud Computing in the Data Center and for Small Business

  Cloud computing has started to obtain mass appeal in corporate data centers as it enables the data center to operate like the Internet through the process of  enabling computing resources to be accessed and shared as virtual resources in a secure and scalable manner.
  For a small and medium size business (SMB), the benefits of cloud computing is currently driving adoption. In the SMB sector there is often a lack of time and financial resources to purchase, deploy and maintain an infrastructure (e.g. the software, server and storage).
  In cloud computing, small businesses can access these resources and expand or shrink services as business needs change. The common pay-as-you-go subscription model is designed to let SMBs easily add or remove services and you typically will only pay for what you do use.
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  

How to set gnome-terminal to start bash as a login shell, doesn't read .bashrc

*bash started as an interactive login shell: reads ~/.profile 
*bash started as an interactive non-login shell: reads ~/.bashrc 


Read the bash manual about startup files for more details. Personally, I think that this behaviour is strange and I have not yet found a rationalization for this design decision. Some explanation for the terminology: an interactive shell is a shell with which you can interact, that means you can type commands in it. A non-interactive shell is a shell with which you cannot interact. Non-interactive shells are usually started to run shell scripts. A login shell is a shell which is started when you login to your system, or when you start bash using the --login option. A non-login shell is a shell which is started after the login process, and without the --login option. Configuring gnome-terminal to start bash as a login shell means it will start bash using the --login option. Most shells you see are interactive non-login shells. This is especially true if you are running a graphical shell like gnome, because then gnome is the login shell. Any bash session started inside gnome is a non-login shell (unles started using --login). If you want to see a real interactive login shell then go to a virtual console (using Ctrl+Alt+F1) and then log in using your username and password. That is a real interactive login bash shell. You can go back to the graphical shell using Ctrl+Alt+F7. Usually you want bash to always read ~/.bashrc in an interactive shell. Here is how I recommend to do that: Create a ~/.bash_profile file. If bash is started as a login shell it will first look for ~/.bash_profile before looking for ~/.profile. If bash finds ~/.bash_profile then it will not read ~/.profile. Put the following lines in ~/.bash_profile: [ -f "$HOME/.profile" ] && source "$HOME/.profile" [ -f "$HOME/.bashrc" ] && source "$HOME/.bashrc" Now if bash is started as an interactive login shell it will read the following files: ~/.bash_profile ~/.profile ~/.bashrc and if bash is started as an interactive non-login shell: ~/.bashrc You should put stuff which is bash specific in ~/.bashrc and stuff which is not bash specific in ~/.profile. For example PATH goes in ~/.profile and HISTCONTROL goes in ~/.bashrc. Note that ~/.profile is not bash specific. Other text based shells (for example sh or ksh) and graphical shells (gnome) also read ~/.profile. That is why you should not put bash specific stuff in ~/.profile.