Posts Tagged ‘ssl’

Configuring Sun Directory SSL Token for Automatic Startup

cd /<server-root>/alias
cat > slapd-`hostname`-pin.txt << EOF
Internal (Software) Token:SomeToken
EOF
Posted: March 28th, 2011
Categories: directory services, ldap, os, solaris
Tags: , , , ,
Comments: No Comments.

Cisco ASA SSL Web VPN Configuration

ip local pool WebVPN_LocalPool SOME.IP.ADDR.SUBNET-SOME.IP.ADDR.SUBNET mask 255.255.255.0
access-list WebVPN_SplitTunnelList standard permit SOME.IP.ADDR.SUBNET 255.255.255.0
 
webvpn
 svc image disk0:/sslclient-win-1.1.4.179-anyconnect.pkg 1
 svc image disk0:/anyconnect-macosx-i386-2.3.2016-k9.pkg 2
 enable outside
 port-forward portforward 1022 SOME.IP.ADDR.STATIC ssh internal_ssh
 tunnel-group-list enable
 svc enable
 
sysopt connection permit-vpn
 
group-policy WebVPN_GroupPolicy internal
 
group-policy WebVPN_GroupPolicy attributes
 vpn-tunnel-protocol svc
 !Windows uses its own adapter
 !Mac will update resolv.conf
 !dns-server value DNS1 DNS2
 !default-domain value sub.domain.com
 address-pools value WebVPN_LocalPool
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value WebVPN_SplitTunnelList
 webvpn
  port-forward name portforward
  port-forward auto-start portforward
  svc keep-installer installed
  svc rekey time 30
  svc rekey method ssl
  svc ask none default svc
  !port-forward value portforward
  !port-forward-name value Secure Router Access
 
username webvpn attributes
 vpn-group-policy WebVPN_GroupPolicy
 
tunnel-group WebVPN_TunnelGroup type remote-access
tunnel-group WebVPN_TunnelGroup general-attributes
 default-group-policy WebVPN_GroupPolicy
 tunnel-group WebVPN_TunnelGroup webvpn-attributes
 group-alias WebVPN_TunnelGroup enable
 
username webvpn password xxx nt-encrypted privilege 1
username webvpn attributes
 vpn-group-policy WebVPN_GroupPolicy
 service-type remote-access
Posted: March 28th, 2011
Categories: asa, cisco, vpn
Tags: , , , ,
Comments: No Comments.

Generating Self Signed Certificate using genkey

yum install crypto-utils -y
genkey --days 365 mail.example.com
Posted: October 13th, 2009
Categories: certificates, security
Tags:
Comments: No Comments.

Generating Self Signed Certificate

# mkdir selfcert

# cd selfcert

# openssl genrsa -out ca.key 1024

Generating RSA private key, 1024 bit long modulus

.........................++++++

..................++++++

e is 65537 (0x10001)

# openssl req -new -key ca.key -out ca.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.






Posted: October 13th, 2009

Categories: certificates, security

Tags: , 

Comments: No Comments.