Tuesday, November 18, 2008

Configuring SSL on a Web Server using Apache

Here is a link to an article on setting up SSL on an Apache web server.

These are the steps that I followed from the article:

I am setting up a qa web server , so I did this :

1) " For testing purposes, or for small LANs, you can create a self-signed certificate. This can be done by issuing this command: "

openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 \
-nodes -keyout server.key -out server.crt \
-subj '/O=Company/OU=Department/CN=www.example.com'

Note: You will need to have setup a self-signing Certificate
Authority on your server.
This enables you to create your own temporary
certificates for testing purposes.
See my blog post on setting up
Email/SMTP on Amazon EC2 for how this is done.

2) Next, I installed mod_ssl on Apache:
For Fedora, command line: yum install mod_ssl

3) Update /etc/httpd/conf.d/ssl.conf,
add a reference to your certificate (server.crt) and your key (server.key),
For example:
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/httpd/certs/server.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/httpd/certs/server.key

4) Enable Port 443 on your server and firewall
(Amazon EC2 command line:

ec2-authorize default -p 443 )

Conclusion: You now have a QA Web server with a temporary certificate that can run web sites
using SSL ( https ). For production Web servers , you will need to purchase a permanent certificate
from a trusted certificate authority like Verisign.

Monday, November 17, 2008

Updated Email Setup on Amazon EC2

SMTP/Email Setup on Amazon EC2

Create an Smtp server installation on Amazon EC2 that relays email to
your gmail email account. Gmail has a nice email client so this allows us to leverage gmail’s rich features. Our smtp software package is postfix.


Familiar with create and launching instances using Amazon EC2, and familiar with editing config files in linux.

Links to
documentation on Amazon EC2 and how to create and launch instances:


1. Install Postfix

For Fedora 8: yum install

2. Setup/Install Certificate Authority for Self Signing

yum install openssl-perl

3. Create Server Certificate

cd /et/pki/tls/misc

./CA.pl -newca

4. Copy cert file to postfix folder

cp /etc/pki/CA/cacert.pem

5. Create Certificates (self signed certificates for testing

genrsa -out enduro.key 1024

req -new -key enduro.key -out enduro.csr

req -new -x509 -key enduro.key
-out enduro.pem
-days 1095

  1. Authorize Port 587

    At desktop/client command line: ec2-authorize default –p 587

7. Update Postfix Config file, master.cf

This file is located in /etc/postfix/master.cf.
You need to specify port so that service runs on port 587

Sample entry:

service type private unpriv chroot wakeup
maxproc command + args
(yes) (yes) (yes) (never) (100)
inet n -
n -
- smtpd

  1. Edit 2nd
    Postfix config file, main.cf

This file is located in /etc/postfix/main.cf

I will not detail this entire config file because the configuration
details will depend on your environment. But, in a nutshell you want
to do the following: update the relevant hostname and ips in main.cf
and add something like this to end of main.cf:

## TLS
= hash:/etc/postfix/sasl_passwd

smtp_use_tls =
smtp_sasl_security_options =
smtp_sasl_tls_security_options =
smtp_tls_note_starttls_offer = yes
= dev:/dev/urandom
smtp_tls_scert_verifydepth =
= yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no

9. Also make sure you have this entry in main.cf

relayhost = [smtp.gmail.com]:587

10. Using vi or your favorite editor, create the follwing file,

and using this format below for its content, add your email
address and password:

Contents of sasl_passwd

11. Now test
this file
by running this simple "hash" key test.

postmap -q [smtp.gmail.com]:587 sasl_passwd


12. You'll
need to protect your password so that only the postfix group and root
can read it by changing the access rights as follows:

chown root.postfix sasl_passwd*
$ chmod 0640 sasl_passwd*

( PostFix binary location: /usr/sbin/postfix )


command line:
postfix start

14. Use sendmail
from command line to test:

Cmd line:
sendmail mytargetemail@gmail.com this is test

Next: Hit Enter ,
then type a dot, then Hit Enter

(Note: make sure
Sendmail is started (cmd line: service sendmail restart)

(Note: logs errors
to /var/log/maillog)

Alternatively Test
Sendmail using this by creating a text file (mail.txt) in the below

to: user@domain.com
from: your-name@domain.com

Body of
message goes here

Then call sendmail with
that file as an input:

line: /usr/sbin/sendmail email-address < mail.txt

Or you can use the -t
option to to tell sendmail to read the header of the message to
figure out who to send it to.

line: /usr/sbin/sendmail -t < mail.txt

This will process the
To: and CC: lines for you and send the mail to the
correct addresses.

Wednesday, November 12, 2008

Blogspot Tip of the Day, You can use Google Docs to Publish directly to your blog

Blogging Tip of The Day, You can use Google Docs to Publish directly to your blog.

For example so you are writing a long article (in my case long technical thing), it is much easier
to write something using a word processor like Word or Google Docs.
If you write something in Google Docs, you have the option to "Publish as Web Page"
within this option you can then choose to publish it to your Blog.
If it is to blogspot, you click configure your blogspot settings, enter your info then click Publish to Blog.

Mono on Fedora 9 - Installation/Setup/Configuration

Previously, I have setup Mono on Fedora 8 using a prebuilt image.

See blog post: http://endurotracker.blogspot.com


Install and configure Mono (.net framework) on Fedora 9.

Notes: Yum did not seem to detect the dependencies of between xsp and mod_mono
if you follow the order of the steps at : http://www.inprose.com/articles/10-enable-aspnet-support-in-fedora-linux.html
You end up with fc9 version of mod_mono, but a fc10 version of xsp which is bad.
You want all your libraries to be a fc10 version.
Your web server, Apache can be the fc9 version.


1) Install Apache fc9: yum install httpd
2) Disable SELinux, from UI , click System -> Administration -> SELinux Management ( from linked article above mentions that from command line: setenforce 0 , but I could not get this to work)
3) Install fc10 mod_mono from rawhide repository ( which depends on mono-core, mono-web, and xsp, so this will can installed all at the same time in this step):
yum install --enablerepo=rawhide mod_mono
4) Grant permissions to apache user to execute and create directories under var/run ( apache runs under user: apache by default), command line: chmod 777 /var/run -R

5) After the successful install we need to configure Apache to allow it to run Mono applications (typical usage asp.net web pages, and .asmx web services).
In this test case , we are using the test asp.net pages that got installed under /usr/lib/xsp/test when we installed xsp above in the install mod_mono step.
On completion of this step, we can open our browser and go to http://localhost/test to see our Mono Test Page in action.

Edit /etc/httpd/conf/httpd.conf

Add these entries to the end of the file:
#Test Mono Setup
MonoAutoApplication enabled
MonoServerPath test /usr/bin/mod-mono-server2
Alias test "/usr/lib/xsp/test"
MonoApplications test "/test:/usr/lib/xsp/test"

MonoSetServerAlias test
SetHandler mono

MonoSetEnv MONO_IOMAP=all
6) Done! Go to go to http://localhost/test to test your setup.

Monday, November 10, 2008

Amazon Flexible Payment Service , A Series of Blog Posts

I am planning to write a series of blog posts detailing my experience
with Amazon's Flexible Payment Service.(http://aws.amazon.com/fps/) Amazon's offering competes with PayPal, Google Checkout, http://www.authorize.net/, and other payment api's.

I am creating a series of blogs because Amazon's FPS API is a large offering and a single blog post would only skim the surface.
Series topics will include:

Overview of Amazon FPS,
Setting up your Environment/Creating your FPS account,
Creating Payment Instructions,
Creating a database to store submitted transactions,
Using Co-Branded UI,
Creating Pay Request,
Pull Method - Create a Job to Polling Amazon's FPS Service for successful Pay Request,
Push Method - Use Amazon Notifications to get Status of Pay Requests