Configuring SSL on a Web Server using Apache

Here is a link to an article on setting up SSL on an Apache web server.
http://www.onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html

These are the steps that I followed from the article:

I am setting up a qa web server , so I did this :

1) " For testing purposes, or for small LANs, you can create a self-signed certificate. This can be done by issuing this command: "

openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 \
-nodes -keyout server.key -out server.crt \
-subj '/O=Company/OU=Department/CN=www.example.com'

Note: You will need to have setup a self-signing Certificate
Authority on your server. This enables you to create your own temporary
certificates for testing purposes. See my blog post on setting up
Email/SMTP on Amazon EC2 for how this is done.


2) Next, I installed mod_ssl on Apache: 
For Fedora, command line: yum install mod_ssl

3) Update /etc/httpd/conf.d/ssl.conf,
add a reference to your certificate (server.crt) and your key (server.key),
For example:
#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/httpd/certs/server.crt


#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/httpd/certs/server.key

4) Enable Port 443 on your server and firewall
(Amazon EC2 command line: 
ec2-authorize default -p 443 )

Conclusion: You now have a QA Web server with a temporary certificate that can run web sites
using SSL ( https ). For production Web servers , you will need to purchase a permanent certificate
from a trusted certificate authority like Verisign.

Updated Email Setup on Amazon EC2

SMTP/Email Setup on Amazon EC2

Summary:
Create an Smtp server installation on Amazon EC2 that relays email to
your gmail email account. Gmail has a nice email client so this allows us to leverage gmail’s rich features. Our smtp software package is postfix.

Prerequisites:

Familiar with create and launching instances using Amazon EC2, and familiar with editing config files in linux.

Links to
documentation on Amazon EC2 and how to create and launch instances:

http://developer.amazonwebservices.com/connect/kbcategory.jspa?categoryID=84

1. Install Postfix

For Fedora 8: yum install
postfix

2. Setup/Install Certificate Authority for Self Signing

yum install openssl-perl

3. Create Server Certificate

cd /et/pki/tls/misc

./CA.pl -newca

4. Copy cert file to postfix folder

cp /etc/pki/CA/cacert.pem
/etc/postfix

5. Create Certificates (self signed certificates for testing
purposes)

openssl
genrsa -out enduro.key 1024
openssl
req -new -key enduro.key -out enduro.csr

openssl
req -new -x509 -key enduro.key
-out enduro.pem
-days 1095

6. Authorize Port 587

   At desktop/client command line: ec2-authorize default –p 587

7. Update Postfix Config file, master.cf

This file is located in /etc/postfix/master.cf.
You need to specify port so that service runs on port 587

Sample entry:

#
==========================================================================
#
service type private unpriv chroot wakeup
maxproc command + args
#
(yes) (yes) (yes) (never) (100)
#
==========================================================================
127.0.0.1:587
inet n -
n -
- smtpd

8. Edit 2^nd
   Postfix config file, main.cf

   
   

This file is located in /etc/postfix/main.cf

I will not detail this entire config file because the configuration
details will depend on your environment. But, in a nutshell you want
to do the following: update the relevant hostname and ips in main.cf
and add something like this to end of main.cf:

## TLS
Settings
#auth
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps
= hash:/etc/postfix/sasl_passwd

#tls
smtp_use_tls =
yes
smtp_sasl_security_options =
noanonymous
smtp_sasl_tls_security_options =
noanonymous
smtp_tls_note_starttls_offer = yes
tls_random_source
= dev:/dev/urandom
smtp_tls_scert_verifydepth =
5
smtp_tls_key_file=/etc/postfix/enduro.key
smtp_tls_cert_file=/etc/postfix/enduro.pem
smtpd_tls_ask_ccert
= yes
smtpd_tls_req_ccert =no
smtp_tls_enforce_peername = no

9. Also make sure you have this entry in main.cf

relayhost = [smtp.gmail.com]:587

10. Using vi or your favorite editor, create the follwing file,
/etc/postfix/sasl_passwd

and using this format below for its content, add your email
address and password:

#
Contents of sasl_passwd
#
[smtp.gmail.com]:587
myemail@gmail.com:pa33w0r8

11. Now test
this file by running this simple "hash" key test.

$
postmap -q [smtp.gmail.com]:587 sasl_passwd

myemail@gmail.com:pa33w0r8

12. You'll
need to protect your password so that only the postfix group and root
can read it by changing the access rights as follows:

$
chown root.postfix sasl_passwd*
$ chmod 0640 sasl_passwd*

( PostFix binary location: /usr/sbin/postfix )

13.Start
PostFix,

command line:
postfix start

14. Use sendmail
from command line to test:

Cmd line:
sendmail mytargetemail@gmail.com this is test

Next: Hit Enter ,
then type a dot, then Hit Enter

(Note: make sure
Sendmail is started (cmd line: service sendmail restart)

(Note: logs errors
to /var/log/maillog)

Alternatively Test
Sendmail using this by creating a text file (mail.txt) in the below
format)

date:
todays-date
to: user@domain.com
subject:
subject
from: your-name@domain.com

Body of
message goes here

Then call sendmail with
that file as an input:

Command
line: /usr/sbin/sendmail email-address < mail.txt

Or you can use the -t
option to to tell sendmail to read the header of the message to
figure out who to send it to.

Command
line: /usr/sbin/sendmail -t < mail.txt

This will process the
To: and CC: lines for you and send the mail to the
correct addresses.

Blogspot Tip of the Day, You can use Google Docs to Publish directly to your blog

Blogging Tip of The Day, You can use Google Docs to Publish directly to your blog.

For example so you are writing a long article (in my case long technical thing), it is much easier
to write something using a word processor like Word or Google Docs.
If you write something in Google Docs, you have the option to "Publish as Web Page"
within this option you can then choose to publish it to your Blog.
If it is to blogspot, you click configure your blogspot settings, enter your info then click Publish to Blog.

Mono on Fedora 9 - Installation/Setup/Configuration

Previously, I have setup Mono on Fedora 8 using a prebuilt image.

See blog post: http://endurotracker.blogspot.com



Summary:

Install and configure Mono (.net framework) on Fedora 9.

Notes: Yum did not seem to detect the dependencies of between xsp and mod_mono
if you follow the order of the steps at : http://www.inprose.com/articles/10-enable-aspnet-support-in-fedora-linux.html
You end up with fc9 version of mod_mono, but a fc10 version of xsp which is bad.
You want all your libraries to be a fc10 version.
Your web server, Apache can be the fc9 version.



Steps:



1) Install Apache fc9: yum install httpd
2) Disable SELinux, from UI , click System -> Administration -> SELinux Management ( from linked article above mentions that from command line: setenforce 0 , but I could not get this to work)
3) Install fc10 mod_mono from rawhide repository ( which depends on mono-core, mono-web, and xsp, so this will can installed all at the same time in this step):
yum install --enablerepo=rawhide mod_mono
4) Grant permissions to apache user to execute and create directories under var/run ( apache runs under user: apache by default), command line: chmod 777 /var/run -R



5) After the successful install we need to configure Apache to allow it to run Mono applications (typical usage asp.net web pages, and .asmx web services).
In this test case , we are using the test asp.net pages that got installed under /usr/lib/xsp/test when we installed xsp above in the install mod_mono step.
On completion of this step, we can open our browser and go to http://localhost/test to see our Mono Test Page in action.



Edit /etc/httpd/conf/httpd.conf



Add these entries to the end of the file:
#Test Mono Setup
MonoAutoApplication enabled
MonoServerPath test /usr/bin/mod-mono-server2
Alias test "/usr/lib/xsp/test"
MonoApplications test "/test:/usr/lib/xsp/test"

MonoSetServerAlias test
SetHandler mono

MonoSetEnv MONO_IOMAP=all

6) Done! Go to go to http://localhost/test to test your setup.

Amazon Flexible Payment Service , A Series of Blog Posts

I am planning to write a series of blog posts detailing my experience
with Amazon's Flexible Payment Service.(http://aws.amazon.com/fps/) Amazon's offering competes with PayPal, Google Checkout, http://www.authorize.net/, and other payment api's.

I am creating a series of blogs because Amazon's FPS API is a large offering and a single blog post would only skim the surface.
Series topics will include:

Overview of Amazon FPS,
Setting up your Environment/Creating your FPS account,
Creating Payment Instructions,
Creating a database to store submitted transactions,
Using Co-Branded UI,
Creating Pay Request,
Pull Method - Create a Job to Polling Amazon's FPS Service for successful Pay Request,
Push Method - Use Amazon Notifications to get Status of Pay Requests