dino

How to verify matching private key with a certificate

by

The private key contains a series of numbers. Two of those numbers form the “public key”, the others are part of your “private key”. The “public key” bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. To view the Certificate and the key run the commands:

$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key

The `modulus’ and the `public exponent’ portions in the key and the Certificate must match. But since the public exponent is usually 65537 and it’s bothering comparing long modulus you can use the following approach:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5

And then compare these really shorter numbers. With overwhelming probability they will differ if the keys are different. As a “one-liner”:

$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5

And with auto-magic comparison (If more than one hash is displayed, they don’t match):

$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5) | uniq

BTW, if I want to check to which key or certificate a particular CSR belongs you can compute

$ openssl req -noout -modulus -in server.csr | openssl md5

WHMCS Security Advisory

by

A potential security issue has been discovered whereby it may be possible for a malicious user to inject a specially crafted combination of variables leading to unexpected results. The issue revolves around the Smarty templating system and template related processing.

> Patch Download Link: http://www.whmcs.com/go/21/download

Patch will work for all versions of WHMCS 4.x.

Buy WHMCS cheap at Licensepal.com

Plesk 10.X fails to start after upgrade !

by

Service of the sw-cp-server cannot be started after the Parallels Plesk Panel upgrade. The sw-cp-server fails to start with the following error:
/etc/init.d/sw-cp-server start
Starting SWsoft control panels server…Duplicate config variable in conditional 0 global: var.sso_username
2011-04-14 05:48:16: (configfile.c.838) source: /usr/share/sw-cp-server/applications-conf.sh line: 72 pos: 11 parser failed somehow near here: (EOL)
2011-04-14 05:48:16: (configfile.c.838) source: /etc/sw-cp-server/config line: 13 pos: 1 parser failed somehow near here: (EOL)
Things to try
1. Check the number of the sw-sso packages installed on the server:
# rpm -qa |grep sw-sso

2. If this command shows 2 packages, the oldest version of the sw-sso package should be removed from the server.
# rpm -qa |grep sw-sso
sw-sso-2.2-r3488
sw-sso-2.7-11062309

If only one sw-sso package is installed do not remove it.
# rpm -e sw-sso-2.2-r3488

3. After removing the extra package, you should be able to start service on the sw-cp-server and access the control panel.

Repairing MySQL tables that will not open.

by

This should be handled on a case by case basis, but if you are using the default MySQL table type of MyISAM (which is the default storage engine unless changed or specified differently) here are a few options:

  1. The myisamchk utility can be run from a command line to checks, repairs, or optimizes tables. It is normally run while the database is not running. For more information about myisamchk visit the MySQL website.
  2. mysqlcheck is similar in function to myisamchk, but can be run while the database is running. For more information about
    mysqlcheck visit the MySQL website.
  3. If you login to the database, you can also run sql commands that might fix your problem.
    Examples:
    mysql> optimize table your-tablename;
    mysql> analyze table your-tablename;
    mysql> repair table your-tablename;
    For more information about
    table maintenance SQL visit the MySQL website.
  4. If you are getting MySQL error numbers and are not sure what they are. From a command line you can use the perror utility to lookup errors. For more info on perror visit the MySQL website.
    Examples:
    shell> perror 13 64
    Error code 13: Permission denied
    Error code 64: Machine is not on the network

How to change the default port for Plesk

by

It is not recommended to change the default Plesk port because it can break Plesk integration with other programs (like Plesk Expand or DrWeb).

Linux

To change the port Plesk listens on you will need to edit /usr/local/psa/admin/conf/httpsd.conf file and change the following directives to list the port you want Plesk to listen on:

Listen 8443
Port 8443
<VirtualHost *:8443>

You will need to restart Plesk afterwards and update the hardware object in the SoftLayer portal with the new port (Hardware > Click on Server name > Password Update / History)
Plesk cannot listen on any of the ports used for common services (21, 22, 23, 25, 53, 80, 110, 443 etc..).

Windows

Most Plesk installs will be using Apache by default. You will want to edit the Apache configuration file C:\Program Files\SWsoft\Plesk\admin\conf\httpd.conf

1.) Change the following line to list the port number you want Plesk to listen on
Listen 8443

2.) Restart Plesk Control Panel
You will need to restart Plesk afterwards and update the hardware object in the SoftLayer portal with the new port (Hardware > Click on Server name > Password Update / History)

Restarting Mail Enable through Plesk (Windows)

by

In order to restart the Mail server [Mail Enable], please use these steps. 

1) Login To Remote Desktop >> “Plesk Services Monitor” [ Right side in the task bar] >> Check the box “Mail Server” >> Click on Restart.

OR

2) Login To Remote Desktop >> Start >> Run >> type ” services.msc ”

From here, you have restart the Mail Enable [ Mail Server] services such as:
Mail Enable List Connector
Mail Enable Mail Transfer Agent
Mail Enable POP service
Mail Enable PostOffice Connector
Mail Enable SMTP Connector

Right Click on it and press Restart.

Cannot install binary packages using pkg_addCannot install binary packages using pkg_add

by

Failure to install binary packages in older FreeBSD versions using “pkg_add -r”.

Solution:

Add these lines to /etc/csh.cshrc (/etc/profile if you are using bash or sh):

[FreeBSD 4.x]
setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/
setenv PACKAGELIST

[FreeBSD 5.x]
setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/Latest/
setenv PACKAGELIST

DirectAdmin : Apache won’t start after update on FreeBSD

by

An issue with php/apache is causing apache not to start in FreeBSD. It segfaults and core dumps, logged in the /var/log/httpd/error_log.

Try removing –with-openssl from your configure.php file and recompile php.

cd /usr/local/directadmin/customapache
vi configure.php
#remove –with-openssl from the file, save, exit.
./build clean
./build php n

Possibly a mod_perl issue. Edit the /etc/httpd/conf/httpd.conf
change:

AddModule mod_perl.c

to

#AddModule mod_perl.c

and then restart apache. If you don’t have “AddModule mod_perl.c”, then don’t worry about this entry.
Remove the “LoadModule perl_module /usr/lib/apache/mod_perl.so” if you have it as well.
This won’t affect files in the cgi-bin (I’ve seen very few people actually making use of mod_perl itself).

more info:

Previous workaround for the problem is to remove thp php flags from the httpd.conf files:

cd /usr/local/directadmin/data/templates
cp virtual_host*.conf custom
cd custom
perl -pi -e ‘s/php_admin/#php_admin/’ *
echo “action=rewrite&value=httpd” >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d
/usr/local/etc/rc.d/httpd restart

One user reported that installing zend solved this problem as well, so try:

cd /usr/local/directadmin/customapache
./build zend

Possibly have to downgrade zend to 2.5.7 from 2.6.2 as well as the zend binaries may not be backwards compatible.

To downgrade to apache 1.3.33 and php 4.3.11, run:

cd /usr/local/directadmin/customapache
./build clean
perl -pi -e ‘s/1.3.34/1.3.33/’ build
perl -pi -e ‘s/1.3.34/1.3.33/’ configure.apache_ssl
perl -pi -e ‘s/2.8.25/2.8.24/’ build
perl -pi -e ‘s/4.4.1/4.3.11/’ build
./build update_data
./build all d

How To Find What Version of PEAR Is Installed in your Linux Apache Server

by

if you want to know what version of PEAR you have, or simply just want to know if you have PEAR installed, simply run the following command in your linux box shell prompt:

pear list

Once you execute the command above, you should see something like this:

Installed packages
===================
Package
Version
State
Archive_Tar
1.1
stable
Console_Getopt
1.2
stable
DB
1.7.6
stable
HTML_Template_IT
1.1
stable
HTTP
1.3.6
stable
Mail
1.1.8
stable
Net_SMTP
1.2.7
stable
Net_Socket
1.0.6
stable
Net_UserAgent_Detect
2.0.1
stable
PEAR
1.3.6
stable
XML_Parser
1.2.6
stable
XML_RPC
1.4.1
stable

If you don’t see anything like the above, then you dont have PEAR installed. However, Good new I have, you can download free at http://pear.php.net