Turnkey and Apache SSL configurations

Jumped through the hoop today on implementing multiple domains on a system.

The process was something of the following:

  • Setup Virtual Domains,
    • Get virtual working  -  there is a lot to this in Joomla
  • Open Apache
    • Check basic Setup
      • I had 3 domain SSL server setups defined
        • Primary Server Host
        • Secondary Server Host
        • * (universal) Server Host
      • I verified that I had one Redirect working on my Primary Server.  Entered the URL and it redirected (don't forget)
    • Purchase a Multi-Domain SSL Certificate
      •  Go to https://decoder.link/csr_generator
        • Create a New CSR
          • use advanced options to enter the additional Server Names attached to the CSR and Cert
        • Copy the CSR to a new_file.csr file
        • Copy the Private Key to a new_file.key  (or new_file.psk) file
        • Copy the Decoder Cert (for some reason I do this, but it does not get used) ie new_file_local.crt
      • Activate the Purchased SSL Certificate by entering the RAW Text of the CSR File  (easy to copy on the Decoder.link site)
      • Emailed to the Primary
  • Opened my Domain and DNS Server Setup for each of my Domains I was attaching to the Cert.
    • Set up http: DCV on the sub systems
      • entered a new "sub domain' for each domain  (long keyed and meaningless except the key)
      • entered a cname and a destination for each domain  (long keyed and meaningless except the key function)
    • Accepted the One Email
    • Waited a bit for the Cert to issue, but it did
  • Open FTP Session to Server
    • upload SSL Certs to ETC/SSL/new_cert_name
    • This includes the PRIVATE KEY File that was saved from decoder.link above
      • Note that YOU CANNOT get the Cert to work in Apache without the Private Key in more recent installs I have done.
      • I think perhaps there are ways to build in the Key to the cert, but I need to backtrack abit on how I used to do that.  I believe, however, the change that requires this has mostly come from the certifying issuers as much as than my process.
    • I also put the CSR file there though I do not believe it is actually used in the functioning of the directives and cert except to create the file structure.  Decoder.link above can "decode" the CSR file which may be helpful
  • In the Apache Server Setup (port 443)
    • copy the original directives
    • comment the original directives
    • add new directives to the New Folder and New Name

This is a view of how my Apache Directives read for in Webmin

*.443

    SSLEngine on

 
    SSLEngine on
 
     #  SSLCertificateFile /etc/ssl/old_ssl_folder/oldcert.crt
     #  SSLCertificateKeyFile /etc/ssl/old_ssl_folder/oldcert.key
     #  SSLCertificateChainFile /etc/ssl/old_ssl_folder/oldcert.ca-bundle
 
    SSLCertificateFile /etc/ssl/newcert_multi_folder/new_issued_multi.crt
    SSLCertificateKeyFile /etc/ssl/newcert_multi_folder/newcert_private.key
    SSLCertificateChainFile /etc/ssl/newcert_multi_folder/new_issued._multica-bundle
 
    ServerAdmin ....(removed)

This is not always as easy a process as it was today, as different file types.   Today though, it went on the first try and Apache took the changes.

I still have my Primary Domain Cert running with its special Redirect.

My Secondary Cert I will reissue and use somewhere else as I put it's domain into this Multi Cert.

The Multi-Cert Process went very well.

This is not a small amount of work, but I can help.  Please contact me via the SSL Install link 
Comodo-PositiveSSL-Installation-on-Turnkey-System

Posted in Domain Management and SSL

Print Email

Wildnet Blog Accordion

Recent Work with a VPN router

Recent Work with a VPN router

Sometimes a small project is not so small.  For some reason my Odoo Server does not pass through my Comcast Home system at all well.  Solution was to put a dedicated PC into my office... but, I didn't want to just have RDC available for all comers (who sure came fast).

I remembered that I had a VPN equipped router.  I won't say the model.  Anywy, the company who made it was aquired and the aquiring company, as they are want to do, killed most support links about the router.  Turns out there were several other routers that used the same software for access, and yes, I got it too work.  Honestly, I think it is just a small step in security, not a big one.

In the end I was able to get the correct VPN client by simply downloading the off of a link to a later, still supported router from the company.  The client is no where as nice as OPENVPN for granularity, but it does work.  

I also found that "NOIP"  (https://noip.com) provides a functional way to address a dynamically assigned IP address.  There are a few other ways but this was the most direct and within the budget.

Things are working for now despite the EOL from the router builders new owner.  

I had mentioned in the earlier version of this post that it might be interesting to rewirte the firmware to the Router, and get it working as a OPENVPN router.  That remains interesting but likely easier to do that with some other hardware and software.

EOL is one of the LEAST SUSTAINABLE parts of IT and I do not like the planned obsolesence which rules the industry.

Read more

Systems under the skin of TKL

Systems under the skin of TKL

Dissecting and understanding a build process is complicated.  It is very nice to be able to look under the skin from time to tim.

At present I am needing to adjust approaches as past ways of adapting have been left by the road (not by me).  Studying a bit about what takes place in alternative builds that I may adapt to is an approach that I need to take.

Turnkeylinux is built from 2 sets os structures.  What goes out, their "apps" are prebuilt systems.
Inside of each app though are many and various components.

https://github.com/turnkeylinux-apps/

https://github.com/turnkeylinux/fab  (the component sets)

consists of 68 Repositories at present, including...

https://github.com/turnkeylinux/fab

https://github.com/turnkeylinux/buildtasks

https://github.com/turnkeylinux/inithooks

https://github.com/turnkeylinux/buildroot

https://github.com/turnkeylinux/turnkey-paths

and many more.

TKLDEV is a good way to start to understand the process as TKLDEV will build new APPS and the process can be tracked.  Still following it is complicated.

This is left here as a study note to come back to.

A good entry point to Turnkeylinux is of on their "Help Sought" page"

Read more

MageBridge removed as well

MageBridge removed as well

Looking back at my notes, I started working with Magebridge (from Yireo) in at least 2013 and perhaps earlier.

It was a great idea fraught with difficulties.  Its purpose was to bridge Magento into Joomla

Magebridge discontinued by Yireo a few years ago now, but on my side I just disabled it.  Yireo discontinued because of the forthcoming Magento 2 and all the changes there.  I am not convinced it could not have been brought forward, but I think the greater issue was the extreme complication the program was itself.

Today, I gave it one last try.  Nope...  no go.  And now I am free.

Everything has been removed (uninstalled yes) including Compnents, Plugins, Packages, Libraries, Menu Items, Modules etc etc etc.  As the attempt also disabled the Magento server I also have a full restore running there as well (to last night's state).  I will likely kill the Magento server next.  Also not worth the hassle.

The site is fast.  I did resurrect for the time being Dynamic404 from Yireo (Yireo has gone away from all things Joomla).  It seems to have some good rerouting and be able to redirect what it cannot find in the overt redirection tables (lets see how that goes).

This is not, of course, big news, but it is news about Old and New.  I have long wanted everything to stay functioning, but sometimes we have to clear the decks...  They are clear now and we won't try that again.  (I log that I spent almost 4 hours on this attempt this morning).

And so it goes.

Read more

Magento Sunset

Magento Sunset

I have been running Magento since about 2012 with 1.3x in my memory bank. Up to 1.9x now and really just using Magento as a repository now.

Magento 2.x (2.3x to be precise) is here.  It does not work, at present, with this CMS system so I have a linkage taking place through Filemaker from J2Store to Magento and by extension to Odoo.

I will quite likely just take the Magento system down.  It will not be supported with updates after this coming June and the time investment of getting 2.x running and keeping it running does not seem available just now).  We will see.

Anyway, for now, I am going to start redirecting the URL's to land into this system.  Lets see what a pain that becomes.  Likely worth the effort but also perhaps now.

Sad, but Magento was aquired by Adobe and like Odoo, they are making it more and more difficult to use it as a Open Source software.  Not that either are impossible, but the reigns are steering the team towards privation.

Somewhat the nature of things these days I will say.

All good software, just a bit too time intensive.

Read more

Magento - Odoo - OCA Connector

Magento - Odoo - OCA Connector

This is a very functional system which brings the ability to work the "backend" of Magento by actually building and purchasing items you sell,

  • Functionally you get all of the aspects of Odoo, including CRM, Product Management and more
  • You also get the great E-Commerce capabilities of Magento, and its increditble extensability.

(to do:  more detail)

Read more

Joomla3 Appliance - Powered by TurnKey Linux