Installing COMODO Positive SSL on your NGINX server

I just renewed my SSL certificate and have gotten a COMODO Positive SSL certificate from https://www.ssls.com. Here’s some instruction to setup up COMODO Positive SSL

CSR Certificate

Your CSR Certificate will contain information about you and your website. This is needed by your provider to generate your crt files

Generate your CRT

You will receive your files through email or the comodo website. Here are what you will receive

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • your_domain_com.crt

You will need to generate your crt file via the following command

cat your_domain_com.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > server.crt

Add your certificate location to your server block

server {
    listen 443;

    ssl on;
    ssl_certificate /etc/nginx/ssl/your_domain_com/server.crt;
    ssl_certificate_key /etc/nginx/ssl/your_domain_com/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

Voila!

Screen shot 2016 11 15 at 7.25.15 pm

 How to fix OpenSSL Padding Oracle vulnerability (CVE-2016-2107) on Ubuntu

OpenSSL Padding Oracle vulnerability (CVE-2016-2107) is a memory vulnerability that allows users to run malicious code. It is real simple to update Ubuntu to fix this issue.

Option 1

apt-get install --only-upgrade libssl1.0.0
root@localhost:~# apt-get install --only-upgrade libssl1.0.0
Reading package lists... Done
Building dependency tree       
Reading state information... Done
libssl1.0.0 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

This will magically be fixed!

Option 2

You will just need to update your Ubuntu by way of

apt-get update -y
Ign http://mirrors.linode.com trusty InRelease
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]     
Get:2 http://mirrors.linode.com trusty-updates InRelease [65.9 kB]             
Get:3 http://mirrors.linode.com trusty-backports InRelease [65.9 kB]
...
Removing debian:spi-cacert-2008.pem
Removing debian:SG_TRUST_SERVICES_RACINE.pem
done.
done.

Check your website through SSL Labs and you will notice a nice A+ instead of an automatic F

Ssllabs cve 2016 2107


Ssllabs cve 2016 2107 fixed

 ssh Command Examples

ssh lets you login to remote hosts and transfer files

ssh command Syntax

$ ssh options

Options Description
-V get the version of the SSH Client
-v verbose

ssh command examples

login to remote hosts

ssh root@somewhere.com

login to remote hosts with verbose messages. Causes ssh to print debugging messages about its progress.

ssh -v root@somewhere.com

 mv Command Examples

mv attempts to move files. It can overwrite files entirely

mv command Syntax

$ mv options file_name

Options Description
-f If a file exists with the same name in the location a file is to be moved, it will overwrite it without any prompt
-i If a file exists with the same name in the location a file is to be moved, it will prompt you to answer if the file is to be overwritten

mv command examples

Renames the file to _another_text.txt

$ mv text.txt another_text.txt

Renames the file to another_text.txt without a prompt even if it will overwrite a file.

$ mv -f text2.txt another_text.txt

Renames the file to another_text.txt with a prompt. The default answer is no

$ mv -i text.txt existing_text.txt
overwrite text.txt? (y/n [n])  n
not overwritten

Awesome, right?