nicky veitch's Weblog nicky veitch's Weblog

All
Filebench
General
Solaris

« Previous month (Jun 2006) | Main | Next month (Aug 2006) »

Tuesday Aug 29, 2006

T2000 link aggregation patch released

dladm is used for creating link aggregations on Solaris 10. This can be used on any nemo based driver. Unfortunatley on your T2000 unless you are running update 2 with the latest patch bundle you are stuck using ipge. The latest e1000g driver is included in KU 118833-20 or higher. Patch 123334 will take care of the transition for you.

Posted at 05:00PM Aug 29, 2006 by nickyv in Solaris | Permalink

Tuesday Aug 08, 2006

Generating a ssl cert and enabling kssl on a T2000

This is a walk through on how you might want to generate your own ssl certs and and use those with a webserver with kssl on Solaris 10. Start by setting up your own certificates


oaf207# cd /opt/SUNWwbsvr/CA
oaf207# openssl
oaf207# mkdir certs crl newcerts private
oaf207# echo "01" > serial
oaf207# cp /dev/null index.txt
oaf207# cp /etc/sfw/openssl/openssl.cnf .
oaf207# vi openssl.cnf

and change 
dir             = /etc/sfw/openssl      # Where everything is kept
dir             = /opt/SUNWwbsvr/CA
oaf207# openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 \
> -config openssl.cnf

Generating a 1024 bit RSA private key
....++++++
...++++++
writing new private key to 'private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
------
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:ie
State or Province Name (full name) [Some-State]:dublin
Locality Name (eg, city) []:clontarf
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:sun
Organizational Unit Name (eg, section) []:perf
Common Name (eg, YOUR name) []:testuser
Email Address []:configure_ssl@sun.com

oaf207# openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 365 \
> -config openssl.cnf

Generating a 1024 bit RSA private key
....++++++
..................++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:ie
State or Province Name (full name) [Some-State]:dublin
Locality Name (eg, city) []:clontarf
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:sun
Organizational Unit Name (eg, section) []:perf
Common Name (eg, YOUR name) []:testuser
Email Address []:configure_ssl@sun.com

oaf207#  openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem

Getting request Private Key
Generating certificate request

oaf207# openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem \
> -infiles tmp.pem

Using configuration from openssl.cnf
6789:error:0E06D06C:configuration file routines:NCONF_get_string:no value:/on10/build-nd/G10U2B2/usr/src/common/openssl/crypto/conf/conf_lib.c:329:
group=CA_default name=unique_subject
Enter pass phrase for /opt/SUNWwbsvr/CA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Aug  4 15:08:50 2006 GMT
            Not After : Aug  4 15:08:50 2007 GMT
        Subject:
            countryName               = ie
            stateOrProvinceName       = dublin
            localityName              = clontarf
            organizationName          = sun
            organizationalUnitName    = perf
            commonName                = testuser
            emailAddress              = configure_ssl@sun.com
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                FC:8D:C6:7C:D5:92:13:45:0E:85:74:8F:E1:3C:C8:89:B2:29:89:17
            X509v3 Authority Key Identifier:
                keyid:6F:DF:38:7D:D1:E7:C6:B5:ED:8D:19:57:13:CC:C4:2F:C0:2E:64:C6
                DirName:/C=ie/ST=dublin/L=clontarf/O=sun/OU=perf/CN=testuser/emailAddress=configure_ssl
@sun.com
                serial:00

Certificate is to be certified until Aug  4 15:08:50 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

oaf207# ksslcfg create -f pem -i `pwd`/newreq.pem -x 8080 -p \ 
> /opt/SUNWwbsvr/alias/password 443

oaf207# svcs |grep kssl
online         12:17:41 svc:/network/ssl/proxy:kssl-INADDR_ANY-443
oaf207#

Posted at 01:44PM Aug 08, 2006 by nickyv in Solaris | Permalink

About This Weblog

Author: Nicky Veitch

« August 2006
Mon	Tue	Wed	Thu	Fri	Sat	Sun
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Today

Feeds

Search

News

CNN
NY Times