Recently I had a need to have a SSL certificate which should be used in multiple domains. When I search on that I found that it can be done using Unified Communications Certificates (UUC) :
This is how I generated a multidomain certificate request :
1. Open openssl.cnf
2. Make sure following line are there in that file :
[req]
req_extensions = v3_req
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.com
DNS.2 = hello.example.com
DNS.3 = testing.com
You should add your domains as given in under [alt_names]
3. Create a private key
4. generate your certificate requests by providing required information
Thats all! you are done!!!
Reference : http://playnice.ly/blog/2011/01/03/multi-domain-ucc-ssl-certificates-on-nginx-with-1-ip-address/
You can make sure by
openssl req -text -noout -in ssl.csr
Under the alternative section you can find your all the domains listed.
Thursday, June 30, 2011
Wednesday, June 8, 2011
Want to visit IPv6 Only sites?
Internet Society announced IPv6 day on 8th June - http://www.worldipv6day.org/
As given in that website many gaints including Google, Yahoo, Facebook all are taking part in this IPv6 day.
In Sri Lanka also there are two IPv6 events (AFAIK) are happening.
1. www.isoc.lk
2.www.ipv6day.lk
What is the actual status in Sri Lanka?...
AFAIK,
None of the ISPs are providing IPv6 address for their end users. Still the ISPs are setting up their core and the servers with IPv6. www.isoc.lk shows some stats about present IPv6 allocations and their IPv6 web sites. Therefore the Internet Infrastructure in Sri Lanka (Except few Universities) is not ready for IPv6 (AFAIK)
.LK is already IPv6 ready. It has been assigning IPv6 address (AAAA records) to domain names.
How we can see the IPv6 only websites? like ipv6.google.com
There are several ways you can see the IPv6 only sites...
In Windows OS (7, Vista, XP with SP)
If you have a public IPv4 address, then when connect to Internet you will automatically get an IPv6 address via Microsoft's terado tunneling. Therefore you should be able to access IPv6 only sites without any issues. For example, if you connect via ADSL, then since you normally get a public IP, you can visit IPv6 only sites
In Linux
Since you do not have any tunnel which is automatically implemented you should establish a tunnel your self. Then you will get an IPv6 address. Thereafter you can visit IPv6 only sites. However you should have a publically reachable IPv4 address inorder to make the tunneling. I read that Teredo tunneling works even over NAT, I could not find a free Teredo tunneling broker.
- There are several tunnel brokers out there who provide free IP6to4 tunneling. I have tried with Hurricane (http://goodsarves.blogspot.com/2011/06/ipv6-over-ipv4-tunneling-ipv6to4.html) on Linux. It was working fine.
***If you are accessing Internet using broadband modem like HSPA you can not access the IPv6 sites. Because normally you get a NATed private IP address. Therefore you can not make tunnels.
***That is why even Google and Facebook have assigned both A and AAAA records for www.google.com and www.facebook.com. If they assigned only IPv6 address only 1 Million users of facebook can access out of 500 million users.
As given in that website many gaints including Google, Yahoo, Facebook all are taking part in this IPv6 day.
In Sri Lanka also there are two IPv6 events (AFAIK) are happening.
1. www.isoc.lk
2.www.ipv6day.lk
What is the actual status in Sri Lanka?...
AFAIK,
None of the ISPs are providing IPv6 address for their end users. Still the ISPs are setting up their core and the servers with IPv6. www.isoc.lk shows some stats about present IPv6 allocations and their IPv6 web sites. Therefore the Internet Infrastructure in Sri Lanka (Except few Universities) is not ready for IPv6 (AFAIK)
.LK is already IPv6 ready. It has been assigning IPv6 address (AAAA records) to domain names.
How we can see the IPv6 only websites? like ipv6.google.com
There are several ways you can see the IPv6 only sites...
In Windows OS (7, Vista, XP with SP)
If you have a public IPv4 address, then when connect to Internet you will automatically get an IPv6 address via Microsoft's terado tunneling. Therefore you should be able to access IPv6 only sites without any issues. For example, if you connect via ADSL, then since you normally get a public IP, you can visit IPv6 only sites
In Linux
Since you do not have any tunnel which is automatically implemented you should establish a tunnel your self. Then you will get an IPv6 address. Thereafter you can visit IPv6 only sites. However you should have a publically reachable IPv4 address inorder to make the tunneling. I read that Teredo tunneling works even over NAT, I could not find a free Teredo tunneling broker.
- There are several tunnel brokers out there who provide free IP6to4 tunneling. I have tried with Hurricane (http://goodsarves.blogspot.com/2011/06/ipv6-over-ipv4-tunneling-ipv6to4.html) on Linux. It was working fine.
***If you are accessing Internet using broadband modem like HSPA you can not access the IPv6 sites. Because normally you get a NATed private IP address. Therefore you can not make tunnels.
***That is why even Google and Facebook have assigned both A and AAAA records for www.google.com and www.facebook.com. If they assigned only IPv6 address only 1 Million users of facebook can access out of 500 million users.
Thursday, June 2, 2011
IPv6 over IPv4 tunneling - IPv6to4
All were talking about IPv6 day and all the gaints were participating in IPv6 Day. Therefore I also want to feel the IPv6.
I created a tunnel with Hurricane and got an IPv6 address. However inorder to get this working we need to establish a tunnel to one of the Hurricane's Server.
My OS is Fedora 10 and I did following steps to enable IPv6 and IPv6to4 Tunnelling in my PC.
(If you also want to do, just execute following 4 lines in your Terminal as super user.
echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network
echo "IPV6_DEFAULTDEV=tun6to4">> /etc/sysconfig/network
echo "IPV6INIT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "IPV6TO4INIT=yes">> /etc/sysconfig/network-scripts/ifcfg-eth0
In addition to that I created following script :
/etc/sysconfig/network-scripts/ifcfg-sit1
and added following content,
OOTPROTO="none"
DEVICE="sit1"
IPV6INIT=yes
IPV6TUNNELIPV4=xx.xx.xx.xx
IPV6TUNNELIPV4LOCAL=yy.yy.yy.yy
IPV6ADDR="2001:xxx:x:xxx::x/64"
ONBOOT=yes
After this the tunnel was established and everything was working fine.
References :
http://fedoraproject.org/wiki/IPv6Guide
http://unix.stackexchange.com/questions/7720/how-do-i-set-up-an-ipv6-tunnel-in-fedora
I created a tunnel with Hurricane and got an IPv6 address. However inorder to get this working we need to establish a tunnel to one of the Hurricane's Server.
My OS is Fedora 10 and I did following steps to enable IPv6 and IPv6to4 Tunnelling in my PC.
(If you also want to do, just execute following 4 lines in your Terminal as super user.
echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network
echo "IPV6_DEFAULTDEV=tun6to4">> /etc/sysconfig/network
echo "IPV6INIT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "IPV6TO4INIT=yes">> /etc/sysconfig/network-scripts/ifcfg-eth0
In addition to that I created following script :
/etc/sysconfig/network-scripts/ifcfg-sit1
and added following content,
OOTPROTO="none"
DEVICE="sit1"
IPV6INIT=yes
IPV6TUNNELIPV4=xx.xx.xx.xx
IPV6TUNNELIPV4LOCAL=yy.yy.yy.yy
IPV6ADDR="2001:xxx:x:xxx::x/64"
ONBOOT=yes
After this the tunnel was established and everything was working fine.
References :
http://fedoraproject.org/wiki/IPv6Guide
http://unix.stackexchange.com/questions/7720/how-do-i-set-up-an-ipv6-tunnel-in-fedora
Subscribe to:
Posts (Atom)