Thursday, June 30, 2011

Generate a SSL certificate request for Multidomains

Recently I had a need to have a SSL certificate which should be used in multiple domains. When I search on that I found that it can be done using Unified Communications Certificates (UUC) :

This is how I generated a multidomain certificate request :

1. Open openssl.cnf
2. Make sure following line are there in that file :

req_extensions = v3_req

subjectAltName = @alt_names

DNS.1 =
DNS.2 =
DNS.3 =

You should add your domains as given in under [alt_names]

3. Create a private key

4. generate your certificate requests by providing required information

Thats all! you are done!!!

Reference :

You can make sure by
openssl req -text -noout -in ssl.csr

Under the alternative section you can find your all the domains listed.

Wednesday, June 8, 2011

Want to visit IPv6 Only sites?

Internet Society announced IPv6 day on 8th June -
As given in that website many gaints including Google, Yahoo, Facebook all are taking part in this IPv6 day.

In Sri Lanka also there are two IPv6 events (AFAIK) are happening.

What is the actual status in Sri Lanka?...


None of the ISPs are providing IPv6 address for their end users. Still the ISPs are setting up their core and the servers with IPv6. shows some stats about present IPv6 allocations and their IPv6 web sites. Therefore the Internet Infrastructure in Sri Lanka (Except few Universities) is not ready for IPv6 (AFAIK)

.LK is already IPv6 ready. It has been assigning IPv6 address (AAAA records) to domain names.

How we can see the IPv6 only websites? like

There are several ways you can see the IPv6 only sites...

In Windows OS (7, Vista, XP with SP)

If you have a public IPv4 address, then when connect to Internet you will automatically get an IPv6 address via Microsoft's terado tunneling. Therefore you should be able to access IPv6 only sites without any issues. For example, if you connect via ADSL, then since you normally get a public IP, you can visit IPv6 only sites

In Linux

Since you do not have any tunnel which is automatically implemented you should establish a tunnel your self. Then you will get an IPv6 address. Thereafter you can visit IPv6 only sites. However you should have a publically reachable IPv4 address inorder to make the tunneling. I read that Teredo tunneling works even over NAT, I could not find a free Teredo tunneling broker.
- There are several tunnel brokers out there who provide free IP6to4 tunneling. I have tried with Hurricane ( on Linux. It was working fine.

***If you are accessing Internet using broadband modem like HSPA you can not access the IPv6 sites. Because normally you get a NATed private IP address. Therefore you can not make tunnels.

***That is why even Google and Facebook have assigned both A and AAAA records for and If they assigned only IPv6 address only 1 Million users of facebook can access out of 500 million users.

Thursday, June 2, 2011

IPv6 over IPv4 tunneling - IPv6to4

All were talking about IPv6 day and all the gaints were participating in IPv6 Day. Therefore I also want to feel the IPv6.

I created a tunnel with Hurricane and got an IPv6 address. However inorder to get this working we need to establish a tunnel to one of the Hurricane's Server.
My OS is Fedora 10 and I did following steps to enable IPv6 and IPv6to4 Tunnelling in my PC.

(If you also want to do, just execute following 4 lines in your Terminal as super user.

echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network
echo "IPV6_DEFAULTDEV=tun6to4">> /etc/sysconfig/network
echo "IPV6INIT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo "IPV6TO4INIT=yes">> /etc/sysconfig/network-scripts/ifcfg-eth0

In addition to that I created following script :


and added following content,


After this the tunnel was established and everything was working fine.

References :