Background Going back to basics, there are two major parts of an operating system the kernel and the user space. The kernel is a special program executed directly. Support engineer Fernando Laudares details how to use mysqldmulti to run multiple instances of MySQL concurrently, and transparently, on the same server. News and feature lists of Linux and BSD distributions. Certificate Installation with Open. SSL Other Peoples Certificates. HG615O.png' alt='Gentoo Install Unknown Host' title='Gentoo Install Unknown Host' />Guides In This Section. Note In the case of self signed remote server certificates, you. This is where you want to install the certificate for just one server. CA that signed. the server certificate. Normally you wouldnt want to do this, as by. CA certificate you will be able to connect to other. CA without further. Probably the only time you would want to install only the certificate for. CA is where you only trust the server. CA. However, in this case Id suggest you start. If you do only want to add the server certificate and not the CA. As far as Open. SSL is concerned, there is. CAM00004.jpg' alt='Gentoo Install Unknown Host' title='Gentoo Install Unknown Host' />CA they both require a highest level. Thus, you just just treat the server certificate as if it were a self. This bit of the document isnt quite finished. As a quick hack, follow. CA Certificate Install Guide, but. Creating A Silica Awareness Program'>Creating A Silica Awareness Program. CA certificate being the same. Eventually, Ill do a seperate specific guide, honest. First off, youll need to know where your version of Open. SSL thinks. its certificates, keys etc are all stored. This will depend on what. Open. SSL youre using not much, but more importantly, where. Below are a few. common places. From now on, well refer to this directory as lt ssl base dir. AIX, Open. SSL 0. Symantec helps consumers and organizations secure and manage their informationdriven world. Our software and services protect against more risks at more points, more. If in the last report FFMPEG appears as detected, then you can ignore that. If FFMPEG appears as not supported, then you need to install it first. Open. SSH support packages varssl. Centos 3 4, Open. SSL 0. 9. 7 usrsharessl. Cygwin, Open. SSL 0. Debian Woody 3. 0, Open. SSL 0. 9. 6 etcssl. Debian Sarge 3. 1, Open. SSL 0. 9. 7 etcssl. Debian Etch 4. 0, Open. SSL 0. 9. 8 etcssl. Debian Lenny 5. 0, Open. SSL 0. 9. 8 etcssl. Debian Squeeze 6. Open. SSL 0. 9. 8o etcssl. Free. BSD, Open. SSL 0. Free. BSD, Open. SSL 0. Gentoo, Open. SSL 0. Gentoo, Open. SSL 0. Mac OS X 1. 0. 1. Open. SSL 0. 9. 6b SystemLibraryOpen. SSL. Mandrake 7. Open. SSL 0. 9. 6 usrlibssl. Net. BSD, Open. SSL 0. Nokia N9. 00 Maemo 5, Open. SSL 0. 9. 8n etcssl. Normal Open. SSL Tarball Build, Open. SSL 0. 9. 6 usrlocalssl. Open. BSD, Open. SSL 0. Redhat 6. 2 7. x 8. Open. SSL 0. 9. 6 usrsharessl. Redhat Enterprise 3 4, Open. SSL 0. 9. 7 usrsharessl. Redhat Enterprise 6, Open. SSL 1. 0. 0 etcpkitls. Redhat Fedora Core 2 3, Open. SSL 0. 9. 7 usrsharessl. Redhat Fedora Core 4, Open. SSL 0. 9. 7 etcpkitls. Redhat Fedora Core 5 6, Open. SSL 0. 9. 8 etcpkitls. Slackware, Open. SSL 0. Su. SE 7. 3 8. 0, Open. SSL 0. 9. 6 usrsharessl. Su. SE 8. 1 8. 2, Open. SSL 0. 9. 6 etcssl. Ubuntu Maverick 1. Open. SSL 0. 9. 8o etcssl. Ubuntu Precise 1. Open. SSL 1. 0. 1 etcssl. General built from source, Open. SSL 0. 9. x lt prefix ssl. Another way to check On most Open. SSL builds, if you run the command. Game Halo 3 Demo'>Game Halo 3 Demo. OPENSSLDIR usrlibssl directory is. On some systems eg Ubuntu, the path given from this will. Manual De Servicio Vx 150 more. Note if you run an alternate system to the above, let. I can add it to the list. In lt ssl base dir, you should find subdirectories of certs. If you dont find these two. You can try to find. Fistly, a quick word about the files used below. PEM formatted certificate of. PEM formatted certificate of a. CA normally the server you were. In the case of a self signed certificate, these two will be one and. Before you can begin, you need to get the certificate from your CA. Ideally, get it in PEM format, otherwise youll need to. Slight Aside You need to ensure theres only one CA certificate. CA. Normally there is, but ocassionally several. To list the number of certificates in a file. If you get an answer of more than one, then. The command to check the number of certificates in a file. BEGIN. CERTIFICATE wc l. Once the certificate is in PEM format and you know theres only one. First up, find the. CA from a trusted source and I cant stress. Now, calculate the fingerprint for the certificate. To find the. fingerprint, use. Assuming they match if they dont, youve either done something wrong. As root. and now would be an ideal time to check you need to be root only root. Copy your CA certificate to lt ssl base dir certs. Hash. Open. SSL looks for certificates using an 8 byte. Calculate it with. In order for Open. SSL to find the certificate, it needs to be looked up. Normally, you would create a symbolic link for a meaningful. CA to the hash value, rather than renaming the CA. Ideally, create a symbolic link or hard link if you must. The symbolic link must be for the hashed value above. Open. SSL wont detect it. Thus, I have for the current Oxford University CA. CA certificate. For the lazy amoungst you, you might opt for the following. Were now to test this installation. To do so, we really want a. CA. Failing this. CA certificate, but this wont always cause all the. Run. openssl verify CApath lt ssl base dir certs. If youve got it correct, you should see something like oxford herald. OKWhich tells you that your CA certificate is correctly installed. However, if you see something like oxford ca. CGBSTOxfordshireLOxfordOOxford UniversityOUComputing ServicesCNOxford University Computing Services CAEmailcacomputing services. Youve got something wrong. Go see the errors. In order to check that the certificate youve just been presented for. CRL certificate revocation list. These are published by. In most cases, youll need some sort of automated script to pull and. CRL of all CAs you trust, at some periodic. Once a week is usually good enough, unless it really matters to. CRL update frequency. YMMV, youll need to decide. In some cases, you can use an OCSP Online Certificate Status Protocol. Open. SSL to query the CA each time. Much. bigger overheads than keeping a static list, requires the CA to support. ASAP. Its up to you to decide if you need that or not. Apache CRLs. You should already have a CRL directory, normally apache conf. To configure apache to check the CRL lists, add the following. SSLCARevocation. Path crldirectoryeg SSLCARevocation. Path etchttpdconfssl. You then need, for every CRL list, to symlink it to something based on. The file will need to be called crlhash. You need to do this for every crl file in the directory. Open. SSL tools CRLs. You need to have a crl directory. Normally this will be. Everyone needs. to be able to read this directory and everything in it, but no one. CRL fetch process should be able to write to itYou need to symlink the CRL files to a special name based on their hash. CA certificates. This time the name is. Well, that is, unless your apache has a handy makefile to do it all for. Using Open. SSL OCSP. More coming soon, but for now, try. OCSP manual. Mac OSX 1. The tool for handling CA Certificates, server certificates etc on. OSX is called certtool. Firstly, make a copy of the system trusted keychain in your home. Do that with cp SystemLibraryKeychainsX5. Anchors LibraryKeychains. Now, install the PEM formatted certificate into your local trusted. X5. 09. Anchors. This should install the certificate. If you have problems, check the. Once the certificate is in your keychain, you need to make it system. You do this by copying as root using sudo your trusted. LibraryKeychainsX5. Anchors SystemLibraryKeychainsWith that done, restart Safari, Mail etc, and they should then pick up the. CA certificate. Mac OSX 1. Leopard onwards. It is no longer possible to import certificates into Leopard on the. Instead, you need to use the Keychain Access. For reasons unknown, you will need to have your CA Certificate in. PKCS1. 2 format, unlike everything else on the planet, which is happy. X5. 09 DER or PEM format. How to Install, Create and Manage LXC Linux Containers in RHELCent. OS 7. LXC, acronym for Linux Containers, is a lightweight Linux kernel based virtualization solution, which practically runs on top of the Operating System, allowing you to run multiple isolated distributions the same time. The difference between LXC and KVM virtualization is that LXC doesnt emulates hardware, but shares the same kernel namespace, similar to chroot applications. Install and Manage LXC Linux Container in Linux. This makes LXC a very fast virtualization solution compared to other virtualization solutions, such as KVM, XEN or VMware. This article will guide you on how you can install, deploy and run LXC containers on a Cent. OSRHEL and Fedora distributions. Requirements. A working Linux operating system with minimal installation Installation of Cent. OS 7 Linux. Installation of RHEL 7. Installation of Fedora 2. Server. Step 1 Installing LXC Virtualization in Linux. LXC virtualization is provided through Epel repositories. In order to use this repo, open a terminal and install Epel repositories in your system by issuing the following command yum install epel release. Before continuing with LXC installation process, assure that Perl language interpreter, and debootstrap packages are installed by issuing the below commands. Finally install LXC virtualization solution with the following command. After LXC service has been installed, verify if LXC and libvirt daemon is running. Sample Output. Check LXC Daemon Statusemail protected systemctl status lxc. LXC Container Initialization and Autoboot Code. Loaded loaded usrlibsystemdsystemlxc. Active inactive dead. LXC Container Initialization and Autoboot Code. Loaded loaded usrlibsystemdsystemlxc. Active active exited since Fri 2. EDT 1min 3. 7s ago. Process 2. 25. 0 Exec. Startusrlibexeclxclxc autostart helper start codeexited, status0SUCCESS. Process 2. 24. 4 Exec. Start. Preusrlibexeclxclxc devsetup codeexited, status0SUCCESS. Main PID 2. 25. 0 codeexited, status0SUCCESS. Apr 0. 1 0. 2 3. Starting LXC Container Initialization and Autoboot Code. Apr 0. 1 0. 2 3. Creating dev. Apr 0. 1 0. 2 3. Apr 0. Creating dev. lxcuser. Apr 0. 1 0. 2 3. Starting LXC autoboot containers OK. Apr 0. 1 0. 2 3. Started LXC Container Initialization and Autoboot Code. LXC kernel virtualization status by issuing the below command. Sample Output. Check LXC Kernel Virtualization Configurationemail protected lxc checkconfig. Kernel configuration not found at procconfig. Kernel configuration found at bootconfig 3. Namespaces. Namespaces enabled. Utsname namespace enabled. Ipc namespace enabled. Pid namespace enabled. User namespace enabled. Network namespace enabled. Multiple devpts instances enabled. Control groups. Cgroup enabled. Cgroup clonechildren flag enabled. Cgroup device enabled. Cgroup sched enabled. Cgroup cpu account enabled. Cgroup memory controller enabled. Cgroup cpuset enabled. Veth pair device enabled. Macvlan enabled. Bridges enabled. Advanced netfilter enabled. CONFIGNFNATIPV4 enabled. CONFIGNFNATIPV6 enabled. CONFIGIPNFTARGETMASQUERADE enabled. CONFIGIP6NFTARGETMASQUERADE enabled. CONFIGNETFILTERXTTARGETCHECKSUM enabled. CheckpointRestore. CONFIGFHANDLE enabled. CONFIGEVENTFD enabled. CONFIGEPOLL enabled. CONFIGUNIXDIAG enabled. CONFIGINETDIAG enabled. CONFIGPACKETDIAG enabled. CONFIGNETLINKDIAG enabled. File capabilities enabled. Note Before booting a new kernel, you can check its configuration. CONFIGpathtoconfig usrbinlxc checkconfig. Step 2 Create and Manage LXC Containers in Linux. To list available LXC templates containers already installed on your system issue the below command. List LXC Templates Containerstotal 3. K. drwxr xr x. 2 root root 4. K Apr 1 0. 2 3. 2. Apr 1 0. 2 3. 2. K Nov 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. K Nov 1. 5 1. 0 1. The process of creating a LXC container is very simple. The command syntax to create a new container is explained below. In the below excerpt well create a new container named mydeb based on a debian template that will be pulled off from LXC repositories. Creating LXC Containeremail protected lxc create n mydcb t debian. Checking cache download in varcachelxcdebianrootfs jessie amd. Downloading debian minimal. W Cannot check Release signature keyring file not available usrsharekeyringsdebian archive keyring. I Retrieving Release. I Retrieving Packages. I Validating Packages. I Resolving dependencies of required packages. I Resolving dependencies of base packages. After a series of base dependencies and packages that will be downloaded and installed in your system the container will be created. When the process finishes a message will display your default root account password. Change this password once you start and login to the container console in order to be safe. Falling back to the standard locale C. Failed to read proccmdline. Ignoring No such file or directory. Timezone in container is not configured. Adjust it manually. Root password is root, please change Generating locales this might take a while. IN. enIN. character map file enIN not found No such file or directory. IN 5. 5 LCMONETARY unknown character in field currencysymbol. Generation complete. Now, you can use lxc ls to list your containers and lxc info to obtain information about a runningstopped container. In order to start the newly created container in background will run as a daemon by specifying the d option issue the following command lxc start n mydeb d. After the container has been started you can list running containers using the lxc ls active command and get detailed information about the running container. In order to login to the container console issue the lxc console command against a running container name. Login with the user root and the password generated by default by lxc supervisor. Once logged in the container you can run several commands in order to verify the distribution by displaying the etcissue. Sample Output. Connect to LXC Containeremail protected lxc console n mydcb. Connected to tty 1. Type lt. Ctrla q to exit the console, lt Ctrla Ctrla to enter Ctrla itself. Debian GNULinux 8 mydcb tty. Last login Fri Apr 1 0. UTC 2. 01. 6 on console. Linux mydcb 3. 1. SMP Fri Mar 6 1. 1 3. UTC 2. 01. 5 x. 866. The programs included with the Debian GNULinux system are free software. Debian GNULinux comes with ABSOLUTELY NO WARRANTY, to the extent. Debian GNULinux 8. Link encap Ethernet HWaddr 0. Scope Link. UP BROADCAST RUNNING MULTICAST MTU 1. Metric 1. RX packets 1. TX packets 8 errors 0 dropped 0 overruns 0 carrier 0. RX bytes 5. 79. 6 5. Ki. B TX bytes 6. B. lo Link encap Local Loopback. Mask 2. 55. 0. 0. Scope Host. UP LOOPBACK RUNNING MTU 6. Metric 1. RX packets 0 errors 0 dropped 0 overruns 0 frame 0.