GoDaddy SSL Certificate with Nginx

Installing a SSL certificate from Go Daddy is a bit different then other providers.  With Go Daddy you must install a intermediate or chain certificate addition to your CA certificate. Nginx does not have a option, how Apache dose, for chain certificates. So to accomplish this, we look to the Nginx documentation:

If intermediate certificates should be specified in addition to a primary certificate, they should be specified in the same file in the following order: the primary certificate comes first, then the intermediate certificates.[ref]Nginx Module ngx_http_ssl_module[/ref]

What that means is this.  Download your CA from with your private certificate from Go Daddy.  Next download the gd_bundle.crt from https://certs.godaddy.com/anonymous/repository.seam.

After you have download the gd_bundle.crt file, copy it to the same directory on your Nginx server and run something similar to:

cat godaddy-ca.crt > godaddy-chain.crt && cat gd_bundle.crt >> godaddy-chain.crt

Now just add this new certificate to your nginx.conf per normal

ssl_certificate godaddy-chain.crt
Advertisements

Enable SSH Key Authorization on FreeNAS

FreeNAS is a powerful tools for archive data and other long-term storage requirements. Recently I have started backing up this and other off-site servers to one of my local FreeNAS boxes. Since these systems are only connected via the insecure internet (no VPN), I decided to transmit the backup files via SSH using SCP.  In order to do this without having to enter my password in for each and every backup (most of which happen while I’m hopeful sleeping), I needed to implement SSH Key Authorization on the receiving FreeNAS box.

To do this first I needed to create a DSA key pair on a different system.  On my Fedora 12 laptop I ran

ssh-keygen -t dsa

The trick here is to not create your new key pair in the default directory of “~/.ssh/” but in a temporary directory instead. So when it asks you.

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):

Enter a different file in witch to save the key in. Note this is asking for the name of a file, not the name of the directory, it will also create a .pub file, this is the public key for the above private key.

Now that you have a public/private key for the FreeNAS box, if you don’t already you need to create one for the user that you plan on sending the file from.  Just follow the above command, but this time, you may just hit enter all the way threw leaving all options as default.

Next, go to your FreeNAS web-page control panel, If you don’t already have one, you will need to create a user on your FreeNAS box for you to connect to.  You may do this via “Access -> User and Groups” from the black bar on the top of the page.

Now from the top (black) bar go to “Services -> SSH”

On your Services|SSH page, first make sure the service is enabled (top right hand corner). Once it is you will be able to change the below options.

  • TCP Port: The default (port 22) is fine in most cases, but note if you change it, you must use the new port for all connections.
  • Permit root login: My option is that the root account should never be allowed to log in via a remote process.  You should set your system up correctly where this is not needed.
  • Password authentication: For now this must be enabled (checked), once you have set “Key Authorization” up, you may disable this option.
  • TCP forwarding: Disabled (unchecked)
  • Compression: Enabled (checked)
  • Private Key: This will be were we put the private key created above.  All you need to do is copy and paste.
  • Extra options: Blank

After you have made your changes, “Save and Restart” the service.

On your local system, you need to copy the content of the local users public (~/.ssh/username.pub) key file to a new file named “authorized_keys” (Note: this is not the file we created for FreeNAS but the file we created for your local account).  This is the file that will need to be copied to your FreeNAS box.

Now that you have all the needed bits, we need to log into your FreeNAS server and create a “.ssh” directory to store the “authorized_keys” file.  To log in to the FreeNAS box interactively run a command similar too.

ssh freenasuser@freenasaddress

Or if you changed the “TCP Port” above, your command will look like this:

ssh -P freenasport freenasuser@freenasaddress

Once your logged in, you need to create the directory, by doing.

mkdir ~/.ssh

After you have successfully created your directory, you may exit out of your FreeNAS box for the next step.
Back on your local system you need to copy the “authorized_keys” file created before to the FreeNAS box. Using SCP you can do this by running a command like:

scp -P freenasport authorized_keys freenasuser@freenasaddress:~/.ssh/

This will copy the file to the FreeNAS box. Next, reconnect to the FreeNAS box as you did before and run.

cd ~/.ssh/
chmod 600 authorized_keys

Once your done, you should be able to connect to your FreeNAS box using the private key in the authorized_keys with out a password.

SSH with no password

When working with different Linux/Unix servers, or when working with a Secure GIT repo, life is much easier after you have setup an SSH public & private keys.  Setting up a public & private key is really pretty simple.

Start out by create a public & private key.

ssh-keygen -t dsa

You will now be prompted for a location and a few other options, the best anwser is the default, so just enter threw these.  You will also be asked to create a password, creating a password at this step will require you to enter the password every time you wish to use the key, so best bet is to just enter threw those questions also.  After you have created your new key, go into your “.ssh” folder (note the . before ssh) and copy your public key to remote servers.

cd .ssh

Next we want to rename the public key so we wont confuse it after sending it to the world.

cp id_dsa.pub matt_dsa.pub

Wonderful, now all we need to do is copy the public key to a remote server

scp matt_dsa.pub remote_server.example.com:~/.ssh

Note, the above example copies the public into the remote server’s .ssh folder, if the server dose not have a .ssh folder, you may need to create it.  After the public key has been copied, we need to put it into the “authorized_keys” file.

cat matt_dsa.pub >> authorized_keys

and that’s it, just exit out of your remote server, and try to connect again, it should not ask you for a password, but just now connect.  If you are using this your git account, just copy this key into the git’s users authorized_keys file.