“Tun Dr Mahathir Mohamad has expressed regret at the use of a video clip that purportedly showed he admitted that he had framed Datuk Seri Anwar Ibrahim.
Dr Mahathir said those who attended the talk understood the context of his speech but the Opposition took one part and distorted it.”
Source thestar
Seriously, I don’t know how true this is. Judge it yourself.
Wednesday, March 5th, 2008
Here’s the note with easy steps to get pound running with SSL signed by CA.
Generating Certificate Signing Request
# cd /etc/ssl
# openssl req -new -nodes -subj '/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/CN=myshinny.webserver.com/O=My office./OU=IT department.' -key host.key -out host.csr
After generating certificate signing request, you need to copy and paste the contain of host.csr to Verisign for signing. Once you have got your certificate signed, save it as host.crt. Note: the naming convention here is for the demonstration below.
Obtaining Verisign intermediate CA certificate
Depending on which type of certificate that you have purchased, you could obtain Verisign CA certificate from this page. Copy the certificate content and save it as verisign.pem.
Now you have 4 files: host.key, host.csr, host.crt and verisign.pem. Only 3 of them are needed for pound ssl. Prepare the certificate to use with pound. Note: In server.pem that will be created, it is important that you follow the sequence as such.
1 Your key
2 Your certificate
3 CA certificate
# cat host.key host.crt verisign.pem > server.pem
Example pound configuration, pound.cfg:-
---snip---
ListenHTTPS
Address x.x.x.x
Port 443
HeadRemove "X-SSL-.*"
HeadRemove "X-Client-Verify.*"
Cert "/etc/ssl/server.pem"
CAlist "/etc/ssl/verisign.pem"
Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
---snip---
End
Replace x.x.x.x with your server IP address. Restart pound and you are done!
Wednesday, March 5th, 2008
© Copyleft 2008 bsd.b3ta.org | Original theme by AGNWS