SSL in Apache with Intermediate Certificate

For configuration you need these files: domain.tld.key (your private key), domain.tld.crt (your public certificate) and intermediate.crt (intermediate certificate of your certificate authority).

The configuration is pretty easy. Just put these lines in your virtual server configuration:

...
SSLEngine On
SSLProtocol All
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /path/to/domain.tld.crt
SSLCertificateKeyFile /path/to/domain.tld.key
SSLCertificateChainFile /path/to/intermediate.crt
<Files ~ "\.(phtml|php?)$">
        SSLOptions +StdEnvVars
</Files>
<IfModule mod_setenvif.c>
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
</IfModule>
...

Now just restart apache daemon and you’re done 🙂

Tags:

SSL in Postfix with Intermediate Certificate

This article describes just how to install certificates with intermediate certificate in Postfix, it does not describe how to configure Postfix for SSL as that is pretty complex topic.

For configuration you need these files: domain.tld.key (your private key), domain.tld.crt (your public certificate) and intermediate.crt (intermediate certificate of your certificate authority).

The configuration is pretty easy (once you know the steps). First you need to create combined PEM file:

cat domain.tld.key domain.tld.crt intermediate.crt > domain.tld.pem

Next you need to change two variables in Postfix main.cf configuration file:

...
smtpd_tls_cert_file = /path/to/domain.tld.pem
smtpd_tls_key_file = /path/to/domain.tld.pem
...

Now just restart postfix daemon and you’re done 🙂

Tags:

Development Version of Netbeans in Gentoo

Today I just found some time to ask for Gentoo overlay to put there my latest ebuilds for development version of Netbeans, that is for nightly builds of Netbeans 7.0. You can find the overlay at http://git.overlays.gentoo.org/gitweb/?p=dev/fordfrog.git. If you do not know how to use Gentoo overlays, you can find needed information in Overlay guide.

It is safe to give Netbeans 7.0 development a try on Gentoo as Netbeans 7.0 installs in separate slot so you can have in your system both Netbeans 7.0 and 6.9.1 and even older versions. Up to that, though it is still development version, it is pretty stable and I use it myself for my work for several weeks (maybe even months, my poor memory) already.

You might also notice that I have split the single ebuild into several ebuilds, one ebuild for each Netbeans cluster plus one for Netbeans JavaDoc. I decided to do so for several reasons.

First, for me, it’s much easier to manage Netbeans ebuilds when I can rebuild just single cluster instead of whole Netbeans on each change in ebuilds etc. I can also emerge several clusters in parallel using emerge --jobs switch. That saves some time and does not load my laptop much anyway as javac does not utilize parallel compilation.

Second, for users adding/removing clusters to/from current installation does not require complete rebuild of Netbeans anymore but you emerge or unmerge just the cluster(s) that you want, so you save some time on this. Also, the same as above applies, you can emerge several clusters in parallel and save some time.

And third, there are some applications that are built on top of Netbeans Platform, like VisualVM, so these can easily reuse dev-java/netbeans-platform package without need to pull in whole Netbeans with its huge list of dependencies.

This set of ebuilds supports applying custom patches to the Netbeans sources as the previous ebuild does. You just have to set up NETBEANS70_PATCHES_DIR variable so that it points to directory where you have the patches that you want to apply. I have this line in /etc/make.conf:

...
NETBEANS70_PATCHES_DIR="/root/patches/netbeans70"
...

If you like to tweak Netbeans to your needs, you might also want to read my article on .

Tags: ,

SSL in Courier IMAP with Intermediate Certificate

For configuration you need these files: domain.tld.key (your private key), domain.tld.crt (your public certificate) and intermediate.crt (intermediate certificate of your certificate authority).

The configuration is pretty easy (once you know the steps). First you need to create combined PEM file:

cat domain.tld.key domain.tld.crt intermediate.crt > domain.tld.pem

Next you need to change TLS_CERTFILE variable in Courier IMAP pop3d-ssl and imapd-ssl configuration files:

...
TLS_CERTFILE=/path/to/domain.tld.pem
...

Now just restart courier-imapd-ssl and courier-pop3d-ssl daemons and you’re done 🙂

Tags: