Jud Dagnall Photography Blog

Photography, technology and occasional rants!

one-step self-signed SSL certificate

Posted on May 31st, 2005 in , by jud || No Comment

Create self-signed certificates is useful when managing apache and dovecot imap servers. I have always found it to be a pain to create the certificates. Here’s simple instructions for creating one.


In a nutshell,

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout www.example.com.pem -out www.example.com.pem

You can then use the file above in apache with the following two lines

SSLEngine On
SSLCertificateFile www.example.com.pem

In my case, I created a separate cert and private key:

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout private/www.example.com.pem -out cert/www.example.com.pem

and installed them so that dovecot (and thunderbird) would use them. I added the year in the cert UO field.

Fedora Core 3 and MySQL4.1

Posted on February 9th, 2005 in , by jud || No Comment

I wanted to install MySQL4.1 on my laptop runninng Fedora Core 3. Unfortunately, only the 3.23 versions are currently available through Fedora, evidently because of some license issues. However, there are some
good instructions for setting up MySQL4.1 under fedora here.

Everything seemed to work as specified with the following exceptions:

1. I installed the latest (4.1.9) version of MySQL. This hasn’t caused any problems.

2. I couldn’t find the version of MySQL 3.23.58-9 that they mentioned when created the
new MySQL-shared-compat rpm. Instead, I simply copied
the latest version from my yum cache, which was mysql-3.23.58-14.rpm, and modified the “define release3” line so that it was 14 instead of 9. Then the rpmbuild command worked fine. Still haven’t
tested it with php, etc… but I’ll get to that. Here’s the diff of my MySQL-shared-compat.spec file:

- %define release3 9
+ %define release3 14

redirecting sudo output

Posted on January 25th, 2005 in , by jud || No Comment

Sometimes I need to use the linux sudo command to run another command as another user, but also write the output of that command as another user. I always forget the proper syntax for this sort of thing, since simple quoting and escaping don’t work. Ryan pointed out a straightforward way to accomplish it.

For example, if I wanted to run a command as *apache* when running as user *me*,

(me@home) $ sudo -u apache command 

However, trying to redirect the output of the command will cause the output to be written as user *me*, not *apache*, causing
an error when writing to a directory or file not writable by *me*.

(me@home) $ sudo -u apache command > /home/apache/out
bash: /home/apache/out: Permission denied

Ryan’s solution is as follows: use sudo to call an shell with the quoted command as a parameter:

(me@home) $ sudo -u apache /bin/bash -c "command > /home/apache/out"

Network faster than your harddrive?

Posted on July 8th, 2004 in by jud || No Comment

An interesting entry from Shane Hathaway’s blog about testing your harddrivespeed under linux

Shane Hathaway of Zope fame writes in his blog about testing our harddrive speed, and how a gigabit ethernet connection might be faster than your HD. Test it under linux as root:

  # hdparm -t /dev/hda