June 10, 2021

Generate Free SSL Certificate using ZeroSSL

 Hi all,


Today I am going to explain the process of generating free SSL certificate using ZeroSSL


Pre-requisite

  1. We should have our own domain
  2. We should be able to add/update the DNS settings like A, CNAME, TXT records

Best free SSL providers

As per my research I found the best free SSL (90 days) certificate providers

  1. ZeroSSL
  2. Let's Encrypt

In this blog, i'll explain ZeroSSL process

ZeroSSL Free SSL Certificate

  1. Navigate to https://zerossl.com/
  2. Signup with your email by clicking on "FreeSSL"
  3. After email verification, login to zerossl site
  4. Click on "New Certificate"
  5. Enter your domain name and click on "Next Step"
  6. Default validity is 90 days for free SSL
  7. In the CSR section we have couple of options
  8. Default is Auto-Generate CSR enabled
  9. Disable Auto-Generate CSR - only your zerossl registered email address with default values
  10. Enable Paste Existing CSR - If you have already created a CSR then you can use this option
  11. Finalize your order


Note

ZeroSSL will generate the certificate using signature algorithm SHA-384

In some cases, if SHA-384 based SSL is not valid then we have to mandatory go for alternate "Let's Encrypt". I will explain Let's Encrypt in my next blog.

For every 90 days, we need to renew our certificate in the above mentioned manner.

Download Certificate

  1. Navigate to Certificates section
  2. Go to Issued tab
  3. Click on "Install"
  4. You can select the Default Format dropdown to select specified server or just leave it default.
  5. Download the certificate zip file which will contain 
    1. ca_bunder.crt - CA Bundle
    2. certificate.crt - Certificate
    3. private.key - Private Key


Hope, you will be able to make use of this free SSL feature and encrypt your domain traffic.

Please let me know your feedback and suggestions in comments or mail to psrdotcom@gmail.com

March 03, 2021

Reverse Proxy with IIS ARR (Application Request Routing) and URL Rewrite features

 Dear folks,

Today I am going to explain how we can use the IIS as reverse proxy to secure, redirect the internal application servers.


IIS ARR 3.0 does provide load balancing, cache, forward and reverse proxy features.

This blog will cover the usage of reverse proxy.

Agenda

Secure/Hide the internal servers from public internet requests

Environment Setup

  • DMZ server with IIS ARR and URL Rewrite
  • Internal servers which are accessible to DMZ

Pre-requisites

  1. Make sure the IIS is installed on the server
  2. ARR (Application Request Routing)
  3. URL Rewrite

Procedure

  • Install the pre-requisites
  • Create InBound and OutBound rules to configure as reverse-proxy
  • Edit/Create the web.config based on your requirement
  • Public facing IP - 123.10.1.12
  • Internal IP - 10.1.1.192

Use case 1

  • Redirect URLs with 80 port to internal application server on 8001

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.webServer>

    <rewrite>

        <rules>

            <rule name="ReverseProxyInboundRule1" stopProcessing="true">

              <match url="(.*)" />

                        <conditions logicalGrouping="MatchAll">

                           <add input="{CACHE_URL}" pattern="^(https?)://" />

                        </conditions> 

      <action type="Redirect" url="{C:1}://10.1.1.192/{R:1}" />

            </rule>

     </rules>

              <outboundRules>

                <rule name="ReverseProxyOutboundRule" preCondition="IsHTML">

                    <match filterByTags="A, Form, Img" pattern="^http(s)?://10.1.1.192/(.*)" />

                   <action type="Rewrite" value="http{R:1}://123.10.1.12/{R:2}" />

                </rule>

               <preConditions>

                 <preCondition name="IsHTML">

                    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />

               </preCondition>

              </preConditions>

            </outboundRules>

           </rewrite>

          </system.webServer>

        </configuration>

Use case 2

  • Redirect URLs with 9001 port to internal application server on 8081 with JSON response

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.webServer>

    <rewrite>

        <rules>

            <rule name="ReverseProxyInboundRule_Port_JSON" stopProcessing="true">

              <match url="(.*)" />

      <conditions logicalGrouping="MatchAll">

                <add input="{CACHE_URL}" pattern="^(https?)://" />

              <add input="{SERVER_PORT}" pattern="9001" />

              </conditions>

              <action type="Redirect" url="http://10.1.1.192:8081/{R:1}" />

            </rule>

    </rules>

              <outboundRules>

                <rule name="ReverseProxyOutboundRule_Port_JSON" preCondition="IsJSON">

                    <match filterByTags="A, Form, Img" pattern="^http(s)?://10.1.1.192:8081/(.*)" />

                   <action type="Rewrite" value="http{R:1}://123.10.1.12:9001/{R:2}" />

                </rule>

               <preConditions>

                 <preCondition name="IsJSON">

                    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^(text|application/json|application/plaintext" />

               </preCondition>

              </preConditions>

            </outboundRules> 

             </rewrite>

          </system.webServer>

        </configuration>

One can make use of the conditions and redirect accordingly

url

use the regular expression to identify the part of the URL to process further

conditions

 Use conditions with attributes to distinguish the URL

action

redirect, rewrite, abort with specific URL with arguments


Hope this helps organization to configure and secure the servers

Request you to send your valuable feedback and comments to psrdotcom@gmail.com


January 27, 2021

Windows Batch File - Embed Image (Base64 Encoded) in HTML Code

 Hi folks,

Today I am going to explain how we can add an image to the HTML code in without copying the images in relative path folder.

Procedure

  • Prefix file contents.
    • <img src="data:image/png;base64,
  •  Batch file contents.
  • Suffix file contents.
    • " alt="PSR" />
  • Download the batch file.
  • Open command prompt in Windows.
  • Navigate to the batch file contained folder.
  • Execute the batch file image file name as parameter.
    • > Image2Base64ImgTag.bat PSRImage.jpeg
  • You should see a file "imageTag.html".
  • Open the file to see image in a browser.
  • Open the file with notepad to see the image converted to base64 with proper HTML Image tag.


Hope this helps you to reduce lot of efforts in maintaining the image files/folders.

Send your feedback and comments to psrdotcom@gmail.com

December 07, 2020

C# get windows user app data folder path

 Hi folks,

Today I will explain to get the folder path of the windows user specific app data for storing any program (app) based information in C# (.NET Framework, .NET CORE, .NET 5)


Source

using System;

using System.IO;

namespace NETFrameworkConsoleApp1

{

    class Program

    {

        static void Main(string[] args)

        {

            string dir = Path.Combine(

                Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),

                "FolderName"

            );

            Console.WriteLine("User Appdata Path: \n " + dir);

            Console.ReadLine();

        }

    }

}


Hope this helps you to customize your requirement.

References

https://docs.microsoft.com/en-us/dotnet/api/system.environment?view=net-5.0

Please share your comments and feedback to psrdotcom@gmail.com


C++ get windows user app data folder path

 Hi folks,

Today we will see how we can get the folder path of the windows user specific app data for storing any program (app) based information.


Source

#include <iostream>

#include <tchar.h>

#include <shlwapi.h>

#pragma comment(lib,"shlwapi.lib")

#include "shlobj.h"

using namespace std;

int main()

{  

    TCHAR szPath[MAX_PATH];

    // Get path for each computer, non-user specific and non-roaming data.

    if (SUCCEEDED(SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, 0, szPath)))

    {

        // Append product-specific path

        PathAppend(szPath, _T("\\App Folder Path\\"));

        wcout << "User AppData Roaming Folder Path: \n" << szPath << endl << endl;

    }

    

    // Get path for each computer, non-user specific and non-roaming data.

    if (SUCCEEDED(SHGetFolderPath(NULL, CSIDL_PROGRAM_FILES, NULL, 0, szPath)))

    {

        wcout << "System Program Files Folder Path: \n" << szPath << endl << endl;

    }

    cout << "==end==";

}


Hope this helps you to customize your requirement.

References

https://docs.microsoft.com/en-us/windows/win32/shell/csidl

Please share your comments and feedback to psrdotcom@gmail.com


November 10, 2020

Run or deploy Go (Golang) project code in IIS as web server

 Hi folks,

Today we are going to see, how we can run or deploy the Go (Golang) project in IIS.

Development

  1. Create your Golang project with web APIs
  2. Build the Go project
  3. Go build
  4. Result will be an .exe file
  5. Create a web.config file
  6. Update the following content

<?xml version="1.0" encoding="utf-8"?>

<configuration>

    <system.webServer>

        <handlers>

            <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />

        </handlers>

        <aspNetCore processPath=".\<<GoProject>>.exe" />

    </system.webServer>

</configuration>

Deployment 

  1. Place the <<GoProject.exe>> and web.config in IIS server accessible folder.
  2. Open IIS
  3. Create a new website
  4. Enter the web app details with port different from the project internal port
  5. Create or choose pool with .NET CLR version as "No managed code"
  6. The configured website looks like below
  7. After starting the website, user should be able to access the APIs
Hope, this information helps you to deploy the GOlang project in IIS.

 Request you send your feedback and comments to psrdotcom@gmail.com


October 31, 2020

Generate or Create ECDSA - Elliptic Curve Digital Signature Algorithm Keys using OpenSSL in Windows

 Hi folks,

Today we will see how we can create ECDSA (Elliptic Curve Digital Signature Algorithm) Keys


Pre-requisites

OpenSSL

Add openssl bin directory to the environment PATH variable 


Generate Keys

Open Powershell and execute the following commands

1. Get the ECC curves list

openssl ecparam -list_curves
2. Generate a private key using your chosen curve
openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
3. Generate public key from the private key
openssl ec -in private-key.pem -pubout -out public-key.pem

4. Create a self-signed certificate with 1 year validity
openssl req -new -x509 -config "<opensslDirPath>/share/openssl.cnf" -key private-key.pem -out cert.pem -days 360

5. Convert pem to pfx
get-content private-key.pem, cert.pem | out-file cert-with-private-key
openssl pkcs12 -export -inkey private-key.pem -in cert-with-private-key -out cert.pfx

 Note: Enter the password when prompted (Optional)

Now, you can install the PFX file and check the certificate properties and make use of it.

Send your valuable feedback and comments to psrdotcom@gmail.com


Featured Post

Java Introdcution

Please send your review and feedback to psrdotcom@gmail.com