October 07, 2021

Convert PEM to PFX/PKCS12(.p12) using OpenSSL

 Hi folks,

To keep it simple with a single command to convert the .PEM format file to .p12/.pfx we can use the below information.

$ openssl pkcs12 -export -in domain.pem -out domain.p12



It will ask you to enter the export password (twice for confirmation).

It's up to you to choose to enter the password or keep it empty (just press enter) based on the use case what you have.


Hope this helps you to convert the certificate format and use in your application or server.


Request to send your comments and feedback to psrdotcom@gmail.com

June 10, 2021

Generate Free SSL Certificate using ZeroSSL

 Hi all,


Today I am going to explain the process of generating free SSL certificate using ZeroSSL


Pre-requisite

  1. We should have our own domain
  2. We should be able to add/update the DNS settings like A, CNAME, TXT records

Best free SSL providers

As per my research I found the best free SSL (90 days) certificate providers

  1. ZeroSSL
  2. Let's Encrypt

In this blog, i'll explain ZeroSSL process

ZeroSSL Free SSL Certificate

  1. Navigate to https://zerossl.com/
  2. Signup with your email by clicking on "FreeSSL"
  3. After email verification, login to zerossl site
  4. Click on "New Certificate"
  5. Enter your domain name and click on "Next Step"
  6. Default validity is 90 days for free SSL
  7. In the CSR section we have couple of options
  8. Default is Auto-Generate CSR enabled
  9. Disable Auto-Generate CSR - only your zerossl registered email address with default values
  10. Enable Paste Existing CSR - If you have already created a CSR then you can use this option
  11. Finalize your order


Note

ZeroSSL will generate the certificate using signature algorithm SHA-384

In some cases, if SHA-384 based SSL is not valid then we have to mandatory go for alternate "Let's Encrypt". I will explain Let's Encrypt in my next blog.

For every 90 days, we need to renew our certificate in the above mentioned manner.

Download Certificate

  1. Navigate to Certificates section
  2. Go to Issued tab
  3. Click on "Install"
  4. You can select the Default Format dropdown to select specified server or just leave it default.
  5. Download the certificate zip file which will contain 
    1. ca_bunder.crt - CA Bundle
    2. certificate.crt - Certificate
    3. private.key - Private Key


Hope, you will be able to make use of this free SSL feature and encrypt your domain traffic.

Please let me know your feedback and suggestions in comments or mail to psrdotcom@gmail.com

March 03, 2021

Reverse Proxy with IIS ARR (Application Request Routing) and URL Rewrite features

 Dear folks,

Today I am going to explain how we can use the IIS as reverse proxy to secure, redirect the internal application servers.


IIS ARR 3.0 does provide load balancing, cache, forward and reverse proxy features.

This blog will cover the usage of reverse proxy.

Agenda

Secure/Hide the internal servers from public internet requests

Environment Setup

  • DMZ server with IIS ARR and URL Rewrite
  • Internal servers which are accessible to DMZ

Pre-requisites

  1. Make sure the IIS is installed on the server
  2. ARR (Application Request Routing)
  3. URL Rewrite

Procedure

  • Install the pre-requisites
  • Create InBound and OutBound rules to configure as reverse-proxy
  • Edit/Create the web.config based on your requirement
  • Public facing IP - 123.10.1.12
  • Internal IP - 10.1.1.192

Use case 1

  • Redirect URLs with 80 port to internal application server on 8001

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.webServer>

    <rewrite>

        <rules>

            <rule name="ReverseProxyInboundRule1" stopProcessing="true">

              <match url="(.*)" />

                        <conditions logicalGrouping="MatchAll">

                           <add input="{CACHE_URL}" pattern="^(https?)://" />

                        </conditions> 

      <action type="Redirect" url="{C:1}://10.1.1.192/{R:1}" />

            </rule>

     </rules>

              <outboundRules>

                <rule name="ReverseProxyOutboundRule" preCondition="IsHTML">

                    <match filterByTags="A, Form, Img" pattern="^http(s)?://10.1.1.192/(.*)" />

                   <action type="Rewrite" value="http{R:1}://123.10.1.12/{R:2}" />

                </rule>

               <preConditions>

                 <preCondition name="IsHTML">

                    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />

               </preCondition>

              </preConditions>

            </outboundRules>

           </rewrite>

          </system.webServer>

        </configuration>

Use case 2

  • Redirect URLs with 9001 port to internal application server on 8081 with JSON response

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.webServer>

    <rewrite>

        <rules>

            <rule name="ReverseProxyInboundRule_Port_JSON" stopProcessing="true">

              <match url="(.*)" />

      <conditions logicalGrouping="MatchAll">

                <add input="{CACHE_URL}" pattern="^(https?)://" />

              <add input="{SERVER_PORT}" pattern="9001" />

              </conditions>

              <action type="Redirect" url="http://10.1.1.192:8081/{R:1}" />

            </rule>

    </rules>

              <outboundRules>

                <rule name="ReverseProxyOutboundRule_Port_JSON" preCondition="IsJSON">

                    <match filterByTags="A, Form, Img" pattern="^http(s)?://10.1.1.192:8081/(.*)" />

                   <action type="Rewrite" value="http{R:1}://123.10.1.12:9001/{R:2}" />

                </rule>

               <preConditions>

                 <preCondition name="IsJSON">

                    <add input="{RESPONSE_CONTENT_TYPE}" pattern="^(text|application/json|application/plaintext" />

               </preCondition>

              </preConditions>

            </outboundRules> 

             </rewrite>

          </system.webServer>

        </configuration>

One can make use of the conditions and redirect accordingly

url

use the regular expression to identify the part of the URL to process further

conditions

 Use conditions with attributes to distinguish the URL

action

redirect, rewrite, abort with specific URL with arguments


Hope this helps organization to configure and secure the servers

Request you to send your valuable feedback and comments to psrdotcom@gmail.com


January 27, 2021

Windows Batch File - Embed Image (Base64 Encoded) in HTML Code

 Hi folks,

Today I am going to explain how we can add an image to the HTML code in without copying the images in relative path folder.

Procedure

  • Prefix file contents.
    • <img src="data:image/png;base64,
  •  Batch file contents.
  • Suffix file contents.
    • " alt="PSR" />
  • Download the batch file.
  • Open command prompt in Windows.
  • Navigate to the batch file contained folder.
  • Execute the batch file image file name as parameter.
    • > Image2Base64ImgTag.bat PSRImage.jpeg
  • You should see a file "imageTag.html".
  • Open the file to see image in a browser.
  • Open the file with notepad to see the image converted to base64 with proper HTML Image tag.


Hope this helps you to reduce lot of efforts in maintaining the image files/folders.

Send your feedback and comments to psrdotcom@gmail.com

Featured Post

Java Introdcution

Please send your review and feedback to psrdotcom@gmail.com