For enabling push notification on pushd server, you need to get a file with 
We need to generate 2 pem files one called
To generate
 
 
And now generate the key pem file:
 
Restart the pushd and check for any error in
#pushd #openssl #p12 #cer #pem #push
  .p12 extension and .cer certificate file. For pushd to work you need to generate a .pem file and give its path in push configuration(`/etc/pushd/pushd.conf`).We need to generate 2 pem files one called
apns-cert.pem (generated from .cer file) and the other called apns-key.pem (generated from .p12 file).To generate
.pem file use openssl command, with the format below:openssl pkcs12 -in YOUR_KEY.p12 -out apns-key.pem -nodes
NOTE: it may ask you for the password, enter the given password by whom that gave you the p12 file.-in set your input file name and -out sets your output file name which will be generated.And now generate the key pem file:
openssl x509 -in cert.cer -inform DER -outform PEM -out apns-cert.pem
Restart the pushd and check for any error in
/var/log/pushd.#pushd #openssl #p12 #cer #pem #push
Check if you can connect to 
At the end if you can connect to the
response.
#pushd #openssl #apns #push
  APNS SERVER using openssl:openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert /etc/pushd/apns-cert.pem -key /etc/pushd/apns-key.pem
At the end if you can connect to the
APNS server you would see Verify return code: 0 (ok). Finally press CTRL+C to go outside ofresponse.
#pushd #openssl #apns #push
A couple days ago we talked about MongoDB that uses TLS/SSL to encrypt the communication with clients connecting to it (like pyMongo). Now if you want to test MongoDB with self-signed certificate you can generate one with the command below:
 
This operation generates a new, self-signed certificate with no passphrase that is valid for 365 days. Once you have the certificate, concatenate the certificate and private key to a .pem file, as in the following example:
 
If using the YAML configuration file format, include the following configuration in the file:
 
 
#mongodb #ssl #tls #pem #openssl
  cd /etc/ssl/
openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key
This operation generates a new, self-signed certificate with no passphrase that is valid for 365 days. Once you have the certificate, concatenate the certificate and private key to a .pem file, as in the following example:
cat mongodb-cert.key mongodb-cert.crt > mongodb.pem
If using the YAML configuration file format, include the following configuration in the file:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
NOTE: instead of requireSSL you can use preferSSL to not force the requirement. It depends on the requirements and network topolgy.#mongodb #ssl #tls #pem #openssl
If you have followed our 
To make the procedure automatic I have created a sample shell script that after automatic renewal will also renew the PEM files for
#mongodb #mongo #ssl #pem #openssl #lets_encrypt
  MongoDB SSL configuration, you should by now know that we can generate SSL certificate using lets encrypt. I have used dehydrated that fully matches with cloud flare.To make the procedure automatic I have created a sample shell script that after automatic renewal will also renew the PEM files for
MongoDB#! /bin/bash
echo 'Binding new mongo private key PEM file and Cert PEM file...'
cat /etc/dehydrated/certs/mongo.example.com/privkey.pem /etc/dehydrated/certs/mongo.example.com/cert.pem > /etc/ssl/mongo.pem
echo 'Saved the new file in /etc/ssl/mongo.pem'
sudo touch /etc/ssl/ca.pem
sudo chmod 777 /etc/ssl/ca.pem
echo 'truncate ca.pem file and generate a new in /etc/ssl/ca.pem...'
sudo truncate -s 0 /etc/ssl/ca.pem
echo 'generate a ca.pem file using opessl by input -> /etc/ssl/ca.crt'
sudo openssl x509 -in /etc/ssl/ca.crt -out /etc/ssl/ca.pem -outform PEM
echo 'ca.pem is generated successfully in /etc/ssl'
echo 'append the chain.pem content to newly created ca.pem in /etc/ssl/ca.pem'
sudo cat /etc/dehydrated/certs/mongo.example.com/chain.pem >> /etc/ssl/ca.pem
echo 'done!'
#mongodb #mongo #ssl #pem #openssl #lets_encrypt
An easy way to encrypt and decrypt large files using OpenSSL and Linux:
Generate PEM public private key using openssl:
We can generate hash using md5sum for both files so we can compare them once we decrypt our file:
Decrypt large file using OpenSSL:
Check md5sum output:
#linux #openssl #pem #encryption #decryption #x509 #public_key #private_key
  Generate PEM public private key using openssl:
openssl req -x509 -nodes -newkey rsa:2048 -keyout private-key.pem -out public-key.pemEncrypt file using public key PEM file:
openssl smime -encrypt -binary -aes-256-cbc -in large_file.img -out large_file.img.dat -outform DER public-key.pem
We can generate hash using md5sum for both files so we can compare them once we decrypt our file:
md5sum large_file.img*
#cd573cfaace07e7949bc0c46028904ff large_file.img
#c4d8f1e868d1176d8aa5363b0bdf8e7c large_file.img.dat
Decrypt large file using OpenSSL:
openssl smime -decrypt -in large_file.img.dat -binary -inform DEM -inkey private-key.pem -out decrypted_large_file.img
Check md5sum output:
md5sum *large_file.img*
#cd573cfaace07e7949bc0c46028904ff decrypted_large_file.img
#cd573cfaace07e7949bc0c46028904ff large_file.img
#c4d8f1e868d1176d8aa5363b0bdf8e7c large_file.img.dat
#linux #openssl #pem #encryption #decryption #x509 #public_key #private_key
How to check expiration time of a PEM certificate using openssl?
 
#openssl #expiration_date
  $ openssl x509 -enddate -noout -in file.pem
notAfter=Sep 3 02:23:50 2018 GMT
#openssl #expiration_date
How to add self-signed certificates to replica set nodes?
https://medium.com/@rossbulat/deploy-a-3-node-mongodb-3-6-replica-set-with-x-509-authentication-self-signed-certificates-d539fda94db4
#mongo #mongodb #ssl #self_signed #openssl
  
  https://medium.com/@rossbulat/deploy-a-3-node-mongodb-3-6-replica-set-with-x-509-authentication-self-signed-certificates-d539fda94db4
#mongo #mongodb #ssl #self_signed #openssl
Medium
  
  Deploy a 3-Node MongoDB 4.0 Replica Set with X.509 Authentication + Self Signed Certificates
  This article will guide you through the process of setting up a MongoDB cluster that will utilise X.509 authentication with self signed…
  