• Generate a CSR with openssl

    Generate a CSR (Certificate Signing Request) on your server when you want to get a certificate from a certified provider is often a mandatory step, very easy to execute.

    Here are the different steps to execute:

    1. Create a specific directory where you will put all your files
      mkdir sub.domain.com && cd sub.domain.com
    2. Generate a private key of 2048 bits
       openssl genrsa -out sub.domain.com.key 2048
    3. Now generate a CSR with openssl and with the private key you just generated
      openssl req -new -sha256 -key sub.domain.com.key -out sub.domain.com.csr

      Many information will be asked during the creation:

      Country Name (2 letter code) []: 
      State or Province Name (full name) []:
      Locality Name (eg, city) []:
      Organization Name (eg, company) []:
      Organizational Unit Name (eg, section) []:
      Common Name (eg, YOUR name) []:
      Email Address []:
      A challenge password []:
      An optional company name []:
    4. You now have your CSR and your private key

    It’s up to you to get your signed certificate from an official provider using those files.

  • Change or remove password expiration for linux user

    It can happen that you’re getting that message when trying to connect to your linux server:

    You are required to change your password immediately (password aged)
    WARNING: Your password has expired.
    You must change your password now and login again!
    Changing password for user mylinuxuser.
    (current) UNIX password:

    The message is quite explicit and you need to update your password right now.

    If you don’t want to update your password too many times, you can update the frequency of the expiration to 90 days for example:

    chage -M 90 mylinuxuser

    Or you can completely disable the expiration by pushing the max value for expiration date to 99999 days:

    chage -m 0 -M 99999 -I -1 -E -1 mylinuxuser