Generate a CSR (Certificate Signing Request) on your server when you want to get a certificate from a certified provider is often a mandatory step, very easy to execute.

Here are the different steps to execute:

1. Create a specific directory where you will put all your files
   
   mkdir sub.domain.com && cd sub.domain.com

   1	mkdir sub.domain.com && cd sub.domain.com

2. Generate a private key of 2048 bits
   
   openssl genrsa -out sub.domain.com.key 2048

   1	openssl genrsa -out sub.domain.com.key 2048

3. Now generate a CSR with openssl and with the private key you just generated
   
   openssl req -new -sha256 -key sub.domain.com.key -out sub.domain.com.csr

   1	openssl req -new -sha256 -key sub.domain.com.key -out sub.domain.com.csr

   
   Many information will be asked during the creation:
   
   Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: A challenge password []: An optional company name []:

   1 2 3 4 5 6 7 8 9

   Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: A challenge password []: An optional company name []:

4. You now have your CSR and your private key

It’s up to you to get your signed certificate from an official provider using those files.

It can happen that you’re getting that message when trying to connect to your linux server:

The message is quite explicit and you need to update your password right now.

If you don’t want to update your password too many times, you can update the frequency of the expiration to 90 days for example:

Or you can completely disable the expiration by pushing the max value for expiration date to 99999 days:

If you’re getting many “unstrusted issuer” alerts in your app logs, it might be due to some CA trusted certificates outdated.
To fix that, just perform an update:

For Ubuntu/Debian

For CentOS/RedHat

If you need to push multiple lines to one file through a bash script, you can simply use that syntax:

Tip: Be aware that if you’re using indentation, last line should not be indented (this would lead you to some errors).

If you want to add line instead of overwriting file (like we did in the previous example), just replace the “>” with “>>” after cat command.

There’s no easy way to list all the IPs connecting to your postfix server for sending mail. But you can easily extract them from all your postfix logs.

For our example, we will consider the logs from postfix to be as default and located in /var/log/maillog

Here is what a postfix log look like when a connection is received:

For extracting exclusively the IPs, we will use a combination of commands:

• grep ” connect from ” /var/log/maillog will extract every lines containing a connection attempt
• cut -d ‘[‘ -f3 |cut -d ‘]’ -f1 will extract the IP from the line (which is contained between [] )
• sort -u will sort the output by unique values

Here is what we will get as a result once the command is executed (nothing will appear until it finished):

You can obviously re-use this command for any log file that you want to filter out by updating the filtering.

It’s possible to connect to serial console with MacOS without using a specific app but only screen.

First, you need to find the correct device you will use to connect to the serial console. Depending on your installation and your adapter, you’ll can find it under different names with one these commands:

Here, we can see that our device is available on /dev/tty.usbserial

If you have any doubt with the screen command, you can check the documentation, with the specific part regarding the console connection:

For example, if you want to connect to serial port with those parameters:

• 9600 bps
• 8 data bits
• flow control

You can just use this command:

Hint: Note that if you’re using a specific adapter (like an adapter DB9/RS232 to USB), you will probably need to install the driver first to get the device available.