Archive for the Uncategorized Category

Enable httpd fullstatus to Monitor Apache Status

Apache has built in utilities that help’s  a  administrator to monitor the performance and activity of their web server. The Apache Status is one such tool that allows real time monitoring of Apache connections and resource usage.

The Apache Status provides  information that will help in performance monitoring and Apache tuning.

The Apache module mod_status  is required to enable apache status . Mod_status will provide the following information to the viewer:

 

 The number of worker serving requests
 The number of idle worker
 The time the server was started/restarted and the time it has been running.

The status module can also be set to an extended mode, which will display additional information:

 

The status of each worker, the number of requests that worker has performed and the total number of bytes served by the worker
A total number of accesses and byte count served
The current CPU used in % by each worker and in total by Apache
The current hosts and requests being processed

Enable status in Apache

By  default mod_status is already installed and enabled in apache on  Centos and Redhat Linux, however to access the information, the Apache configuration  must be updated to set the handler for the request.

To set the handler, open the  Apache config file /etc/httpd/conf/httpd.conf  and search for the following block:

#<Location /server-status> 
#SetHandler server-status 
#Order deny,allow 
#Deny from all 
#Allow from .example.com #</Location>

Un-Comment the  above lines  ::

<Location /server-status>
 SetHandler server-status
 Order deny,allow
 Deny from all
 Allow from 127.0.0.1
 </Location>

Save  the changes and restart  the apache service

Enable Extended Status in Apache

Open  the httpd.conf file and search  for the line

 

#ExtendedStatus On 

Just uncomment the above line as ::

 

ExtendedStatus On 

Note :: Add the line, if not present

and finally restart  the apache service.

 

That’s all you are done.

 

 

Convert SSL Certificates to different formats

As we all know that different platforms and devices require SSL certificates in  different formats, for example a Windows server exports and imports .pfx files whereas an Apache server uses individual PEM (.crt, .cer) files  for SSL.

Using the OpenSSL utility, we can  easily convert SSL  certificates in  different formats from PFX to PEM or vice-versa.

You can use the following OpenSSL commands to convert SSL certificate to different formats on your own machine ::

OpenSSL Convert PEM
Convert PEM to DER

 

openssl x509 -outform der -in certificate.pem -out certificate.der 
Convert PEM to P7B

 

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer 
Convert PEM to PFX

 

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt 
OpenSSL Convert DER
Convert DER to PEM

 

openssl x509 -inform der -in certificate.cer -out certificate.pem 
OpenSSL Convert P7B
Convert P7B to PEM

 

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer 
Convert P7B to PFX

 

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer 
OpenSSL Convert PFX
Convert SSL Certificate from PEM to P7B

 

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes 

Note :: It is highly recommended that you convert to and from .pfx files on your own machine using OpenSSL so that you can keep the private key intact.

 

And, if you are looking for graphical interface for the above commands then browse the URL : https://www.sslshopper.com/ssl-converter.html

That’s all.

 

Change the default character set for Apache

By default, on most of the linux systems  the default character set for Apache is  UTF-8.  But what if your web application requires a different character set .

Say, if  all of your sites are in Spanish Language then you would most likely  to change this to the Latin-1 character set (ISO-8859-1)  .

 

So, follow the below steps to  change default charset for apache

 

1 > For all domains

Open  the /etc/httpd/conf/httpd.conf  file and search  for line ::

 

AddDefaultCharset UTF-8 

and replace with  the charset of your choice for example with  ISO-8859-1

 

AddDefaultCharset ISO-8859-1 

if the above line does not  exists in httpd.conf file then add that line

And finally restart the apache/httpd service for the changes to  take effect.

To verify  the new default charset for apache  use the below command ::

 

[email protected] [~]# curl -I localhost
HTTP/1.1 200 OK
Date: Wed, 04 Apr 2012 06:40:49 GMT
Server: Apache
Last-Modified: Sat, 31 Mar 2012 15:11:54 GMT
Accept-Ranges: bytes
Content-Length: 111
Content-Type: text/html; charset=ISO-8859-1

2 >  For a Single domain

 

If you want to change the charset for only a single domain then add the code :: AddDefaultCharset ISO-8859-1 in  the .htaccess file under the document root for that domain.

 

[email protected][~]# vi .htaccess
AddDefaultCharset ISO-8859-1
:wq!

That’s all you are done.