Monthly Archives: January 2013

Certificate Signing Request (CSR) using openssl

Posted on by

Used the following mechanism to generate a CSR needed to buy an SSL certificate. The server in this case was a Linux server and certificate was a “wildcard certificate” purchased at GoDaddy.com

# openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr

Generating a 2048 bit RSA private key
.............................................................................+++
...............................................................................................................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:California
Locality Name (eg, city) [Default City]:Los Angeles
Organization Name (eg, company) [Default Company Ltd]:Acme
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:*.acme.com
Email Address []:admin@acme.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

At this point, two files were created.

# ll
total 8
-rw-r--r-- 1 root root 1054 Dec 28 03:31 server.csr
-rw-r--r-- 1 root root 1704 Dec 28 03:31 server.key

The csr file can be used to purchase the certificate.

Increasing ulimit and file descriptors limit on Linux

Posted on by

Getting “too many open files” errors? Here is how to increase ulimit and file descriptors settings on Linux

file-max is the maximum File Descriptors (FD). It is a kernel setting enforced at the system level. ulimit is enforced at the user level. It should be configured to be less than file-max.

Default settings for ulimit and file-max on a Linux system assume that several users (not applications) would share the system.  These settings limit the number of resources used by each user. The default settings are  very low for high performance servers and should be increased.

To change the file descriptor setting, edit the kernel parameter file /etc/sysctl.conf. Add line fs.file-max=[new value] to it.

# vi /etc/sysctl.conf
fs.file-max = 500000

Apply the changes:

#sysctl -p

To change the ulimit setting, edit the file /etc/security/limits.conf and set the hard and soft limits.

# vi /etc/security/limits.conf
* soft nofile 60000
* hard nofile 60000

Apply the changes:

# reboot

Now test the new system settings using the following commands:

#ulimit -a
open files (-n) 60000

Check the current open file descriptor limit:

# more /proc/sys/fs/file-max
500000

Another way to check the file descriptor limit:

# sysctl -a | grep fs.file-max
fs.file-max = 500000

To find out how many file descriptors are currently being used:

# more /proc/sys/fs/file-nr

To find out how many files are currently open:

# lsof | wc -l