Uly.me

cloud engineer

Archives for October 2020

GCP SSL Certificates

Here’s how to create a regional SSL Certificate.

gcloud compute ssl-certificates create my-ssl-cert \
--description "describe ssl certificate" \
--domains=domain1.com,domain2.com \
--certificate=cert.pem \
--private-key=private.key \
--region=us-central1

List the SSL certificates.

gcloud compute ssl-certificates list --project=project-id

Describe the SSL certificate.

gcloud compute ssl-certificates describe my-ssl-cert \
--region=us-central1 \
--project=project-id

Delete SSL certificate.

gcloud compute ssl-certificates delete my-ssl-cert \
--region=us-central1 \
--project=project-id

Check If Domain Joined

Here’s the command to check if instance is domain joined.

realm discover domain.com

To check if AD user is working.

id user@ad.example.com

To check if AD group is working.

getent group ad-group

SCP with a Key

SCP is a secure copy utility in Linux. You’ll need access to your system. In this example, a pem key is used to authenticate to a host. SCP copies filename.ext to the home directory of ec2-user. It’s important to add the target directory, otherwise it will not work.

Here’s how to use SCP with a key from local to server.

scp -i key.pem filename.ext user@server:/home/user

From server to local. Run the command from local machine.

scp user@server:/home/user/file.txt /local/directory

AWS S3 Make Object Public

Copy object or file to S3 bucket.

aws s3 cp filename.ext s3://bucketname/ --profile your-profile

To make it publicly available, run this command.

aws s3api put-object-acl \
--bucket bucket-name \
--key filename.ext \
--acl public-read \
--profile your-profile

OpenSSL Upgrade

Here’s how to upgrade to OpenSSL 1.1 on Redhat/Centos.

# check
openssl version
yum info openssl
# download and install
cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
tar -zxf openssl-1.0.2-latest.tar.gz
# compile
cd openssl-1.0.2a
./config
make
make test
make install
# update softlink
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# verify new version
openssl version