HTTPs et StartCom
Mise à jour Aout 2016.
Alors voici quelques notes sur les certificats SSL de StartCom et Apache2, maintenant à jour pour la version 2.4, et avec une chaine de certificate complète en SHA2.
Se loger par certificat sur https://startssl.com/Certificates
Générer le fichier de demande de certificat en local avec OpenSSL (instructions fournies durant le processus de création de certificat sur le site web) puis en retour on reçoit un fichier ZIP de StartSSL/StartCom.
Stocker les fichiers dans /etc/ssl/localcerts sous les noms
apache.key apache.pem (Renommer le fichier .crt en .pem) bundle.crt (le fichier c'est le fichier 1_root_bundle.crt renommé en bundle.crt, fournir dans le .ZIP de StartSSL quand ils transmettent le certificat).
Télécharger sur http://www.startssl.com/certs/ les deux fichiers :
http://www.startssl.com/certs/ca-sha2.pem
et
http://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
Et stocker le tout dans /etc/ssl/certs
Editer le fichier de config SSL de Apache2 (/etc/apache2/sites-enabled/default-ssl) et configurer le bloc SSL tel quel :
(mis à jour pour désactiver SSL v2, V3, ainsi que cipher RC4
SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile /etc/ssl/localcerts/apache.pem
SSLCertificateKeyFile /etc/ssl/localcerts/apache.key
SSLCertificateChainFile /etc/ssl/localcerts/bundle.crt
SSLCACertificateFile /etc/ssl/certs/ca-sha2.pem
Le respect de cette config est importante, sinon le serveur n’est pas authentifié correctement.
Il faut supprimer la passphrase du certificate pour que Apache2 se lance sans poser de question. Pour cela.
You want to remove the passphrase from a key file. Run this:
openssl rsa -in apache.key -out newapache.key
Android i9195 (S4 mini LTE) fix for /efs can’t mount issues
Ok, sometimes after some kind of flashing error/corruption, you end up with your Samsung S4 mini LTE (GT-i9195) returning error E:failed to mount /efs (Invalid argument) in various recovery tool (TWRP and others).
If you check your /efs with a root level explorer, you will find out the folder is empty. Technically this cause my phone to : loose bluetooth pairing after turning it off or turning off bluetooth stack. Also cannot install Lollipop, stuck on the loop boot 🙁 with Cyanogenmod or other updates.
Here is the fix for it :
– Flash TWRP recovery and root your device using recovery method by installing UPDATE-SuperSU-vX.XX.zip file.
– Install ADB on your computer.
– Boot your device into recovery mode (Vol Up+Home+Power).
– Connect your device to PC via USB cable wait until windows update the driver.
– In the recovery mode choose “Mount /System”
– Open ADB command window and type the following command (from windows command line, from the folder ADB is installed into):
adb shell
mke2fs /dev/block/mmcblk0p10
mount -w -t ext4 /dev/block/mmcblk0p10
reboot
These instructions are quite similar to what you find around on Internet with S3, however here please note that the block is the N°10, different from the instructions you find googlig around. At this stage the phone should reboot itself.
If you encounter some « can’t mount /fstab » error, this is because you have NOT applied correctly the root UPDATE-Super-SU patch on the device.
By following the above command, it will create a generic EFS files on your device. Your IMEI number will NOT be changed or reset, as this is stored in a different place on a Samsung GT-i9195 (on the p11 and p12 blocks apparently).
Reboot, and voilà you should not hit this /efs folder issue anymore, and if you browse the /efs folder, you should now see something with folders named « drm », « imei » « lost+found » and « wifi ».