Sunday, February 14, 2021

Connecting to GlobalProtect VPN in Linux Mint

I encountered GlobalProtect (GP) vpn while working on a project, and somehow the vpn portal does not have any linux client for me to connect to the server. They have windows and mac though, so I tried searching around for solution.

After a while, I stumbled upon this post and this other post, stating that openconnect client can connect to GP vpn.

To install openconnect is fairly easy. Just fire up your terminal, and use below command to install openconnect client
$ sudo apt install openconnect -y

Once installed, you just have to use below command to connect to your GP vpn
$ sudo openconnect --protocol -u foo

You will get some warning about "Certificate failed verification", just answer yes
Certificate from VPN server "" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:1YWmjjGL3wppl245dRc3/p+mytteBnvaVz456DQY+wutt=
Enter 'yes' to accept, 'no' to abort; anything else to view: yes 

It will later ask for you password, just put in your password
Connected to HTTPS on
Enter login credentials

You will know that you are connected if you find something resembles below line
Connected as, using SSL, with ESP in progress

Try to access your internal server, and you should be able to.


Saturday, February 6, 2021

Displaying Text on Remote Desktop over SSH

I used this trick to warn my kids that their computer playing time is almost over. The application name is zenity, and we need to set our DISPLAY environment to :0 beforehand so that the message will appear on their screen.

1. ssh into the machine

$ ssh foo@machine

2. Set the DISPLAY environment

$ export DISPLAY=:0

3. Use zenity to prompt messages to their screen. In this case, I use warning style message, and will be displayed for 2 seconds

$ zenity --warning --timeout=2 --text="Computer will be shut down in 15 minutes"

Monday, January 25, 2021

Replacing Newline with Space

Let's say we have a list of words like below

$ cat animals

and we want it to be arranged in one horizontal line, separated by space. We can achieve that by using tr command.
$ cat animals | tr "\n" " " 
cat fish zebra monkey

What happened is, \n (symbol for newline), will be replaced with " ", which is symbol for space. 

Sunday, January 24, 2021

Generating Certificate Signing Request (CSR) for Multi Domain

For multi domain, we have to create a config file for openssl command to refer to, since the interactive mode would not, by default ask for multi domain in a CSR creation.

To create the config file, please follow below command (this example is for

$ cat >> www-portal.mydomain.conf <<EOF


distinguished_name = req_distinguished_name

req_extensions = v3_req

prompt = no


C = MY

ST = Selangor

L = Cyberjaya

O = MyCompany

OU = Software Development Division

CN =


keyUsage = keyEncipherment, dataEncipherment

extendedKeyUsage = serverAuth

subjectAltName = @alt_names


DNS.1 =


Run openssl CSR creation command against the config file

$ openssl req -new -newkey rsa:2048 -nodes -keyout www-portal.mydomain.key -out www-portal.mydomain.csr -config www-portal.mydomain.conf

Once generated, we can send the CSR to the Certificate Authority (usually SSL provider), to get our cert. This one CSR is usable for 2 domains, which are and

Generating a Certificate Signing Request (CSR) for a Single Domain

To generate a certificate signing request (CSR), you need to have openssl package installed. Please refer here for the instruction on how to install it.

Once you have openssl installed, please use below command to create a CSR with key for 

$ openssl req -new -newkey rsa:2048 -nodes -keyout -out

Press Enter and you will need to provide a few information regarding the CSR. The information are as follows:

  1. Common Name: The FQDN (fully-qualified domain name) you want to secure with the certificate. For example:
  2. Organization: The full legal name of your organization including the corporate identifier. For example: MyCompany Co
  3. Organization Unit (OU): Your department such as 'Information Technology' or ‘Website Security.’
  4. City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate. For example: Cyberjaya
  5. State or Province: The state or province where your organization is legally incorporated. For example: Selangor
  6. Country: The official two-letter country code where your organization is legally incorporated. For example: MY

Once the CSR has been generated, we can provide it to the SSL provider, so that they can use it to provide the SSL for your domain. Please be mindful to keep the key file, because we will need it during our SSL setup.

Friday, January 22, 2021

Installing Openssl Application to Use SSL Functions

The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. 

To install openssl in ubuntu or debian:

$ sudo apt install openssl -y

To install openssl in RHEL, CentOS or Fedora:

$ sudo yum install openssl -y

Tuesday, January 19, 2021

How to Redirect HTTP Traffic to HTTPS in httpd on CentOS

The easiest way is to do it using the VirtualHost configuration, if you have control over it. 

Edit your virtualhost configuration for that domain, in CentOS it is usually located in /etc/httpd/conf.d/mydomain.conf:

<VirtualHost *:80>
   Redirect /

<VirtualHost _default_:443>
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On

The most important line is the "Redirect" line which will redirect all http traffic to https.

Once done, save the file.

Do not forget to run syntax test of the configuration files.
# httpd -t

And reload the service
# systemctl reload httpd

Sunday, January 3, 2021

Force Logout Other User from Linux

First, we need to know the username. This can easily be done using w command

# w

12:34:31 up 36 days, 14:14,  2 users,  load average: 0.07, 0.02, 0.00

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

ironman   pts/0    ::1              12:34    2.00s  0.01s  0.01s w

root     pts/3     12:22    7.00s  0.13s  0.00s bash

Let's say we want to log out ironman from our server. What we have to do is to use a command called pkill against that user.

# pkill -u ironman 

All processes that is owned by that user will be killed. 
# w

12:34:31 up 36 days, 14:14,  2 users,  load average: 0.07, 0.02, 0.00

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

root     pts/3     12:22    7.00s  0.13s  0.00s bash

The ironman user is no longer logged in. Easy peasy.