Sometimes, you need some SSL certificates for providing SSL encrypted pages.

You can obtain a server certificate from Verisign or Entrust but they're quite expensive.

Or you can make them yourself. Here are some tools to get there. I won't provide information about cryptology at all, neither you will find a professional PKI solution here.

Creating your "own CA" makes only sense for sites where encryption should be in place, without providing official trusted credentials. Every user connecting to your secured site get a warning message every time he connects to your site, until he manually accept your CA Certificate.

First you need OpenSSL, the code which deals with digital certificates.
For information on the command options of the OpenSSL tools look at the OpenSSL Documentation (from openssl.org)
Then get the SSL CA-Tools 0.2 (SSL CA-Tools 0.2). This is a version slightly modified so you can also renew certificates easily.
If you do prefer to use the original version, you can find it here: SSL CA-Tools)

The SSL CA-Tools are easy to use scripts which query the necessary information in a dialog and execute the appropriate openssl commands. Untar it somewhere, e.g. under your openssl directory, look at the README, and create a self-signed CA certificate, user- and server certificates and finally sign them with your CA key.

It is possible that the hardware changes with new server models and you cannot boot any more from the RedHat Bootdisk. Then you need to inspect your new hardware and see what new devices are built in and get a driver for it.

For more convenience, I have written some simple scripts, which do the most annoying tasks.

The drivers need to be changed on different locations:

Network drivers must be put on the boot-disk, because all other packages, drivers, etc. are loaded from a network location

Ungzip bootnet.img.gz with:

        gunzip bootnet.img.gz 

Mount the Image as a loop filesystem on /mnt/bootimage:

        unpack_bootimage.sh bootnet.img 

Unpack and mount the inital ramdisk with the following script, give the initrd-file under /mnt/bootimage/ as argument. The inital ramdisk will be mounted under /mnt/initrd:

        unpack_initrd.sh initrd.img 

Unpack the modules with the following script:

       unpack_modules.sh /mnt/initrd/modules/modules.cgz 

Now copy the new driver module(s) to /var/tmp/modules/<kernel-version> directory
Change /mnt/initrd/modules/pcitable and add a new line with the vendor ID, product ID, driver name and description to the file (see example below):

        0x8086  0x1010  "e1000"         "Intel Corporation|PRO/1000"

Change the file /mnt/initrd/modules/module-info and add a line for each the driver name, type and description (see the following example):

        e1000
                eth
                "Intel EtherExpress Pro 1000"

Add a line for the new driver to the file /mnt/initrd/modules/modules.dep if the new driver module is dependent on othe kernel modules. Mostly not necessary for ethernet adapters.

Re-pack the modules to the archive, kernel-version-directory under /var/tmp/modules as 1st argument, cpio archive file as 2nd argument:

        pack_modules.sh 2.4.20-18.7BOOT /mnt/initrd/modules/modules.cgz 

"exit" from the initrd-mount, if you are there, /mnt/initrd or subdirectories of it musn't be your current dir!

If you also need to update the boot-kernel (when used some modules not for acutal kernel version), copy the new vmlinuz kernel image to /mnt/bootimage
Unmount and pack the initial ramdisk, give the initrd-file under /mnt/bootimage to be updated as argument:

        pack_initrd.sh initrd.img 

Now unmount the bootimage and write it to a boot floppy with this script:

        pack_bootimage.sh bootnet.img 

Most other drivers, like for SCSI-Controllers are in the stage2 Image
Mount the Stage 2 image (network-connected part of the installation):

        mount -o loop /install/cdrom/RedHat/base/stage2.img /mnt/image 

Unpack the modules with the following script:

        unpack_modules.sh /mnt/image/modules/modules.cgz 

Now copy the new driver module(s) to /var/tmp/<kernel-version> directory

Important: If the new modules are built for another kernel version as the one on the boodisk, the bootdisk image must be updated with the corresponding kernel image. Further, all modules need to be replaced by one's of the same kernel version as the kernel image!

Change /mnt/image/modules/pcitable and add a new line with the vendor ID, product ID, driver name and description to the file (see example below):

        0x9005  0x801f  "aic79xx"       "Adaptec|AIC7902 Ultra 320 SCSI Adapter" 

Change the file /mnt/initrd/modules/module-info and add a line for each the driver name, type and description (see the following example):

        aic79xx
                scsi
                "Adaptec AIC79xx Ultra 320 SCSI Host Adapter"

Add a line for the new driver to the file /mnt/image/modules/modules.dep if the new driver module is dependent on other kernel modules. Example:

        aic79xx: scsi_mod 

Re-pack the modules to the archive, kernel-version-directory under /var/tmp/ as 1st argument (see /var/tmp/modules), cpio archive file as 2nd argument:

        pack_modules.sh <kernel-version> /mnt/image/modules/modules.cgz 

Leave the mountpoint of the image (/mnt/image or subdirectories of it musn't be your current dir!)

Unmount the image:

        umount /mnt/image 

Errormessage "Could not Find Primary DC" appears in Server Manager or when you would join a domain or set up a trust relationship between two domains.

This behavior can occur if the 1b (domain master browser) and 1c (domain controller) NetBIOS names for the PDC are not registered in the Windows Internet Naming Service (WINS). This can occur when the WINS servers in the two domains do not replicate to each other or there aren't any WINS server available at a remote place (on the other side of a firewall or router)

Resolution:

Make these entries in LMHOSTS:

  10.0.0.1   PDCName   #PRE #DOM:DomainName
  10.0.0.1   "Domain         \0x1b"   #PRE  

- Replace 10.0.0.1 in the example with the IP address of the PDC in the remote domain.
- Replace the PDCName with the NetBIOS name of the domain PDC.
- Replace DomainName with the Windows NT 4.0 domain name of the target domain.

So far, this is a common thing, but the next line is also required:

A NetBIOS type, also called NetBIOS suffix, must be indicated for the appropriate domain. Specially important is, that this suffix must be at the end of the domain name, with is 15 characters plus 1, total 16 characters in lenght. When you specify the NetBIOS suffix (\0x1b) after the Domain name (must be the sixteenth character), the spacing between the quotation marks is critical. There must be a total of 20 characters within the quotation marks (the domain name plus the appropriate number of spaces to pad up to 15 characters plus the backslash (\) plus the NetBIOS hex representation of the service type).

* FAQ: RUN WINDOWS EXPLORER AS AN ADMINISTRATOR
( contributed by John Savill, http://www.windows2000faq.com )

Q. How do I run Windows Explorer as an administrator when I'm logged on as a different user?

A. The impersonation service, Runas, is a nice Windows 2000 feature. But Runas can't run Windows Explorer impersonated because in Win2K, new Windows Explorer windows are spawned as threads of the main explorer.exe invocation. You can circumvent this behavior in the following way:

1. Select Start, Run, and type

runas /user:administrator "\"c:\program files\internet
explorer\iexplore\" c:\\" 

2. Click OK.
3. When the system prompts you, enter your Administrator password.

This command executes Windows Explorer in the desired context; adding a local path makes Windows Explorer emulate the default (i.e., no Windows Explorer bars or buttons).