Posts Tagged ‘fellow’

MySQL SSL Configure Howto – How to Make MySQL communication secured

Wednesday, January 15th, 2014

mysql-over-ssl-how-to-configure-logo how to configure ssl on mysql server

Recently I've been asked How to make communication to MySQL database encrypted. The question was raised by a fellow developer who works on developing a Desktop standalone application in Delphi Programming Language with DevArt an (SQL Connection Component capable to connect Delphi applications to multiple databases like MySQL, Oracle, PostgreSQL, Interbase, Firebird etc.

Communicating in Secured form to MySQL database is not common task to do, as MySQL usually communicates to applications hosted on same server or applications to communicate to MySQL are in secured DMZ or administrated via phpMyAdmin web interface.

MySQL supports encrypted connections to itself using Secure Socket Layer (SSL) encryption. Setting up MySQL db to be communicated encrypted is a must for standalone Desktop applications which has to extract / insert data via remote SQL.
Configuring SQL to support communicated queries encrpytion is supported by default and easily configured on most standard Linux version distributions (Debian, RHEL, Fedora) with no need to recompile it.
1. Generate SSL Certificates

$ mkdir /etc/mysql-ssl && cd mysql-ssl

# Create CA certificate
$ openssl genrsa 2048 > ca-key.pem
$ openssl req -new -x509 -nodes -days 3600 \
         -key ca-key.pem -out ca-cert.pem

Create server certificate, remove passphrase, and sign it
server-cert.pem is public key, server-key.pem is private key
$ openssl req -newkey rsa:2048 -days 3600 \
         -nodes -keyout server-key.pem -out server-req.pem
$ openssl rsa -in server-key.pem -out server-key.pem
$ openssl x509 -req -in server-req.pem -days 3600 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

Create client certificate, remove passphrase, and sign it
client-cert.pem is public key and client-key.pem is private key
$ openssl req -newkey rsa:2048 -days 3600 \
         -nodes -keyout client-key.pem -out client-req.pem
$ openssl rsa -in client-key.pem -out client-key.pem
$ openssl x509 -req -in client-req.pem -days 3600 \
         -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem
After generating the certificates, verify them:

$ openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
 

2. Add SSL support variables to my.cnf

Once SSL key pair files are generated in order to active SSL encryption support in MySQL server, add to (/etc/my.cnf,  /etc/mysql/my.cnf, /usr/local/etc/my.cnf … ) or wherever config is depending on distro

# SSL
ssl-ca=/etc/mysql-ssl/ca-cert.pem
ssl-cert=/etc/mysql-ssl/server-cert.pem
ssl-key=/etc/mysql-ssl/server-key.pem
3. Restart MySQL server

/etc/init.d/mysqld restart
...

4. Create SQL user to require SSL login

Create new user with access to database;

GRANT ALL ON Sql_User_DB.* TO Sql_User@localhost;
FLUSH PRIVILEGES;
To create administrator privileges user:

GRANT ALL PRIVILEGES ON *.* TO ‘ssluser’@'%’ IDENTIFIED BY ‘pass’ REQUIRE SSL;
FLUSH PRIVILEGES;
5. Test SSL Connection with MySQL CLI client or with few lines of PHP

To use mysql cli for testing whether SSL connection works:

$ mysql -u ssluser -p'pass' –ssl-ca /etc/mysql-ssl/client-cert.pem –ssl-cert /etc/mysql-ssl/client-key.pem

Once connected to MySQL to verify SSL connection works fine:

mysql> SHOW STATUS LIKE 'Ssl_Cipher';
 +---------------+--------------------+
| Variable_name | Value              |
 +---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+

If you get this output this means MySQL SSL Connection is working as should.

Alternative way is to use test-mysqli-ssl.php script to test availability to mysql over SSL.

$conn=mysqli_init();
mysqli_ssl_set($conn, '/etc/mysql-ssl/client-key.pem', '/etc/mysql-ssl/client-cert.pem', NULL, NULL, NULL);
if (!mysqli_real_connect($conn, '127.0.0.1', 'ssluser', 'pass')) { die(); }
$res = mysqli_query($conn, 'SHOW STATUS like "Ssl_cipher"');
print_r(mysqli_fetch_row($res));
mysqli_close($conn);
Note: Change username password according to your user / pass before using the script

That's all now you have mysql communicating queries data over SSL

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in MySQL, System Administration, Web and CMS | No Comments »

Saint Abraham the Bulgarian co-memoration in Bulgarian Orthodox Church

Monday, April 2nd, 2012

saint Abraham the Bulgarian, sv. Avramii Bolgarski

Saint Abraham the Bulgarian is an Orthodox Christian saint venerated across most Slavonic Christian dome. His co-memoration in the Bulgarian Orthodox Church (BPC) is on 1st of April.

What is unique about this saint is that he used to be born and grown in the tradition of the Muslim (Islam) faith and by the great providence of God he converted to the true faith of Christianity.

St. Abraham of (Bulgaria), was born in Volga Bulgaria in a community of Muslim Volga Bulgars (old Bulgarians). Nowdays Volga Bulgaria is located in Tararstan Russia. The saint used to be an islamic merchant and His martyrdom for Christ happened in March 6 (according to old Church Calendar) in year 1229.

He used to live in a very complex situation, when the islamic influence of Arabs in his motherland was quite severe. St. Abraham of Bulgaria used to be a rich man for his time, he was a merchant.
Because of the trade he travelled a lot to the Byzantine Empire and the Orthodox Christian principalities. This give him an opportunity to get to know Christian faith little by little.

He was accustomed to a wordly life but still always accepted strangers and similar to the Old Testamental father of nations st. Abraham he's been very hospitable to poor people.
By Gods grace he become convinced Muslim faith does not teach a true faith to the one God,  being pointed by God himself towards the right salvation way, he accepted Jesus Christ as a Lord and Saviour being baptized and hence converting to the truthful Christian faith.

His Christian baptizmal was accepted from Russian traders, who lived nearby the place of Great Bulgar.
Being baptized in the Christian faith Saint Abraham of Bulgaria not only confessed Christian faith across his fellow people, but he also led very harsh (ascetic like) life, wearing secretly below his clothes a heavy chains during his worldly travels. The profit he made from trade often he shared with the poor.Once he went for a trade to the city of Great (Bulgar) Bulgar. There he was arrested because there was a rumor, he cursed (islamic faith believed prophect) Mohammed and the muslim faith.


Saint Abraham Avramii Bylgarski Bulgarian Martyr saint old drawing

Muslims catched him and started convincing him to reject Christ, accusing him at a blasphemy. Abraham was not scared of muslim threats of expel and even putting to death. As Muslims failed to force him "by words" to convert back to Islam, they took him and put him in jail because of his denial of (their) Islamic faith.

In jail he was tortured but, they failed to convince him to deny Christ, seeing they have no way to convince him to accept Muslim faith once again, saint tormentors first cut his hands, then the legs and finally disgraced by his boldness and continues confession of Christ they beheaded him.

Soon afterwards the city of Bulgar was captured and burned down by the Mongols, many people in that time saw this is Gods punishment for the innocent shed blood of Abraham the Bulgar.
The local Christians took his body and buried him in the Christian cemetery of the ancient city of (Bolgar) / Bulgar.
On the place, where the saint was buried, a healing water spring emerged. The first man who received healing from this spring by Christ's grace was a muslim.

Miracle Making Spring Well Saint Abraham the Bulgarian

Great healing miracles happened on the saint grave. Local Christians took their relatives and bring them to the saints grave for a miracle healing and a prayer intercession of the saint. A rumour about the saints great graceous grave quickly spread and some people told about the miracle healing grave f st. Abraham to prince Georgi / (George) Vsevolodich.One year later again on 6th March 1230, the body of the saint was carried in the city of Vladimir, where the prince and his family, the Vladimirsk Bishop, the clergy and the local people received the holy relics of st. Abraham (of Bulgaria). The holy relics was kept in the local church "Dormition of Mother Mary" on 6th of March in the year of 1230.

The co-memoration of st. Abraham the Bulgarian is being observed in the Bulgarian Orthodox Church, since very ancient times.
Nowdays both Christians and Muslim celebrate the saints feast.

Icon of Orthodox Christian Saint Abraham of Bulgaria and his Holy Relics

Interesgingly, nowdays St. Abraham the Bulgarian is venerated as a saint by both Orthodox Christians and by Muslims. Many Muslims from Turkey and other muslim countries come each year for the saints feast day to pray and ask for healing or prayer intercession to God.

Even to this very day people receive by Jesus's grace through saint Abraham the Bulgarian's prayers – a various incurable disease healings. The healings occur on the same holy spring where the saint was buried. Many people are also healed from incurrable diseases through the veneration of the incorruptable saint holy relics kept in the Church Dormition of Mother Mary.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Christianity, Various | No Comments »

Installing XMMS on Debian Squeeze from a Package / Installing XMMS on Debian – the debian way

Tuesday, July 17th, 2012

installing xmms on debian squeeze linux playing free software song green skin screenshot

I use Debian Linux for my desktop for quite some time; Even though there are plenty of MP3 / CD players around in Debian, I’m used to the good old XMMS, hence I often prefer to use XMMS to play my music instead of newer players like RhythmBox or audacious.
Actually audacious is not bad substitute for XMMS and is by default part of Debian but to me it seems more buggy and tends to crash during playing some music formats more than xmms ….

As most people might know, XMMS is no longer supported in almost all modern Linux distributions, so anyone using Debian, Ubuntu or other deb derivative Linux would have to normally compile it from source.
Compiling from source is time consuming and I think often it doesn’t pay back the effort. Thanksfully, though not officially supported by Debian crew XMMS still can be installed using a deb xmms prebuilt package repository kindly provided by a hacker fellow knuta.

Using the pre-build deb packages, installing xmms on new Debian installs comes to:

debian:~# echo 'deb http://www.pvv.ntnu.no/~knuta/xmms/squeeze ./' >> /etc/apt/sources.list
debian:~# echo 'deb-src http://www.pvv.ntnu.no/~knuta/xmms/squeeze ./' >> /etc/apt/sources.list
debian:~# apt-get update && apt-get -y install xmms

There are also deb xmms built for Ubuntu, so Ubuntu users could install xmms using repositories:

deb http://www.pvv.ntnu.no/~knuta/xmms/karmic ./
deb-src http://www.pvv.ntnu.no/~knuta/xmms/karmic ./
 That’s all now xmms is ready to use. Enjoy 🙂

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in System Administration | No Comments »