CSR Generation: Apache Solution
Generating a Certificate Signing Request (CSR) using Apache mod_ssl/OpenSSL
A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process:
Generate keys and certificate:
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, “server”, use the following command :
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.
In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
You will now be asked to enter details to be entered into your CSR.
What you are about to enter is what is called a Distinguished Name or a DN.
For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]: CA
State or Province Name (full name) [Some-State]: Prince Edward Island
Locality Name (eg, city) []: Charlottetown
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
Email Address []:
Please enter the following ‘extra’ attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
Use the name of the webserver as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).
The fields email address, optional company name and challenge password can be left blank for a webserver certificate.
Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
Alternatively one may issue the following command:
openssl req -nodes -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr
-subj “/C=CA/ST=Prince Edward Island /L=C/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com”
Note: If the “-nodes” is inputted the key will not be encrypted with a DES pass phrase.
Resyncing Broken MySQL Replication
- Prepare the slave
- Prepare the master, copy databases and restart master
- Restart Replication Slave
Prepare the slave
SSH into the slave server.
Log into MySQL on the slave as root
mysql>STOP SLAVE;
mysql>RESET SLAVE;
mysql> exit;
Now exit and shutdown slave
$ mysqladmin shutdown -u root -p
Delete the databases on slave (DANGER … this deletes ALL databases on slave)
$ cd /usr/local/mysql/
$ sudo rm -r data
Prepare the master, copy databases and restart master
SSH into the master as root
log into mysql as root
Check users and kick them all off if more than yourself is connected
mysql> show processlist;
Reset the Master
mysql> RESET MASTER;
exit and shutdown immediately
$ mysqladmin shutdown -p
Now copy all the data from this master to the slave (may take a while)
# cd /usr/local/mysql
# scp -r data root@slavehost:/usr/local/mysql
Note: If you have a really huge amount of data and you have the drive space, it may be faster to make a local copy of the data directory on the master which can be then copied to the slave after you have restarted the master.
When copying is done, restart the master
$ sudo echo
$ sudo mysqld_safe &
Log into master and make sure it is logging.
mysql> show master status\G
*************************** 1. row ***************************
File: binary-log.002
Position: 280Binlog_do_db:
Binlog_ignore_db:
1 row in set (0.00 sec)
Make sure Position is increasing if insert and update activity is taking place on master.
Now you can breathe for a while!
Restart Replication Slave
Log into slave server and fix privileges on the data folder
$ cd /usr/local/mysql
$ sudo chown -R mysql. data
Restart server
$ sudo echo
$ sudo mysqld_safe &
Log into mysql as root
mysql> SHOW SLAVE STATUS\G;
Verify that it is replicating and you are done.
Great References:
MySQL: How do you set up master-slave replication in MySQL?
Resyncing Broken MySQL Replication
How to make MySQL replication reliable
Replace text in a file
If you wish to replace the text from bob to doug in the file called file.txt
perl -pi -e “s#bob#doug#ig” file.txt
Creating a Backup
Creating a Backup
1. As ROOT create a directory where you will keep the backup files. eg: /backup/siteusername/mysqlbk/
2. Create a new file called backup.sh and paste the following.
#!/bin/sh i=`date +%j` `touch backup.sh` `mysqldump –comments=false -Q databaseName > backup-$i.sql` `find ./* -mtime +3 -exec rm -f {} ;`
Modify databaseName with the database name that you wish to have backed up. Save the file
3. Give this file execution permissions:
chmod +x backup.sh
4. Setup Cron Job
We will now schedule this script to be ran once per day (or at whatever interval you want if you understand how to manipulate the cron job timing format)
crontab -e
5. An editor will now show up and there will probably be a few lines of cron jobs. Do not edit these! Goto the bottom of the file and create a new line. Enter the following onto the new line:
0 * * * * /path/to/file/backup.sh
6. Save the file and exit. Your done!
Restoring a Backup
Backups will now be made every day, and any backups older than 3 days will be deleted. If you ever need to restore one of these backup files, you can do so with the following command :
mysql databaseName < backup-XXX-XX.sql
Note that this should only be done on an empty database. IF you try restoring a file on top of a database with information already in it, you might run into troubles.
