Page History
...
Create a directory
Code Block theme Confluence mkdir sslcert
Now protect the directory,
Code Block theme Confluence chmod 0700 sslcert
Create two subdirectories
Code Block theme Confluence mkdir certs private
Create a database to keep track of each certificate
Code Block theme Confluence echo '100001' >serial touch certindex.txt
Create a custom config file for OpenSSL to use similar to openssl.cnf in your /etc/pki/tls folder.
Code Block theme Confluence dir = . [ ca ] default_ca = CA_default [ CA_default ] serial = $dir/serial database = $dir/certindex.txt new_certs_dir = $dir/certs certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem default_days = 365 default_md = md5 preserve = no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 1024 # Size of keys default_keyfile = key.pem # name of generated keys default_md = md5 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) emailAddress = Email Address emailAddress_max = 40 localityName = Locality Name (city, district) stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 commonName = Common Name (hostname, IP, or your name) commonName_max = 64 0.organizationName_default = My Company localityName_default = My Town stateOrProvinceName_default = State or Providence countryName_default = US [ v3_ca ] basicConstraints = CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always [ v3_req ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash
Create a root certificate All other certificates you create will be based of this. Since this is not a commercial certificate software may complain when they use your certificates. You may give people the "public" certifcate and your certifcate will work like commercial ones when they import it. To create, while in the 'sslcert' directory type:
Code Block theme Confluence openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf
You will be prompted for information and a password. Do not lose this password, make sure it is a secure one and back up the two files that are created.
The two files that are created are cacert.pem, which is the one you can give to others for import in their browsers and cakey.pem, which will be in the private directory.Create a key and signing request
Code Block theme Confluence openssl req -new -nodes -out name-req.pem -keyout private/name-key.pem -config ./openssl.cnf
You will be prompted for information. The critical part is the "Common Name". This must be the server's hostname, such as mail.your.domain or the IP address. If you want to cover all subdomains you can enter *.your.domain. Use the "Organizational Unit" to remind you what the certificate is for, such as "Web Server". This will generate two files:
name-req.pem - the request
name-key.pem - the private key in the private directory
Sign the request This will generate the certificate,
Code Block theme Confluence openssl ca -out name-cert.pem -config ./openssl.cnf -infiles name-req.pem
You will be prompted for the password used when creating the root certificate. Two files are created:
- <number.pem> - a copy of it in the certs directory
- name-cert.pem - which is the certificate
Copy to the correct location For apache 2.x on Red Hat using the default location, the directory is:
For the name-key.pem:
Code Block theme Confluence cp name-key.pem /etc/httpd/conf/ssl.key/
For the certificate:
Code Block theme Confluence cp name-cert.pem /etc/httpd/conf/ssl.crt/
Create a Virtual Host
Code Block theme Confluence <VirtualHost ip-system-A>:443> DocumentRoot /var/www/html ServerName myserver ErrorLog /etc/httpd/logs/ssl_error_log TransferLog /etc/httpd/logs/ssl_access_log SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/name-cert.pem SSLCertificateKeyFile /etc/httpd/conf/ssl.key/name-key.pem </VirtualHost>
Configure proxy in Apache described in FAQ 13 and restart Apache.
Edit the Hosts file [/etc/hosts]Code Block theme Confluence <ip-system-A> myserver
...
Click on Start menu, then click on run and then type,
Code Block theme Confluence services.msc
- After this 'Services' window pops up with list of all services running in your system.
- Search for Monyog and then right click --> Properties.
- Click on "Log On" tab and then you can see that SQL DM for MySQL is using "Local System Account".
- You need to use "This account" option and then give the credentials that you use to log on to the system with "Administrative" privilege.
- Save the settings, restart MONyog(SQL DM for MySQL) service.
- After following the above steps try to access the file which is shared across network.
Note | ||
---|---|---|
| ||
The shared path should be accessed with UNC notation (\system\share). SQL DM for MySQL cannot identify if destination of the log file is on a Mapped Network Drive (this is a restriction with services on Windows and not with SQL DM for MySQL). |
...
The SQL DM for MySQL binaries are shipped in 3 packages: .tar, .rpm and .exe. The upgrade process is simple and depends on your package. The below steps will help you upgrade to the latest SQL DM for MySQL version without a hassle:
For .rpm package :
Code Block | ||
---|---|---|
| ||
rpm -Uvh <MONyog_package>.rpm |
This command will install the latest build on top of your current installation.
For .tar package:
...
Code Block | ||
---|---|---|
| ||
tar -xzvf <MONyog_package>.tar.gz |
Please untar the package in the directory where the ‘MONyog(SQL DM for MySQL)’ package was untarred for the previous version to make sure that all your data and settings are intact.
For Windows (.exe) package:
...