Category Archives: Gentoo

OpenDNS Server

Google’s Public DNS Servers in case you need a public uncensored DNS server you can use these:

Here is my resolv.conf with the open DNS servers:


The last two are also open DNS Servers but not from Google.

frequently used SSL commands

generate a new private key and matching Certificate Signing Request (eg to send to a commercial CA)
openssl req -out MYCSR.csr -pubkey -new -keyout MYKEY.key

-add -nodes to create an unencrypted private key
-add -config if your config file has not been set in the environment

decrypt private key

openssl rsa -in MYKEY.key >> MYKEY-NOCRYPT.key

generate a certificate siging request for an existing private key

openssl req -out MYCSR.csr -key MYKEY.key -new

generate a certificate signing request based on an existing x509 certificate

openssl x509 -x509toreq -in MYCRT.crt -out MYCSR.csr -signkey MYKEY.key

create self-signed certificate (can be used to sign other certificates)

openssl req -x509 -new -out MYCERT.crt -keyout MYKEY.key -days 365

sign a Certificate Signing Request
openssl x509 -req -in MYCSR.csr -CA MY-CA-CERT.crt -CAkey MY-CA-KEY.key -CAcreateserial -out MYCERT.crt -days 365

-days has to be less than the validity of the CA certificate

convert DER (.crt .cer .der) to PEM

openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem

convert PEM to DER

openssl x509 -outform der -in MYCERT.pem -out MYCERT.der

convert PKCS#12 (.pfx .p12) to PEM containing both private key and certificates

openssl pkcs12 -in KEYSTORE.pfx -out KEYSTORE.pem -nodes

add -nocerts for private key only; add -nokeys for certificates only

convert (add) a seperate key and certificate to a new keystore of type PKCS#12

openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat"
check a private key

openssl rsa -in MYKEY.key -check

add -noout to not disclose the key

check a Certificate Signing Request

openssl req -text -noout -verify -in MYCSR.csr

check a certificate

openssl x509 -in MYCERT.crt -text -noout
check a PKCS#12 keystore

openssl pkcs12 -info -in KEYSTORE.p12

check a trust chain of a certificate

openssl verify -CAfile MYCHAINFILE.pem -verbose MYCERT.crt

-to check for server usage: -purpose sslserver
-to check for client usage: -purpose sslient

Mount a Linux NFS Share on Windows 7

First you need to install the windows nfs client. Go to

Control PanelAll Control Panel ItemsPrograms and Features

Then click on Turn Windows features on or off then select NFS Services Client for NFS. After the installation start a dos box or power shell. And enter the following command to mount the share backup on server and assign the drive letter k:

mount \\\backup k:

Example: mount [options] \\nfs-server\unc-nameshare-name [drive letter]

Extracting a Database From a mysqldump File

Restoring a single database from a full dump is pretty easy, using the mysql command line client’s –one-database option:

mysql -u root -p --one-database db_to_restore < fulldump.sql

But what if you don’t want to restore the database, you just want to extract it out of the dump file? Well, that happens to be easy as well, thanks to the magic of sed:

sed -n '/^-- Current Database: `test`/,/^-- Current Database: `/p' fulldump.sql > test.sql

You just need to change “test” to be the name of the database you want extracted. Or you can use this shell script:

Download mysqldumpsplitter


Usage: sh DUMP-FILE-NAME — Extract all tables as a separate file from dump.
sh DUMP-FILE-NAME TABLE-NAME — Extract single table from dump.
sh DUMP-FILE-NAME -S TABLE-NAME-REGEXP – Extract tables from dump for specified regular expression.

Further instructions for using this script can be found here:

Mysql dump-shell script

Openssl Create a Private Key and a CSR with 2048bit for an SSL Certificate

If you need a new SSL certificate for a server you will need a 2048bit private key from 2011 onwards. This command creates both:

openssl req -new -nodes -newkey rsa:2048 -keyout example.key -out example.csr

Thats it send the CSR to you ISP and you should get you SSL cert back. You can also edit:


And change the default_bits line to 2048 then all new keys we be created with 2048bits.

Reset Forgotten MySQL Root Password

Okay so you have forgotten your mysql root password and need to access you mysql server. This howto requires root access to the shell or via sudo:

First stop your mysql server via the init script:

/etc/init.d/mysql stop

Now lets start up the mysql daemon and skip the grant tables which store the passwords:

mysqld_safe --skip-grant-tables

You should be able to see mysql starting. Logon to mysql with the fowling command:

mysql --user=root mysql

Now change the password with:

update user set Password=PASSWORD('new-password') where user='root';
flush privileges;

Now kill your running mysqld, then restart it normally. You should be good to go. Try not to forget your password again.

Mysql Update Crypt Field

This is our mysql table for proftpd with two users. One user has a clear text password ‘Clear_text’ and the other user has a Crypt password. The passwords are stored in the field passwd. Which we need to update for the user ftp.

mysql> select * from ftpuser;
| id | userid | passwd | uid | gid | homedir | shell | count | accessed | modified |
| 10 | ftp| *BD0359A2B6ZZHHA6A35B8D06DC1114D92CE3101 | 108 | 1002 | /storage/data | /sbin/nologin | 23 | 2011-01-19 13:07:33 | 2011-01-19 11:47:54 |
| 11 | upload | Clear_text | 108 | 1002 | /storage/data | /sbin/nologin | 529 | 2011-01-19 10:06:28 | 2011-01-06 16:01:30 |

We want to update the crypt password from the mysql shell. The following command will update the user ftp with a new crypt password:

update ftpuser set passwd=PASSWORD('KLatttGuya') where userid='ftp';

You can see the password in clear text here ‘KLatttGuya’ because of the option PASSWORD mysql knows that it must store a crypt password.