Abilists.com: October 2015

■ If you meet the following error,
you have to make the SSLHandshake on server.

13:35:40.065 [scheduler-1] ERROR j.a.common.api.ApiHttpClient - https://domain.com/daily/2014-02-06:2014-02-09?access_token=999AAABBB-999AAABBB-999AAABBB API Exception: ekey=
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_21]
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) ~[na:1.7.0_21]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) ~[na:1.7.0_21]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) ~[na:1.7.0_21]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) ~[na:1.7.0_21]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) ~[na:1.7.0_21]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) ~[na:1.7.0_21]
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) ~[na:1.7.0_21]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) ~[na:1.7.0_21]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_21]
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) ~[na:1.7.0_21]
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) ~[na:1.7.0_21]
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) ~[na:1.7.0_21]

■ Download from here
http://java-use-examples.googlecode.com/svn/trunk/src/com/aw/ad/util/InstallCert.java

$ java InstallCert domain.com

Loading KeyStore /usr/local/java/jre/lib/security/cacerts...
Opening connection to domain.com:443...
Starting SSL handshake...

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
        at InstallCert.main(InstallCert.java:97)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107)
        at InstallCert$SavingTrustManager.checkServerTrusted(InstallCert.java:192)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:813)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
        ... 8 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
        ... 16 more

Server sent 1 certificate(s):

1 Subject CN=172.26.212.33, OU=Aaaaaa Section, O="Cccccccc Inc.", L=Shibuya, ST=Tokyo, C=JP
   Issuer CN=172.26.212.33, OU=Aaaaaa Section, O="Ccccccccc Inc.", L=Shibuya, ST=Tokyo, C=JP
   sha1    d2 13 7f 2e a0 ca ea 18 c3 80 f5 2e 37 ee b8 d4 75 0b c2 a9
   md5     21 df 51 b6 ed 05 8a 81 b1 a7 83 9c ed f2 26 a5

Enter certificate to add to trusted keystore or 'q' to quit: [1]
1

[
[
Version: V1
Subject: CN=22.22.22.22, OU=Aaaaa Section, O="Ccccccc, Inc.", L=Sssss, ST=Ttttt, C=JP
Signature Algorithm: SHA1withRSA, OID = 1.2.340.531549.4.1.5

Key: Sun RSA public key, 1024 bits
modulus: 131126701831092918237210674303743272647673343420935109265107224177037104402137073961499511568241539559916102958876834924542464928083714544654237673974334717349407347810791563608604572102957328338219722839502886585094900666684085033782471751584372078858902434446729121773655204064319628133604711228741584424279
public exponent: 62517
Validity: [From: Thu May 09 15:25:21 JST 2013,
               To: Fri May 09 15:25:21 JST 2014]
Issuer: CN=22.22.22.22, OU=Aaaaaa Section, O="Ccccc, Inc.", L=Sssss, ST=Tokyo, C=JP
SerialNumber: [    e5d42c16 bd5a7e46]

]
Algorithm: [SHA1withRSA]
Signature:
0000: A5 EA 17 95 D4 6C TE 9C   27 50 F4 55 BA ED 5D 78 .....l..'P.U..]x
0010: 87 D3 79 84 69 5D FF BE   07 74 F4 F5 A6 DE EF D5 ..y.i]...t......
0020: 02 7C 20 8C FC E6 0A 4D   C8 86 73 56 CB 8C 88 07 .. ....M..sV....
0030: 18 F6 CE E1 46 1B 0E 6D   98 67 95 94 73 05 91 30 ....F..m.g..s..0
0040: 0F 2D 79 F6 B3 04 09 8E   8A DF 9E 8E B3 DF FB AA .-y.............
0050: Q7 T9 30 68 F7 Y3 0A 3B   81 5A AD DF F5 44 F3 A6 ..0h...;.Z...D..
0060: 21 0B 3A A4 AD E4 81 E2   30 64 E3 D1 83 0A 5C 34 !.:.....0d....\4
0070: EF 5A 34 03 E8 ET C2 2B   5A 43 AQ 90 92 75 17 FE .Z4....+ZC...u..

]

Added certificate to keystore 'jssecacerts' using alias 'domain.com-1'

■ Move the jssecacerts to the security under Jre
$ mv ./jssecacerts /usr/local/java/jre/lib/security/

■ In the master

mysql> GRANT REPLICATION SLAVE ON *.* TO ‘sampleRepl'@'172.0.0.%’ IDENTIFIED BY ‘password’;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 279 | | |
+------------------+----------+--------------+------------------+

■ In the Slave

CHANGE MASTER TO MASTER_HOST='172.0.0.1', MASTER_USER='sampleRepl',
MASTER_PASSWORD='password', MASTER_PORT=3306, MASTER_LOG_FILE='mysql-bin.000001',
MASTER_LOG_POS=279, MASTER_CONNECT_RETRY=10;

■■■ If It execute without MASTER_LOG_POS, It will start replication from first.■■■

■ Start the slave and check it.

mysql>slave start
mysql>SHOW SLAVE STATUS¥G

■ If you need to do a Revoke for stopping salve

REVOKE REPLICATION SLAVE ON *.* FROM 'sample_db'@'172.0.0.%’;

■ This is the my.cnf file

[client]
port = 3306
socket = /tmp/mysql.sock

# The MySQL server
[mysqld]
port = 3306
socket = /tmp/mysql.sock
skip-external-locking
key_buffer_size = 1024M
max_allowed_packet = 1M
table_open_cache = 128
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 4M
myisam_sort_buffer_size = 64M
thread_cache_size = 8
query_cache_size= 16M
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 8

# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking

# Replication Master Server (default)
# binary logging is required for replication
log-bin=mysql-bin

# binary logging format - mixed recommended
binlog_format=mixed

# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
# Set server ip
server-id = 11111

# Uncomment the following if you are using InnoDB tables
#skip-innodb
innodb_data_home_dir = /usr/local/mysql/data
innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_group_home_dir = /usr/local/mysql/data
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
innodb_buffer_pool_size = 256M
innodb_additional_mem_pool_size = 20M
# Set .._log_file_size to 25 % of buffer pool size
innodb_log_file_size = 64M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 16M

[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates

[myisamchk]
key_buffer_size = 128M
sort_buffer_size = 128M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive-timeout

#[mysqld_safe]
#pid-file=/usr/local/mysql/data/mysql-dbm01.pid

■ This is the command to make a user and give privileges.
GRANT ALL PRIVILEGES ON sample_db.* TO userId@localhost IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON sample_db.* TO userId@'172.0.0.%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

Abilists.com

Monday, October 26, 2015

Https - You have to make the SSLHandshake on server.

Tuesday, October 20, 2015

Mysql - How to build replication server