Kevin Bauer The rants and ramblings of Kevin Bauer.


PHPMyAdmin Installation

Several friends of mine who enjoy running LAMP (Or WAMP) tend to ask for help installing PHPMyAdmin. It's a great administration and development tools that is incredibly easy to install.

How To:
There only major requirements for the latest PHPMyAdmin builds is PHP5.2+ and MySQL 5. To check compatability, upload a PHPINFO file. As long as your PHP version (Should be at the very TOP of the page) is 5.2 or higher, and your MySQL version (found under the MySQL tab as "Client API version" is 5 or higher, you should be ready to install it.

To Create a PHPINFO file, add the following to a file, and upload it to your server.

PhpMyAdmin is just a normal PHP script used to manipulate MySQL databases. To install it simply download the latest release with your preferred archive type here, and extract & upload to your server. If you wish to use only your MySQL database login, all you will need to edit is the and enter a blowfish secret. This is used as a salt for cookie-based authentication. Once you're done entering some random text, save this file as and your PHPMyAdmin should now be functional!

Filed under: How To's No Comments

4096 vs 2048 bit for SSL.

One of the companies I own has a lot of clients who generally inquire if they need either 1024, or 2048 bit private keys when generating a keypair for SSL on their website. I've never recommended either, as 4096 private are far more secure with only a slight performance reduction.

The only downside is certain proprietary applications, and old browsers aren't setup to handle 4096 bit. I've rarely run into problems with compatability, but I believe it should be strongly deployed as to influence those developers to upgrade their cryptography backends.

Some How To's:

Generating a 4096 bit RSA key with OpenSSL.

Encrypted key file. (Make sure you note down your password as if you lose it, your key is USELESS!)

openssl genrsa -des3 -out my.key 4096

Non-encrypted key file.

openssl genrsa -out my.key 4096

Generating a CSR (Certificate Signing Request) for a CA (Certificate Authority).

If you wish to make a CSR to have your public key signed by a CA such as Verisign/Geotrust/Globalsign.

openssl req -new -key my.key -out my.csr

You should NEVER give out your private key to your CA or anyone! Store it in a safe place, with a backup. Some CA's will NOT reissue lost or compromised certificates.

Signing your own key.

openssl x509 -req -days 730 -in my.csr -signkey my.key -out my.crt

Signing your key will save you the few bucks a year a CA will charge you, but it will not be recognized by others unless they import your certificate. Self-signed SSL's are great for hobby-use, or running internal servers, but are useless for any real public use. There ARE free (albeit less trusted CA's) such as Startcom that will sign domain-based certificates for free.

Filed under: How To's No Comments