Certificate Signing Request and private key for SSL Certificate

Certificate Signing Request and private key for SSL Certificate

The Secure Socket Layer (SSL) is used to encrypt the data stream between the web server and the web browser. SSL uses public key cryptography where two keys are created one is public and another is private. Data is encrypted with server’s private key and can be decrypted by its corresponding public key only. To ensure certificate holder is legitimate a digitally signed certificate is used which is issued by CA (certificate authority like: VeriSign) otherwise browser will show warning message.

Generating private key:

Openssl toolkit is used for creating a CRS (certificate signing request) and private key. It can also be used for creating a self-signed SSL certificates or we can get it signed by CA (Certificate Authority).

Our first step is to create a private key.

nixvilla@nixvilla-dev-vm:$ sudo openssl genrsa -out example.com.key 2048

Generating RSA private key, 2048 bit long modulus

.+++

............................+++

e is 65537 (0x10001)

Above command will generate a RSA private key with 2048 bit which uses Triple-DES encryption which is readable as ASCII text.

2048 bit size key ensures that it can’t be easily cracked by brute force methods. If private key is broken the connections initiated with it would be exposed to whoever has the key.

Generating CSR (Certificate signing request):

After generating private key, we can generate the CSR file which will be used for generating certificate. A certificate can be self-signed or can be signed by any certified authority (CA).

nixvilla@nixvilla-dev-vm:$ sudo openssl req -new -key example.com.key -out example.com.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:IN

State or Province Name (full name) [Some-State]:India

Locality Name (eg, city) []:New Delhi

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example

Organizational Unit Name (eg, section) []:IT dept.

Common Name (eg, YOUR name) []:*.example.com

Email Address []:contact@example.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

A certificate authority (CA) will use this CSR to create SSL certificate.We should keep our private key secret.

Decoding CRS:

We can decode CSR file by the following openssl command.

nixvilla@nixvilla-dev-vm:$  openssl req -in example.com.csr -noout -text

Certificate Request:

Data:

Version: 0 (0x0)

Subject: C=IN, ST=India, L=New Delhi, O=Example, OU=IT dept., CN=*.example

le.com/emailAddress=contact@example.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public Key: (2048 bit)

Modulus (2048 bit):

00:ea:50:6d:13:b2:cb:2c:f6:61:c1:d5:c9:21:8a:

b6:ef:f9:9c:91:71:0c:b2:c0:d1:68:0a:19:5b:4b:

45:c9:2f:df:44:93:1f:8f:65:5a:fb:30:9c:0f:4a:

2c:17:85:5f:90:48:2b:c2:65:5f:79:18:a0:c5:c8:

fc:6d:8e:9f:5a:0c:c7:87:7e:6e:57:f1:1e:3b:0b:

41:8e:81:67:53:54:40:c2:04:75:00:b4:26:bf:f1:

26:c9:60:39:b9:09:71:5f:98:89:b1:0e:56:44:51:

b4:79:64:0c:ad:a9:e4:cb:a2:d1:7a:c6:7b:bb:18:

f3:d3:f4:fc:bc:70:85:39:92:a0:51:89:61:ac:19:

b2:7c:82:6b:f8:c4:c4:34:fa:78:d5:b8:8b:51:d7:

ba:5f:6c:b3:93:c7:06:91:dc:e1:ee:3b:09:63:05:

8c:5b:06:d9:fb:44:43:34:81:af:10:35:53:ef:c8:

8d:b3:c4:13:94:ae:ec:c9:0b:d7:0c:42:ab:30:88:

a7:f0:78:f2:d1:67:7e:bd:2a:72:47:f4:19:0b:fe:

ed:9e:d6:6d:01:00:3b:f9:5b:05:16:16:c1:06:09:

a7:fb:4c:8c:e9:e2:f3:06:08:68:cc:cf:2f:cb:d4:

76:99:a6:ef:ca:ba:9c:17:40:7d:9d:89:17:61:c5:

36:bf

Exponent: 65537 (0x10001)

Attributes:

a0:00

Signature Algorithm: sha1WithRSAEncryption

ca:a5:ff:d3:b4:e3:3f:10:8d:23:b2:4b:7b:ea:5b:86:d6:35:

ae:1f:e1:e6:de:b1:e2:d8:7c:e0:1b:77:ed:b3:76:a6:9d:9f:

5f:13:8a:09:06:34:93:ea:4c:15:87:6d:2b:71:a4:e7:bc:38:

7b:00:39:d3:ee:4a:42:cc:2d:e8:d3:47:be:a1:bc:41:8a:35:

9e:e8:63:25:79:a8:de:d5:89:b4:24:56:fa:00:77:5d:63:5f:

7b:0e:d2:4f:92:3b:a2:05:5b:31:d8:80:ad:4c:5b:dc:b3:d1:

5b:3a:9e:b5:f4:3a:c0:41:a8:29:38:71:c0:bc:d1:d7:06:53:

46:d0:e5:04:2b:47:c1:59:81:e9:17:78:40:79:79:1d:78:21:

13:ed:ae:e0:a4:c9:b0:f3:c5:88:9a:fd:8b:c8:15:dd:c2:80:

6a:6e:86:17:f9:1a:ec:08:b6:7a:b6:6c:7a:5a:0d:39:01:87:

35:00:ed:f3:9a:21:44:79:ae:b5:f5:79:34:24:08:02:31:5f:

b9:cc:54:33:ee:f6:4f:76:0f:bc:5f:dd:eb:5b:da:f8:90:da:

26:00:26:a6:6c:2f:43:cf:79:6e:31:f3:ce:fb:bb:43:0d:be:

05:8c:47:ab:47:d7:3b:6f:8f:38:5f:39:78:11:d8:b1:8c:66:

99:04:f0:48

This can be used to cross-check the information before getting the certificate.

These are the following information that we can re-check from CSR:

• The bit-length of a CSR and private key pair.
• organization name
• organizational unit name
• common name (domain name)
• locality name
• Country name in 2 letter code.

Read More

Shared Hosting using apache

We can host multiple websites from a single server to utilize the server resources appropriately.

If we are using apache as our web-server, we can do this by two ways:

Shared Hosting

1.) IP-based virtual hosting: 

In IP-based virtual hosting, we are running more than one web site on the same server machine, but each web site has its own IP address.

But, we require multiple IPs in that single server and to assign multiple IPs, we require multiple interface cards.

In Linux based OS we can use below command to add a new virtual interface upon physical interface card and assign IPs to the same:

Create virtual interface card

Here we have 1 physical NIC card eth0 from which we have created 3 virtual NIC card eth0:0, eth0:1, eth0:2 with IP address 192.168.10.1, 192.168.10.2, 192.168.10.3 respectively
.
The server has three IP addresses (192.168.10.1, 192.168.10.2, and 192.168.10.3) which resolve to the names www.example.com, www.example.org and www.example.gov respectively.

Below is the sample apache configuration file to use IP based virtual hosting, we can have separate configuration file for each website as well.

Sample IP based virtul hosting

In the above configuration file, we have placed our website code for www.example.com, www.example.org, www.example.gov under /www/example, /www/example2 and /www/example3 respectively.

We can add number of virtual interfaces as per our requirement and assign relevent IP and host multiple websites.

2.) Name Based Virtual Hosting: 

Name based virtual hosting is a method of running multiple web sites using only one IP Address. It is possible because the HTTP Protocol includes the target address in its headers.

In this configuration, when Apache webserver receives a request, it looks for the hostname in the HTTP header, and depending on the hostname, it servers different websites. In this case we need only one IP-address on that physical server; but, we have to update the DNS with multiple website names pointing to the same IP-address.
For update the website name in DNS we have to update forward lookup zone file and backward lookup zone file.

For forward lookup zone entry:

Forward look-up zone

For reverse lookup zone entry:

Reverse lookup zone

Now server configurations in apache configuration file for several name based hosting on single IP.

Name based virtual hosting

Where,

• NameVirtualHost  IP  – Indicates that all the name-based virtual hosts will be match that IP
• <VirtualHost IP> </VirtualHost> – Enclose all the apache configuration parameters for each and every virtual host between these VirtualHost tags. Any apache directives can be used within the virtualhost container.
• ServerName listens for requests asking for a certain domain
• DocumentRoot is the path to the content for that site
• In the following example, we are setting up virtual host for www.example.com and www.example.org on single IP. So, there will be two <VirtualHost IP> </VirtualHost>, one for each website.


Bazinga... Done. Cheers!!
Thanks Vikas for your input.

Keep visiting and please comment/suggest or ask queries if any.

Read More

Password protect website using Apache

In our website hosting activities, we must have encountered a situation where we need to put our

Password Protect Website

website under password protection to restrict the access.

We can make our website password protected using our apace web-server itself by adding few lines in the websites's web-server (apache) configuration file.

Step1: Make changes to apache configuration file:

In the below sample configuration file, you can make require changes as per your setup Like: we can change the document root path with our code-base location, in my case it is /var/www and website name is www.nixvilla.com.

Sample apache configuration file.

Step2: After apache configuration file is updated, we need to create the AuthUserFile at the specified location, as per the above configuration, we need to create passwd file under /var/local/sites folder.

To create the password file use the below command:

htpasswd -c /var/local/sites/passwd nixvilla

where, 

• -c : Create  the password file, if exists then rewritten and truncated.
• nixvilla: nixvilla is the username, you can replace this with your own username, but same must be changed in the apache configuration file( Require user <username>).

Step3: Now, we need to check the permission and the ownership of the AuthUserFile, in our case it is /var/local/sites/passwd.

ls -l /var/local/sites/passwd

using above command, we can check the permission and ownership.
Normally apache uses www-data user, so we need to change the ownership to www-data.

chown www-data:www-data /var/local/sites/passwd
chmod 0660 /var/local/sites/passwd

Step4: Now, we need to restart the apache process to make the changes reflected.

In debian based systems, like in Ubuntu:

"apache2ctl configtest" command will check the configuration error and will display error message else will show Syntax OK.

If Syntax is Ok then we can gracefully restart the apache.

sudo apache2ctl configtest
sudo apache2ctl graceful

In Redhat/CentOS:

We can use "apachectl configtest" to check the configuration issues. And if all configuration is Ok, we can restart the service:

sudo apachectl configtest
sudo apachectl graceful

Now, we can open our website to test the password protection. If everything goes right, website will ask the password using a password pop-up.

If any issue, we can troubleshoot by referring the error log, whose path is defined in apache configuration file.

tail -f /var/log/apache2/nixvilla-error.log/

Bazinga.... All Done !!

Many thanks for reading the article. Keep visiting and post your comments/suggestions/queries.

Happy New Year...

Read More

DNS server setup in Ubuntu 12.04

DNS stands for Domain Name System, which is a hierarchical distributed naming system. It binds an IP address with a name, so that we can use a name for a website/machine rather than remembering its IP address and use IP address, which is very inconvenient. 

In this article we will use Ubuntu 12.04 LTS as our operating system and bind9 for DNS server.

Setup details:

1. IP Address: 172.16.61.130
2. Domain name: alokranjan.net

Note: Your system's IP may be different and domain name can be of your choice.

Lets start with the installation of bind9 package, which can be installed as below:

alok@ranjan:~$ sudo apt-get install bind9 -y

Once the bind9 package will be installed successfully. we can go ahead with the configuration of a basic DNS server.

First of all, we will edit "/etc/bind/named.conf.local". In this file we define forward zones and reverse zones. That means, when we enter domain name it will translate/resolve into its corresponding IP address and when we use an IP address it will translate/resolve it into name." 

Modified named.conf.local file as following:

zone "alokranjan.net" {
        type master;
        file "/etc/bind/db.alokranjan";
};

zone "61.16.172.in-addr.arpa" {
        type master;
        file "/etc/bind/db.172"; 
};

Where 61.16.172 came from my IP address (172.16.61.130) by eliminating last octet and reversing it.

Now we need to create db.alokranjan and db.172 in /etc/bind/ directory.

/etc/bind/db.alokranjan:

Fig 1:/etc/bind/db.alokranjan

/etc/bind/db.172:

Fig 2:/etc/bind/db.172

Congratulations, we have successfully configured our DNS server. Now we will restart our bind9 service as below:

sudo /etc/init.d/bind9 restart

Now, we need to configure our system (client) to use this DNS server. For this purpose we will edit /etc/resolv.conf as below:

nameserver 172.16.61.130

Now if we use nslookup (nslookup alokranjan.net) to check the IP for alokranjan.net it will show the IP 172.16.61.130.

Bazinga... It's done.

Read More

Recover deleted files in Linux

Sometimes we want to recover deleted from in our Linux machine, so today in this article we will discuss about the same. To recover deleted files we will use Photorec recovery tool though there are many other applications/packages available that we will discuss later. In this article we will use Ubuntu as our OS.

Photorec searches for 80 different types of files and it is part of testdisk package.

Installation:

Package required: testdisk

alok@ranjan:~$ sudo apt-get install testdisk

If we want to recover any image file the we can use the below command:

sudo photorec imagefilename

We can directly recover files from any device as well. For that we can use photorec command without any argument, which will give the menu for available devices.

Then it will ask to select the appropriate disk/media. We can use arrow key to move the cursor and Enter to select the choice.

alok@ranjan:~$ sudo photorec PhotoRec 6.11, Data Recovery Utility, April 2009 Christophe GRENIER <grenier@cgsecurity.org> http://www.cgsecurity.org   PhotoRec is free software, and comes with ABSOLUTELY NO WARRANTY. Select a media (use Arrow keys, then press Enter): Disk /dev/sda - 214 GB / 200 GiB (RO) - VMware Virtual disk [Proceed ]    [  Quit  ] Note: Disk capacity must be correctly detected for a successful recovery. If a disk listed above has incorrect size, check HD jumper settings, BIOS detection, and install the latest OS patches and disk drivers.

System will ask for the partition table type used as below:

Christophe GRENIER <grenier@cgsecurity.org> http://www.cgsecurity.org PhotoRec 6.11, Data Recovery Utility, April 2009 Christophe GRENIER <grenier@cgsecurity.org> http://www.cgsecurity.org Disk /dev/sda - 214 GB / 200 GiB (RO) - VMware Virtual disk Please select the partition table type, press Enter when done. [Intel  ]  Intel/PC partition [EFI GPT]  EFI GPT partition map (Mac i386, some x86_64...) [Mac    ]  Apple partition map [None   ]  Non partitioned media [Sun    ]  Sun Solaris partition [XBox   ]  XBox partition [Return ]  Return to disk selection Note: Do NOT select 'None' for media with only a single partition. It's very rare for a drive to be 'Non-partitioned'.

I have selected Intel/PC partition as my partition type and press Enter to proceed. Then system will ask to select the partition name to recover files, if we want to search in whole disk we can select No Partition.

PhotoRec 6.11, Data Recovery Utility, April 2009 Christophe GRENIER <grenier@cgsecurity.org> http://www.cgsecurity.org Disk /dev/sda - 214 GB / 200 GiB (RO) - VMware Virtual disk      Partition                  Start        End    Size in sectors      No partition             0   0  1 26108  85 25  419430400 [Whole disk]  1 * Linux                    0  32 33 25044 159 11  402339840  2 E extended             25044 191 42 26108  52 56   17084418  5 L Linux Swap           25044 191 44 26108  52 56   17084416 [ Search ]  [Options ]  [File Opt]  [  Quit  ]                               Start file recovery

To recover lost files Photorec will ask for the filesystem type where files were stored as below:

PhotoRec 6.11, Data Recovery Utility, April 2009 Christophe GRENIER <grenier@cgsecurity.org> http://www.cgsecurity.org  2 E extended             25044 191 42 26108  52 56   17084418 To recover lost files, PhotoRec need to know the filesystem type where the file were stored: [ ext2/ext3 ]  ext2/ext3/ext4 filesystem [ Other     ]  FAT/NTFS/HFS+/ReiserFS/...

In our case we have selected the ext2/ext3 as the filesystem by using the arrow key and then press Enter. The Photorec will ask for the location were recovered files will be saved. By default it will save the recovered files in home directory after pressing Y key. If we want to save the recovered files in some other location or to external drive then we can use the arrow key to select .. and hit Enter key and select the desired drive. Once we will select the desired location we can hit Enter to proceed further. 

PhotoRec 6.11, Data Recovery Utility, April 2009 Christophe GRENIER <grenier@cgsecurity.org> http://www.cgsecurity.org Disk /dev/sda - 214 GB / 200 GiB (RO) - VMware Virtual disk      Partition                  Start        End    Size in sectors  2 E extended             25044 191 42 26108  52 56   17084418 Pass 1 - Reading sector    8279378/17084418, 120 files found Elapsed time 0h00m41s - Estimated time for achievement 0h00m43 txt: 98 recovered sqlite: 14 recovered elf: 8 recovered   Stop

After recovering files we can Quit the Photorec to close the application. Recovered files will be stored in recup_dir directory at given location.

 Thanks for reading the article. Keep visiting and let us know your feedback.

Read More

LAMP Server setup in CentOS 6

In this article we will discuss how to setup a LAMP (Linux OS, Apache web server, MySql database,

LAMP Server Setup

PHP) server in CentOS 6 with PhpMyAdmin for graphical administration of MySql.

1. Apache installation and configuration:

For creating a web-server we need to first install and configure Apache web-server. Following are the specification for apache web-server:

•        Packages required: httpd
•       Available in default CentOS repository: Yes
•        Additional module required: mod_ssl ( If you want a ssl enabled website)
•        Default location for apache configuration file:   /etc/httpd/conf/httpd.conf
• .      Default DocumentRoot: /var/www/html

Installation commands for httpd and mod_ssl:

root@alokranjan:~# yum install httpd -y root@alokranjan:~# yum install mod_ssl

  

After installation has done we need to start the httpd service and add this service at start-up.

root@alokranjan:~# service httpd start root@alokranjan:~# chkconfig httpd on

2. Mysql server installation and configuration:

For creating a database we will install and configure MySql. Following are the specification for MySql:

• Packages required: mysql-server 
• Available in default CentOS repository: Yes
• Any Specific module need to compile during mysql installation: phpmyadmin (for graphical interface)
• Available in default CentOS repository: Yes

root@alokranjan:~# yum install mysql-server -y

This command will installed the mysql-server, to create necessary directory structure and some   management system tables we need to execute mysql_install_db command.

root@alokranjan:~# mysql_install_db

To change default settings for Mysql, we need to execute mysql_secure_installation command. This will ask to change defaults values including changing root password which is very important as per security concerns.

root@alokranjan:~# mysql_secure_installation

If this will not successfully change the root password and will ask for old root password, we have to change the password by entering into the safe mode of mysql as below:

[root@alokranjan ~]# service mysqld stop Stopping mysqld:                                           [  OK  ] [root@alokranjan ~]# mysqld_safe --skip-grant-tables & [1] 8915 [root@alokranjan ~]# 131209 04:49:27 mysqld_safe Logging to '/var/log/mysqld.log'. 131209 04:49:27 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql mysql -u root Welcome to the MySQL monitor.  Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.1.71 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use mysql; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> update user set password=PASSWORD("alokranjan") where User='root'; Query OK, 3 rows affected (0.01 sec) Rows matched: 3  Changed: 3  Warnings: 0 mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye [root@alokranjan ~]# service mysqld stop 131209 04:50:55 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended Stopping mysqld:                                           [  OK  ] [1]+  Done                    mysqld_safe --skip-grant-tables [root@alokranjan ~]# service mysqld start Starting mysqld:                                           [  OK  ] [root@alokranjan ~]#

Again run the mysql_secure_installation command to reset the default values:

[root@alokranjan ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL       SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user.  If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQL root user without the proper authorization. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] n  ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them.  This is intended only for testing, and to make the installation go a bit smoother.  You should remove them before moving into a Production environment. Remove anonymous users? [Y/n] Y  ... Success! Normally, root should only be allowed to connect from 'localhost'.  This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] n  ... skipping. By default, MySQL comes with a database named 'test' that anyone can access.  This is also intended only for testing, and should be removed before moving into a production environment. Normally, root should only be allowed to connect from 'localhost'.  This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MySQL comes with a database named 'test' that anyone can access.  This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y  - Dropping test database...  ... Success!  - Removing privileges on test database...  ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y  ... Success! Cleaning up... All done!  If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL!

After installation has done we need to start the mysqld service and add this service at startup.

[root@alokranjan ~]# service mysqld start [root@alokranjan ~]# chkconfig mysqld on

3. PHP installation and configuration:

 PHP is required for back-end programming. Following are the specification for PHP:

• Package required: php, php-mysql 
• Version: PHP5
• Dependencies for PHP package: php-cli , php-common and php-pdo.

Using the following yum command we can install the required php package:

[root@alokranjan ~]# yum install php php-mysql -y

4.PhpMyAdmin installation and configuration:

• Package required: phpmyadmin
• Dependencies: libmcrypt-2.5.8-9.el6.i686.rpm, php-gd-5.3.3-26.el6.i686.rpm, php-mbstring-5.3.3-26.el6.i686.rpm,php-mcrypt-5.3.3-1.el6.i686.rpm, php-php-gettext-1.0.11-3.el6.noarch.rpm, phpMyAdmin-3.5.8.2-1.el6.noarch.rpm
• Available in default CentOS repository: No
• External repository: EPEL
• Default configuration file location: /etc/httpd/conf.d/phpMyAdmin.conf, /etc/phpMyAdmin/config.inc.php

We need to first setup EPEL repository from where we can download and install the required packages for phpmyadmin.

[root@alokranjan ~]# wget http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm [root@alokranjan] rpm –ivh epel-release-6-8.noarch.rpm

Now we can install the phpmyadmin package from EPEL repository as below:

[root@alokranjan ~]# yum install phpmyadmin -y

ForceSSL and auth_type are important config options. SSL should be ON and auth_type http is better; http auth uses MySQL user/pass combinations to restrict access to user-specific databases.

We need to add the following in the configuration file (/etc/phpMyAdmin/config.inc.php) for ForceSSL:

$cfg['ForceSSL'] = true;

We need to change the loopback IP (127.0.0.1) in the following configuration file with the server’s IP:

/etc/httpd/conf.d/phpMyAdmin.conf

Now we are ready with phpmyadmin to be used and can be opened from any web-browser by providing https://<server-IP>/phpmyadmin

Where phpmyadmin is the Alias created for the /usr/share/phpmyadmin.

Below is the screenshot for phpmyadmin login page:

Fig1: phpmyadmin login page 

After providing correct details, it will show the below home page for phpmyadmin:

Fig2. Phpmyadmin home page

Mysql configuration can be changed from https://<serverip>/phpmyadmin/setup

Fig3. Phpmyadmin setup page

This phpMyAdmin panel can’t be accessed from outside. Below is the access denied error message from Apache. If anyone wants to access it from any remote machine then user needs to do tunneling by providing the credentials of the host machine, it makes the phpMyAdmin setup more secure.

Fig4. Forbidden page for phpmyadmin 

This Forbidden message will show the additional server information like: Server OS and Apache version. To disable showing this extra information from Apache server, we have to make the following changes in apache configuration file (/etc/httpd/conf/httpd.conf).

ServerSignature off



Thank you for reading our article, keep visiting and let us know in case any query or suggestion.

Read More