Add Danish NemID X.509 public certificate to RIPE Database


If you ever used the RIPE Database.

You know the following RIPE Maintainer Authentication methods is possible.

  1. SSO (a.k.a. single sign on)
  2. key-cert (GnuPG keys + X.509 certificate)
  3. MD5 encrypted passwords


  1. IF you have the danish NemID follow the guidelines here to configure NemID on your computer. And then for you email program.
  2. Go find your public certificate here and download it.
  3. Open the certificate locally on your computer and prepend every line with ‘certif: ‘ so it looks the example below. Remember the key-value pairs:
    • key-cert: auto
    • mnt-by: xyz
    • source: ripe


  • from older RIPE documentation.
key-cert: AUTO-1
certif: -----BEGIN CERTIFICATE-----
certif: Ew91ay5idC50ZXN0LXVzZXIxLzAtBgkqhkiG9w0BCQEWIHRlc3QtdXNlckBsaW51
certif: AQEArv3srxyl1QA3uS4dxdZbSsGrfBrMRjMb81Gnx0nqa6i+RziIf13lszB/EYy0
certif: PgLpQFdGLdhUQ52YsiGOUmMtnaWNHnEJrBUc8/fdnA6GVdfF8AEw1PTfJ6t2Cdc9
certif: 2SwaF+5kCaUDwmlOgbM333IQmU03l3I1ILs32RpQyZ+df/ovHNrVzeLc2P59isac
certif: bfjM2S0SXPQzHjuVLH40eOgVuXA/5LAYs51eXqwtKszSxFhqekf+BAEcRDrXmIT4
certif: e3zfiZOsXKe0UfaEABgHUMrYjsUCJ8NTMg6XiVSNwQQmXCdUbRvK7zOCe2iCX15y
certif: IE5DQyBDQTAdBgNVHQ4EFgQUzdajNaRorkDTAW5O6Hpa3z9pP3AwgZsGA1UdIwSB
certif: d2FyZSBQS0kgVGVzdGluZzEfMB0GCSqGSIb3DQEJARYQc29mdGllc0ByaXBlLm5l
certif: dIIBADANBgkqhkiG9w0BAQQFAAOBgQByg8L8RaiIz5k7n5jVwM/0oHSf48KRMBdn
certif: YdN2+eoEjVQbz48NtjbBTsOiUYj5AQWRHJrKtDQ+odbog0x7UsvhXjjBo/abJ6vI
certif: AupjnxP3KpSe73zmBUiMU8mvXLibPP1xuI2FPM70Y7fgeUehbmT7wdgqs7TEtYww
certif: PeUqjPPTZg==
certif: -----END CERTIFICATE-----
mnt-by: YOUR-MNT
source: RIPE

Afterwards you should be able to sign emails send to “RIPE Database” <> with your NemID certificate and the updates gets approved if your maintainer has authorization over the object you try to create/modify/delete.


My X.509 certificate

MariaDB Galera Cluster on Ubuntu 18.04

Install required packages

  • dist-upgrade: Optional! Updates the Linux kernel if new minor updates are available.
  • ufw: Tool for easier administration of firewall rules.
  • mariadb-server, mariadb-client, galera-3, rsync: Required for running the Galera Cluster.
sudo apt-get update && \
sudo apt-get upgrade -y && \
sudo apt-get dist-upgrade -y && \
sudo apt-get autoremove && \
sudo apt-get install mariadb-server mariadb-client galera-3 rsync -y && \
sudo apt-get install ufw -y

Optional packages

If you want to be able to tell on your switch/router wich server has wich hostname you can install lldp and snmp to be able to do remote monitoring of the hosts.

sudo apt-get install lldpd snmpd -y

Configuring the Cluster nodes

Stop the MariaDB service on all hosts!

sudo service mysql stop

Open up the following ports between hosts.

sudo ufw allow proto tcp from to port 3306,4567-4568,4444
sudo ufw allow proto udp from to port 4567

Note: Subsitute the subnet above ( with the subnet your MariaDB galera hosts are located in!

On the FIRST host

It is required all hosts have the same config for the galera cluster to work.

MariaDB looks up config in the /etc/mysql/ dir. We can add additional config files in the /etc/mysql/conf.d/ dir ending in .cnf and it will be loaded in addition to the MariaDB main configuration files.

sudo nano /etc/mysql/conf.d/galera.cnf

# Galera Provider Configuration

# Galera Cluster Configuration
# Name of the cluster. MUST be identical on all hosts.
# wsrep_cluster_address: both IP and DNS names
# of the cluster hosts can be used.

# Galera Synchronization Configuration

# Galera Node Configuration
# Local hosts IP address
# Local host hostname.

Additional hosts

Do the same as above, but rememember to edit wsrep_node_address and wsrep_node_name!

Setting up Galera

On the FIRST host do:

sudo galera_new_cluster

This HAS TO BE DONE to ensure when the additional hosts mariadb server is started. They have an exisiting already configured and running Cluster node to connect to.

You can verify the number of cluster members by running

mysql -u root -p -e "SHOW STATUS LIKE 'wsrep_cluster_size'"

each time to startup a new cluster node.

| Variable_name      | Value |
| wsrep_cluster_size | 1     |


Bring up host no.2 and verify the number of cluster members.

mysql -u root -p -e "SHOW STATUS LIKE 'wsrep_cluster_size'"
| Variable_name      | Value |
| wsrep_cluster_size | 2     |


Bring up host no.3 and verify the number of cluster members.

mysql -u root -p -e "SHOW STATUS LIKE 'wsrep_cluster_size'"
| Variable_name      | Value |
| wsrep_cluster_size | 3     |

Debian maintenance user

If your system uses the Debian maintenance user (see in /etc/mysql/debian.cnf). You will need to make sure all host members in the cluster is configured with the same credentials. As the credentials from the 1st cluster host will be synced to additional hosts joining the galera cluster.

host     = localhost
user     = debian-sys-maint
password = 03P8rdlknkXr1upf
socket   = /var/run/mysqld/mysqld.sock
host     = localhost
user     = debian-sys-maint
password = 03P8rdlknkXr1upf
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

Verifying replication works

First node

Create a test database and insert some data.

mysql -u root -p -e 'CREATE DATABASE playground;
INSERT INTO (type, quant, color) VALUES ("slide", 2, "blue");'

Second node

mysql -u root -p -e 'SELECT * FROM;'
| id | type  | quant | color |
|  1 | slide |     2 | blue  |

Insert some more data.

mysql -u root -p -e 'INSERT INTO (type, quant, color) VALUES ("swing", 10, "yellow");'

Third node

Verify data created on node2 exists on db in node3.

mysql -u root -p -e 'SELECT * FROM;'
| id | type  | quant | color  |
|  1 | slide |     2 | blue   |
|  2 | swing |    10 | yellow |

Add an additional data string to the databas.

mysql -u root -p -e 'INSERT INTO (type, quant, color) VALUES ("seesaw", 3, "green");'

First node

Verfiy the data created on node3 exists on node 1.

mysql -u root -p -e 'SELECT * FROM;'
| id | type   | quant | color  |
|  1 | slide  |     2 | blue   |
|  2 | swing  |    10 | yellow |
|  3 | seesaw |     3 | green  |


If all is well. You should now have a three hosts running and working MariaDB Galera Cluster.

Notes to remember

  1. Traffic between the cluster hosts is not encrypted. So either remember to put them in a private subnet or enable encryption for cluster member traffic.
  2. There are other available state snapshot transfer agents available apart from rsync. Fx. xtrabackup. Remember to always look at your options.


Windows Title Updater for the RIPE NCC Database

View Script og GitHub

// ==UserScript==
// @name         TitleFixer - RIPE Database
// @namespace
// @version      1.1.6
// @description  Change the title to something meaningful
// @author       netravnen
// @match*&key=*-RIPE&type=person
// @match*&type=person&key=*-RIPE
// @match*&key=*&type=mntner
// @match*&type=mntner&key=*
// @match*&key=ORG-*-RIPE&type=organisation
// @match*&type=organisation&key=ORG-*-RIPE
// @grant        none
// @UpdateURL
// @homepageURL
Update 1.1.6 2018-08-08 Moved source to
Update 1.1.5 2017-10-25 Updated namespace
Update 1.1.4 2017-10-25 Updated author github nickname because was changed in the past + Added @homepageURL
Update 1.1.3 2017-04-03 [..]
Update 1.1.2 2017-04-03 Updated regex to allow for 0 numbers in -RIPE strings
Update 1.1.1 2017-04-03 Updated inflexibel regex to of person/org chars in -RIPE strings
Update 1.1.0 2017-03-14 Added types maintainer and organization
Update 1.0.0 2017-03-14 Initial Commit
// ==/UserScript==

(function() {
    'use strict';

    var type,title,identity,website;
    identity = document.getElementById( 'results' );
    website = document.getElementById( 'logo' ).getAttribute( 'alt' );
    // Person
    if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=([A-Z]{2,4})([0-9]+)?\-RIPE\&type=person|type=person\&key\=([A-Z]{2,4})([0-9]+)?\-RIPE)/ )) {
        type = 'PERSON';
        title = location.href.match( /([A-Z]{2,4})([0-9]+)?\-RIPE/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(1)' );
    // Maintainer
    else if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=([a-z0-9]+)\-mnt\&type=mntner|type=mntner\&key\=([a-z0-9]+)\-mnt)/ )) {
        type = 'MAINTAINER';
        title = location.href.match( /([a-z0-9]+)\-mnt/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(2)' );
    // Oranization
    else if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE\&type=organisation|type=organisation\&key\=ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE)/ )) {
        type = 'ORGANIZATION';
        title = location.href.match( /ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(2)' );
    title = title.toUpperCase();
    identity = identity.innerHTML.split(":")[1].trim();
    document.title = title + ' - ' + identity + ' - ' + type + ' - ' + website;
    console.log("Title tag splurged - TitleFixer - RIPE Database v1.1");

Compiled list of Acronyms in the Network Field of A LOT of Things

The list is still subject to updates and changes  from time to time.
Last updated: 20170121.
6PEIPv6 Provider Edge Router
6VPEIPv6 Virtual Private Network Provider Edge Router
ABCAbstract Base Class
ACEAccess Control Entry
ACIDAtomicity, Consistency, Isolation, and Durability
ACLAccess Control List
ACPIAdvanced Configuration and Power Interface
ADOActiveX® Data Objects
ADSIActive Directory Service Interfaces
AFAddress Family
AFIAddress Family Identifier
AICApplication Integration Component
ANSIAmerican National Standards Institute
ANSI SQLAmerican National Standards Institute Structured Query Language
APIApplication Programming Interface
APMAdvanced Power Management
APPCAdvanced Program-to-Program Communication
ARPAddress Resolution Protocol
ASAAdaptive Security ApplicanceCisco
ASAvAdaptive Security Virtual ApplicanceCisco
ASCIIAmerican Standard Code for Information Interchange
ASPActive Server Pages
ASRAggregation Service RoutersCisco
ATLActiveX® Library Template
ATMAsynchronous Transfer Mode
AXFRAsynchronous Full Transfer Zone
BASHBourne Again Shell
BDCBackup Domain Controller
BDMBusiness Development Manager
BFDBidirectional Forwarding Detection
BGPBorder Gateway Protocol
BINLBoot Information Negotiation Layer
BIOSBasic Input/Output System
BLOBBinary Large Object
BSDBerkeley Software Distribution
CACertification Authority
CALClient Access License
CDFSCompact Disk File System
CECustomer Edge Router
CICSCustomer Interface Control System
CIFSCommon Internet File System
CIM1. Common Information Model
2. Computer Information Model
CIPCommerce Interchange Pipeline
CLBComponent Load Balancing
CLSIDClass Identifier
CMOSComplementary Metal Oxide Semiconductor
COFFCommon Object File Format
COMComponent Object Model
COMAdminComponent Services Administration
CORBACommon Object Request Broker Architecture
CPECustomer Premise Equipment
CRMCompensating Resource Manager
CSMICICS Mirror Transaction
CSRCloud Services RouterCisco
CSR-XCarrier Routing SystemCisco
CTMCoordinating Transaction Manager
DACLDiscretionary Access Control List
DBGDebug Format
DBMSDatabase Management System
DCOMDistributed Component Object Mode
DDF1. Distributed Database Facility
2. Data Decryption Field
DDLData Definition Language
DDM/DRDADistributed Data Management / Distributed Relational Data Access
DDNSDynamic Domain Name Service
DFSDistributed File System
DHCPDynamic Host Configuration Protocol
DLLDynamic-link Library
DMIDesktop Management Interface
DMLData Manipulation/Modification Language
DMTF1. Distributed Management Task Force
2. Desktop Management Task Force
DNADistributed InterNet Applications
DNSDomain Name System
DPADemand Protocol Architecture
DPLDistributed Program Link
DRFData Recovery Field
DSADirectory System Agent
DSN1. Data Source Name
2. Domain Server Name
DTCDistributed Transaction Coordinator
DTDDocument Type Definition
DTSData Transformation Services
DVDDigital Video (or Versatile) Disk
EAP1. Extensible Authentication Protocol
2. Early Adopter Program
ECMAEuropean Computer Manufacturing Association
EDIElectronic Data Interchange
EFDEarly Fast Discard
EFSEncrypting File System (Windows 2000)
EGPExterior Gateway Protocol
EIGRPEnhanced Interior Gateway Routing Protocol
ELSAElectronic Library Services and Applications
ERPEnterprise Resource Planning
EXEExecutable File
FATFile Allocation Table
FEKFile Encryption Key
FPNWFile and Print Services for NetWare
FQDNFully Qualified Domain Name
FIBForward Information Base
FTPFile Transfer Protocol
GCGlobal Catalog
GDBGNU Debugger
GINAGraphical Identification and Authentication
GITGlobal Interface Table
GPEGroup Policy Editor
GPLGeneral Public License
GPOGroup Policy Object
GREGeneric Routing Encapsulation
GSNWGateway Services for NetWare
GSSCGlobal Solutions Support Center
GTMGo to Market
GUIGraphic User Interface
HAHigh Availability
HALHardware Abstraction Layer
HCLHardware Compatibility List
HIPHigh Impact Project
HLLAPIHigh Level Language Application Programming Interface
HSMHierarchical Storage Management
HTMLHypertext Markup Language
HTTPHypertext Transfer Protocol
IANAInternet Assigned Numbers Authority
IDE1. Integrated Development Environment
2. Integrated Drive Electronics
IDL1. Interface Description Language
2. Interface Definition Language
IDOCIntermediate Document
IEAKInternet Explorer Administrator Kit
IETFInternet Engineering Task Force
IGPInterior Gateway Protocol
IIDInterface Identifier
IISInternet Information Services (Internet Information Server)
IMEInput Method Editor
IMSInformation Management System
IOS XRvCisco
IOS XRv 9000Cisco
IP1. Internet Protocol
2. Intellectual Property
IPCInterprocess Communication
IPSecInternet Protocol Security
IPXInternetwork Packet eXchange
IPv4Internet Protocol Version 4
IPv6Internet Protocol Version 6
IrDAInfrared Data Association
ISAMIndexed Sequential Access Method
ISISIntermediate System to Intermediate SystemJuniper
ISOInternational Organization for Standardization
ISVIndependent Software Vendor
ITILInformation Technology Infrastructure Library
ITSIncompatible Time-Sharing System
IXFRIncremental Transfer
IXPInternet Exchange Point
JDBCJava Data Base Connectivity
JMSJava Message Service
JNDIJava Naming and Directory Interface
JRMIJava Remote Method Invocation
JTACJuniper Technical Assistance CenterJuniper
JTSJava Transaction Service
JUNOSJunos Network Operating SystemJuniper
KCCKnowledge Consistency Checker
KDCKey Distribution Center
KVMKernel-based Virtual Machine
L2TPLayer 2 Tunneling Protocol
L2VPNLayer-2 Virtual Private Network
L3VPNLayer-3 Virtual Private Network
LANLocal Area Network
LCELoosely Coupled Events
LDAPLightweight Directory Access Protocol
LDPLabel Distribution Protocol
LISPList Processor
LORGLarge Organization
LPTSLocal Packet Transport Services
LSALocal Security Authority
LULogical Unit
LXCLinux Containers
MACMedia Access Control
MDACMicrosoft Data Access Components
MFIMultiprotocol Label Switching Forwarding Infrastructure
MICRMagnetic Ink Character Recognition
MIMEMultipurpose Internet Mail Extensions
MLVMultilanguage Version
MMCMicrosoft Management Console
MOFManaged Object Format
MOMMicrosoft Operations Manager
MORGMedium-sized Organization
MP-BGPMultiprotocol Extensions for Border Gateway Protocol
MPLSMultiprotocol Label Switching
MQSMessage Queue Series
MROMaintenance Repair and Operations
MSCSMicrosoft Cluster Service
MSDE1. Microsoft Data Engine
2. Microsoft SQL Server 2000 Desktop Engine
MSFMicrosoft Solutions Framework
MSIMicrosoft Windows Installer
MSMQMessage Queuing
MSP1. Managed Service Provider
2. Messaging Service Provider
3. Message Security Protocol
MTAMulti-threaded Architecture
MTS1. Microsoft Transaction Server
2. Microsoft Technical Support
MVSMultiple Virtual System
NALNetWare Applications Launcher
NAVNet Asset Value
NCP1. Network Control Program
2. Network Control Protocol
3. NetWare Core Protocol
NDISNetwork Driver Interface Specification
NDPSNovell Distributed Print Services
NDSNetWare Directory Service
NFSNetwork File System
NFVNetwork Forward Virtualization
NGFNext Generation Firewall
NIC1. Network Interface Card
2. Network Adapter
3. Network Information Center
NISNetwork Information Service
NLBNetwork Load Balancing
NLSNational Language Support
NNTPNetwork News Transport Protocol
NTPNetwork Time Protocol
NTWNew Technology Workstation
NVTNetwork Virtual Terminal
OCROptical Character Recognition
OCX1. OLE Custom Control
2. OLE Control Extension
ODBCOpen Database Connectivity
OLAPOnline Analytical Processing
OLTPOnline Transaction Processing
OMGObject Management Group
OOObject Oriented
OOADObject Oriented Analysis and Design
OPPOrder Processing Pipeline
ORBObject Request Broker
OSOperating System
OSPFOpen Shortest Path First
OSTAOptical Storage Technology Association
OTMObject Transaction Middleware
PACPrivilege Attribute Certificate
PCLPrinter Control Language
PCMCIAPersonal Computer Memory Card International Association
PDCPrimary Domain Controller
PEProvider Edge
PECPrimary Enterprise Controller
PGProduct Group
PKPrimary Key
PKIPublic Key Infrastructure
PMIProject Management Institute
PnPPlug and Play
POS1. Programmable Option Select
2. Point of Sale
3. Point of Service
4. Packet Over Sonet
5. Persistent Object Server
POSIXPortable Operating System Interface
PPPPoint-to-Point Protocol
PPTPPoint to Point Tunneling Protocol
PSSProduct Support Services
PTMParticipating Transaction Manager
PTRPoint-in-Time Repair
PXEPre-boot Execution Environment
QCEQuality Customer Experience
QEMUQuick Emulator
QFEQuick Fix Engineering
QoSQuality of Service
QvPCQNAP virtualized Personal Computer
RADIUSRemote Authentication Dial-In User Service
RAIDRedundant Array of Independent Disks
RASRemote Access Services
RDRoute Distinguisher
RDORemote Data Object
RDP1. Remote Display (or Desktop) Protocol
2. Reliable Datagram Protocol
RDSRemote Data Services
RFCRequest for Comment
RIBRouting Information Base
RID1. Relative Identifier
2. Record ID
RIPRouting Information Protocol
RISRemote Installation Services
RMResource Manager
ROLAPRelational Online Analytical Processing
RPCRemote Procedure Call
RR1. Resource Records
2. Route Reflector
RSMRemovable Storage Management
RSSRemote Storage
RTRoute Target
RTLRegister Transfer Language
RUPRoaming User Profile
SACLSystem Access-Control List
SAMSecurity Accounts Manager
SANStorage Area Network
SAS1. Secure Attention Sequence
2. Serial Attached SCSI
SCASecurity Configuration and Analysis
SCESecurity Configuration Editor
SCM1. Service Control Manager
2. Security Control Monitor
SCSISmall Computer System Interface
SCTSSecurity Configuration Toolset
SDSecurity Descriptor
SDI1. Secure Dial-In
2. Single Document Interface
3. Smart Database Interface
SDKSoftware Development Kit
SDNSoftware Defined Networking
SFUWindows Services for UNIX
SISystem Integrator
SIDSecurity Identifier
SISSingle Instance Store
SMBServer Message Block
SMSSystems Management Server
SMTPSimple Mail Transfer Protocol
SNASystems Network Architecture
SNMPSimple Network Management Protocol
SPStored Procedure
SPMShared Property Manager
SRSecure RouterCisco
SRMSecurity Reference Monitor
SSDSolid State Disk
SSLSecure Socket Layer
SSOSingle Sign-on
SSPISecurity Support Provider Interface
SVIDSystem V Interface Definition
SAASystem Application Architecture
TACTechnical Assistance CenterCisco
TCETightly Coupled Events System
TCOTotal Cost of Ownership
TCP/IPTransmission Control Protocol/Internet Protocol
TCTTerminal Control Table
TFTPTrivial File Transfer Protocol
TGSTicket-Granting Service
TGT1. Transaction Group Type
2. Ticket Granting Ticket
3. Target Tracker
TIPTransaction Internet Protocol
TLBType Library
TLSThread Local Storage
TMTransaction Manager
TPTransaction Program
TPDTransactions Per Day
TPHTransactions Per Hour
TPMTransactions Per Minute
TPSTransactions Per Second
TSATarget Service Agent
TTLTime to Live
UCS1. User Coordinate System
2. Universal Character Set
3. Unicode Conversion Support
4. Unified Communication Server
UDF1. Universal Disk Format
2. User-defined function
3. Uniqueness Database File
UDPUser Datagram Protocol
UIUser Interface
UML1. Unified Modeling Language
2. Universal Markup Language
UNCUniversal Naming Convention
UPNUser Principal Name
URLUniform Resource Locator
USBUniversal Serial Bus
USMTUser State Migration Tool
USNUpdate Sequence Numbers
UTFUnicode Transformation Format
VANValue Added Network
vCPEVirtual Customer Premise Equipment
VMVirtual Machine
vPEVirtual Provider Edge
VPNVirtual Private Network
VRFVirtual Private Network Routing and Forwarding Instance
vRRVirtualized Route Reflector
VxDVirtual Device Driver
WANWide Area Network
WBEMWeb-based Enterprise Management
WDMWin32 Driver Model
WFPWindows File Protection
WHQLWindows Hardware Quality Lab
WINSWindows Internet Name Service
WMIWindows Management Instrumentation
WQLWMI Query Language
WSHWindows Script Host
XAExtended Architecture
XDRExternal Data Representation
XMLExtensible Markup Language
XML TIXML Transaction Integration
XSLExtensible Style Language
XSLTExtensible Stylesheet Language Transformations
ZAWZero Administration for Windows

Sources (amongst each other):

Change a line across a bunch of posts in WordPress

To change a line can  in posts across many in WordPress, can manually be a “pain-in-the-ass”-task. But can actually be done quite easily with a single line of MySQL-code, executed from the db-admin-interface (phpmyadmin etc.)

UPDATE wp_posts SET post_content=REPLACE(post_content, 'text-to-be-replaced', 'text-to-insert')

To be more understandable, you use it like this

UPDATE Table-Name SET Field-Name=REPLACE(Field-Name, 'Text-To-Be-Replaced', 'Text-To-Insert');

With this one line, mysql searches the table ‘wp_posts’ and replace all occurrences of the text-snippet it can find, and you are done!

The Other method is to use the wordpress-plugin Search and Replace, which runs from the wordpress admin-section (see Tools-menu!), and you can select which tables, in the database wordpress is installed in, to be searched!

In the mysql-command, the table is stated second after ‘UPDATE’!

See more: wordpress-support-topic and wordpress-plugin-search-and-replace.