Friday, July 27, 2007

Biryani, History, Receipe ....

Biryani is a very well known Indian Dish, known for its unique flavor and taste.


Some of the interesting facts that I have collected are as follows
1. 2 AD mentions a Rice Dish known as "Oon Soru" (Tamil) which was used to "feed" military warriors. The ingredients mentioned were rice, ghee, meat, turmeric powder, coriander powder, pepper and bay leaf. This looks closer to Biryani we know of today.

2. "Birian" happens to be a Persian word, which means "Fried before cooking". The name itself proposes a cooking style for Rice/Meat. The "Dum" or "cooking in steam" style of cooking has also its origins in Arabia.Many Historians beleive that this is the origination of Biriyani. However you can argue that "Birian" may owe its origination to the 2nd century dish "Oon Soru".

3. Taimur (1336-1405) happens to be the "muslim ruler" who brought this dish to India from Persia according to some documentation. Taimur was in India between 1394 and 1399.

4. There is also story mentioned in Mughal Era that Mumtaz Mahal(1593-1631) once did a surprise visit to army barracks, and found that the army personnels were under nourished. She asked her chef to cook a dish which has Rice, Meat and spices giving carbs, protiens etc in right quantity to the warriors and this is the origins of Biryani. Now this story has resemblance to fact presented in #1 and in time line can be considered factually correct after Taimur's invasion.

5. Lucknow (Awadhi) Biryani is considered the "start" of all the Biryani's.

6. 1856, British deposed Nawab Wajid Ali Shah in Calcutta, as his cooks moved with him to Calcutta it gave rise to Calcutta Biryani.

7. Hyderabadi Biryani also has its traces in Mughal empire. The origins of the Asif Jahi dynasty can be traced to Chin Qalich Khan who was the grandfather of the first Nizam and the commander of the Mughal army during Aurangzeb’s reign. Chin Qalich Khan led the attack of the Mughal army into the Deccan under his Emperor’s ambitious plans of expanding the Mughal empire. During Aurangzeb’s last siege of Golconda in 1687, Chin Qalich Khan was wounded. He died in Atapur village near Himayath Sagar. Chin Qalich Khan’s son, Nawab Ghaziuddin Khan, married the daughter of Sadullah Khan, Prime Minister of Aurangzeb. A son was born, and the Emperor named him Mir Qumaruddin. At 26, he was appointed Commander in Chief and Viceroy, first at Bijapur, then Malwa and later of the Deccan.Subsequently, the Mughal empire declined. There was much confusion after the death of Aurangzeb, and Mir Qumaruddin established his position as Viceroy Farukh Siar who was the Mughal Emperor for a brief tenure conferred on Mir Qumaruddin the title Nizam-ul-mulk Fateh Jung. He thus became the first Nizam. appointed Nizam-ul-mulk (1724) as the Asfa Jahi ruler of Hyderabad. Under Nizam-ul-mulk present day "Hyderbadi Biryani" came into existence. The nizams also had a vegetarian version of Biryani and called it Tahiri(Tehri) Biryani.

8. The other branch of biryani is supposed to have crossed the Arabian Sea and come to Calicut, brought in by the Arab traders. The Calicut Biryani is served with vinegar pickles and papads fried in coconut oil, is a softer variety and light on the stomach has no relation in terms of taste to the other biryanis in the country.

9. In the northwest Memoni Biryani (people who inhabited the area between Sindh Gujarat and Pakistan) got evolved which is an extremely spicy biryani.

10. Another northwest Biryani that got famous is Sindhi Biryani which has its unique falvor through addition of "dried plums" and it also borrows addition of "potatoes" from Bombay Biryani.

Receipe for Biryani

One midway shortcut is to use either Laziza/Shaan Biryani Mix. If you don't want to do that and want it to be done using the first principle then here is the recipe. You can also make "Vegetarian biryani" by replacing Meat with combination of (Carrots, Cauliflower, Beans, Potatoes and Capsicums) although you would find me saying there isn't such thing as Veg biryani ;-)

2 pounds of Lamb or Chicken or Goat
2 pounds of Basmati Rice (long grain)(soaked in water for 30 minutes)
1 pound of Potato
2-3 Tomato
A cup of Yogurt
Salt (to taste)
2 medium Onions
2 tsp. of Garlic Paste
2 tsp. of Ginger Paste
(If you don't plan to use the masala mix then following spices are needed)

1 tsp. of Red Chilli Powder
8 small Cardamoms
4 big black Cardamoms
10 Cloves
10 pieces of solid Black Peppers
1 tsp. of Cumin
1 Cinnamon Stick
2 Bay Leaves
5-10 dried plums

Oil 2/3 cup
6 Green Chillies
1 bunch of Cilantro Leaves
1/2 bunch of Mint Leaves (Podina)
2 tsp of Saffron
1 Lemon cut thin

Slice the onion in hoizontal way so that rings are formed and fry it in oil until its light brown.
Add garlic, ginger, salt, chili powder, cloves, cardamoms, black peppers, zeera, bayleaves, cinnamon to the above mix. Fry this until the water is dry.
Add the meat and fry it again for 10 minutes.
Add yogurt and dry plums to the mix and fry for 5 mins.
Add some water and cook on low heat until the meats cooked. Lamb without pressure cooker takes 2-3 hours while chicken takes 45 mins.
Peel the potatoes and cut them into large chunks. Boil (or microwave) them until they're half cooked. Add it to the mix and cook for more time till everything is cooked.
At the end there should be 2-3 cups of gravy in the mix atleast and it should be a thick gravy

Soak Rice in warm water for 20-30 mins.
Remove water from Rice and after its dry stir it in a pan of butter (5 tsps)
Now add saffron to the mix and put it in rice cooker. Make Sure that rice has to be 3/4th cooked and not totally cooked. I cook this in lamb broth that i make of 1-2 bones and meat jsut for more flavor.

Take a big aluminum tray (biggest in the store) and then form this layer

Layer 1: Rice

Layer 2: gravy of lamb and lamb peices

Layer 3: mint, cilantro chopped with lemon slices.

Repeat this till the tray is full with top layer always being layer3. Keep this in oven for 30-45 mins for 300C.

Wednesday, July 25, 2007

How to create Custom CA and Certificates for SSL using Open SSL

Step 1. Go to and download the binary.

Step 2. Create directories to hold your CA keys, your server keys and, ifyou want to use SSL client authentication, your client keys. For the sakeof argument let's assume that these directories are called "ssl/ca","ssl/server" and "ssl/client".

Step 3. Create a private key and certificate request for your own CA:openssl req -new -newkey rsa:1024 -nodes -out ssl/ca/ca.csr -keyoutssl/ca/ca.key

Step 4. Create your CA's self-signed certificate (note lasts one year -increase the days setting to whatever you want):openssl x509 -trustout -signkey ssl/ca/ca.key -days 365 -req -inssl/ca/ca.csr -out ssl/ca/ca.pemWINDOWS USERS:If you copy the ca.pem file to ca.crt and edit the file sothat the strings "TRUSTED CERTIFICATE" read "CERTIFICATE", you can importyour CA certificate into your trusted root certificates store.

Step 5. Import the CA certificate into the JDK certificate authoritieskeystore:keytool -import -keystore $JAVA_JOME/jre/lib/security/cacerts -filessl/ca/ca.pem -alias my_caWindows users need to replace $JAVA_HOME with %JAVA_HOME%.

Step 6. Create a file to hold your CA's serial numbers. This file startswith the number "2":echo "02" > ssl/ca/

Step 7. Create a keystore for your web server.keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystoressl/server/server.ks -storetype JKS

Step 8. Create a certificate request for your web server.keytool -certreq -keyalg RSA -alias tomcat -filessl/server/server.csr -keystore ssl/server/server.ksYou need to edit the certificate request file slightly. Open it up in atext editor and amend the text which reads "NEW CERTIFICATE REQUEST" to"CERTIFICATE REQUEST"

Step 9. Have your CA sign your certificate request:openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserialssl/ca/ -req -in ssl/server/server.csr -outssl/server/server.crt -days 365

Step 10. Import your signed server certificate into your server keystore:keytool -import -alias tomcat -keystoressl/server/server.ks -trustcacerts -file ssl/server/server.crtYou should see a message "Certificate reply was installed in keystore".

Step 11. Import your CA certificate into your server keystore:keytool -import -alias my_ca -keystoressl/server/server.ks -trustcacerts -file ssl/ca/ca.pemThis step is only necessary if you wish to use SSL client authenticationwith Tomcat.

Step 12. Set up an SSL connector for Tomcat. I assume that you know, or canfind out, how to do this. Open up conf/server.xml in a text editor andsearch for the text "keystoreFile". Ensure that the attribute value is thekeystore you've created above.


Step 13. Create a client certificate request:openssl req -new -newkey rsa:512 -nodes -out ssl/client/client1.req -keyoutssl/client/client1.keyThe common name of the client must match a user in Tomcat's user realm ( entry in conf/tomcat-users.xml).

Step 14. Have your CA sign your client certificate.openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserialssl/ca/ -req -in ssl/client/client1.req -outssl/client/client1.pem -days 365

Step 15. Generate a PKCS12 file containing your server key and servercertificate.openssl pkcs12 -export -clcerts -in ssl/client/client1.pem -inkeyssl/client/client1.key -out ssl/client/client1.p12 -name"my_client_certificate"

Step 16. Import the PKCS12 file into your web browser to use as your clientcertificate and key.Repeat steps 13-16 as often as required.

Step 17. Enable client certificate authentication in Tomcat. Open upconf/server.xml and search for the text "clientAuth". Set the value of theattribute to "true".

How to Set Apache as Reverse Proxy to Weblogic using SSL

1. Apache Setup
I. Install from following installer apache_2.0.59-win32-x86-openssl-0.9.7j.msi
II. Make sure we install on C:\ApacheGroup or something rather than Program Files\Apache Group because SSL configuration has problems with spaces.
III. You will find an Icon for ApacheMonitorService on your system Tray. Click it and it should show something like below

I. click Stop to stop Apache Server
II. Copy the files ssleay32.dll and libeay32.dll from the Apache2/bin directory to Winows\System32
III. Copy this file in Apache2/bin directory
IV. Go to bin directory of Apache and give this command

V. openssl req -config openssl.cnf -new -out my-server.csrThis creates a certificate signing request and a private key.Look for attaché screen shot

I. Now Apache on Windows cannot understand private key which is encrypted, hence we need to unencrypt this as follows

openssl rsa -in privkey.pem -out my-server.key

II. Now we need to generate the Self Certificate using following command

openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365

III. Now we need to create a directory inside Apache2/conf directory called ssl and copy the two files my-server.key and my-server.cert to this directory.
IV. Go to Apache2/conf and open httpd.conf and uncomment the line to enable SSL LoadModule ssl_module modules/
V. Change following lines in httpd.conf so that ssl is on always
# Bring in additional module-specific configurations

Include conf/ssl.conf

To be just


# Bring in additional module-specific configurations
Include conf/ssl.conf
VI. Open ssl.conf in Apache2/conf and change following
VII. Keep only one thing SSLRandomSeed startup builtin
VIII. Remove the tags and so that SSL is ON always.
IX. Change the file for the entry as SSLSessionCache none and comment the two lines
i. #SSLSessionCache dbm:logs/ssl_scache
ii. #SSLSessionCacheTimeout 300
X. Change the following entries SSLCertificateFile conf/ssl/my-server.cert and SSLCertificateKeyFile conf/ssl/my-server.key
XI. Now from the System tray start the Apache Server.
XII. If there is some service running on 443 (like on doc) then change ssl.conf every place to some other port like 6443. There should be three places like Virtual Host, Listen, and ServerName
XIII. Now from browser if we run https://machine:port/ (https://doc:6443) we should see
I. Now again stop the Apache Server. From bea813/weblogic81/server/bin copy the to Apache2/modules directory
II. Open the httpd.conf and below the ssl uncommented LoadModule add this
LoadModule weblogic_module modules/
III. Open ssl.conf and add following lines to it

SetHandler weblogic-handler
WebLogicCluster weblogicmachine:weblogicnonsslport
Debug ALL
WLLogFile logs/weblogic_access.log

SetHandler weblogic-handler
WebLogicCluster weblogicmachine:weblogicnonsslport
Debug ALL
WLLogFile logs/weblogic_access.log

IV. Note the logging All is for test and once everything works, remove Debug and WLLogFile entry from both locations.

How to Set Apache as Forward Proxy for http/https ?

1. Enable following lines in httpd.conf
LoadModule proxy_module modules/
LoadModule proxy_connect_module modules/
LoadModule proxy_http_module modules/
LoadModule proxy_ftp_module modules/

2. Add a directive like

ProxyRequests On
AllowCONNECT 80 7002 443

Order deny,allow
Allow from all
AuthType Basic
AuthName "Password Required"
AuthUserFile "C:/Apache2.0/Apache2/passwords/password"
Require user ukamath

3. Need to create password for user using Apache/bin/htpasswd.exe and place it in the file mentioned above.

4. Tell the Firefox/IE that for both http/https the proxy is same that is Apache machine on port 80. You don't need to do anything with SSL for forwarding SSL on apache.