The latest projects use jetty embedded development, but need to use SSL connection, through 2 hours of effort to build an SSL environment. Includes the generation of certificates.
1: Generate service-side KeyStore Keytool-genkey-alias cheetah-keyalg rsa-keystore e:/cheetah-gateway-web/webroot/ssl/ Cheetah.keystore-vali
With the development of the Internet, it has been deeply in all aspects of people's lives, it can be said that we are inseparable from the Internet. In the face of human dependence, Internet security is increasingly important, personal privacy is increasingly needed to protect. How can we improve the security of our Internet access? How to protect the privacy of our internet? How to prevent being hijacked by hackers? And so on, many security factors need to be taken into account.HTTPS has gradua
commente D out to leave a V1 CRLCRL = $dir/crl.pem # The current CRLPrivate_key = $dir/private/cakey.pem# the private keyRandfile = $dir/private/.rand # private random number file[Req_distinguished_name]CountryName = Country Name (2 letter code)Countryname_default = CNCountryname_min = 2Countryname_max = 2Stateorprovincename = State or province name (full name)Stateorprovincename_default = FJLocalityname = locality Name (eg, city)Localityname_default = FZ0.organizationName = Organization Name (
the visited web site (for example, when visiting Https://example received the "Example Inc." And not the certificates of other organizations);
or the relevant nodes on the Internet are trustworthy, or the user believes that the encryption layer (TLS or SSL) of this protocol cannot be compromised by the listener.
So the key to deploying HTTPS protocol access is certificates. Below is a look at the classification of HTTPS certificates.
Second,
encrypted transmission protocol.
L http and https use different ports for completely different connection methods. The former is 80, and the latter is 443.
L The http connection is simple and stateless.
L HTTPS is a network protocol built by SSL + HTTP for encrypted transmission and identity authentication, which is more secure than http.
4. generate an SSL
I. Android SSL BKS certificate generation process 1. Generate the server JKS certificate:Keytool-genkey-alias Peer-keystore Peer.jks 2. Export the CERT certificate:Keytool-exportcert-alias peer-file Peer.cert-keystore Peer.jks 3. Build the Android client BKS certificateNeed to use Bcprov-ext-jdk15on-151.jar, official website: http://www.bouncycastle.org/latest
(AbstractPooledConnAdapter.java:146)11-26 15:35:01.920: W/System.err(353): at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:654)11-26 15:35:01.920: W/System.err(353): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:370)11-26 15:35:01.920: W/System.err(353): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)11-26 15:35:01.920: W/System.err(353): at org.apache.http.impl
protocol.
Therefore, the relationship between the three is clear: HTTPS relies on a way of implementation, the current common is SSL, digital certificate is to support this secure communication files. There is also SSL-derived TLS and WTLS, the former is Ieft SSL standardization (TSL1.0), and the
relies on a way of implementation, the current common is SSL, digital certificate is to support this secure communication files. There is also SSL-derived TLS and WTLS, the former is Ieft SSL standardization (TSL1.0), and the SSL difference is very small, the latter is used
OpenSSL self-built certificate SSL + Apache
I have prepared it. Well, the following is my note. For details, enter the author name: wingger.In this article, we will test the certificate on Linux9 + apache2.0.52, tomcat5.5.6, j2se1.5, and openssl0.97.The purpose of this article is to communicate. If any errors occur, please advise.Reprinted, please indica
First, you need to understand some basic concepts before installing
1. Certificates used by SSL can be self-generated or signed by a commercial ca such as Verisign or thawte.
2. Certificate concept: First, you must have a root certificate, and then use the root certificate to issue the server
derived from SSL. The former is generated after Ieft standardizes SSL (tsl1.0), which is slightly different from SSL and the latter is used in TSL in wireless environments.
How to encrypt
Common EncryptionAlgorithm
Symmetric cryptographic algorithms: the same key is used for encryption and decryption. Typical cryptographic algorithms include des, R
SSL is a commonly used WEB Service encryption channel. Its full name is Secure Socket Layer, which is also known as the Secure sockets interface. It uses digital certificates to ensure its security mechanism. The main function is encryption and authentication to protect the security of network transmission. It is in the middle of the HTTP and TCP layers.
SSL encryption and authentication use public keys and
Turn from: HTTPS Unidirectional authentication Instructions _ digital certificate, digital signature, SSL (TLS), SASLBecause TLS + SASL is used in the project to do the security authentication layer. So read some online information, here to do a summary.1. First recommend several articles:Digital certificate: http://www.cnblogs.com/hyddd/archive/2009/01/07/137129
(also the TCP client) sends a Clienth*llo after the TCP link is established, which contains the list of algorithms that it can implement and some other required messages.2. The server side of SSL responds to a Serverh*llo, which determines the algorithm required for this communication, and then sends its own certificate (which contains the identity and its own public key).3. When the client receives this m
server requires the customer's identity authentication, the server must check the validity of the customer's certificate and signature random number. The specific validity verification process includes: whether the customer's certificate is valid on the date of use, whether the CA that provides the certificate is reliable, whether the public key of the CA can pr
must check the validity of the customer's certificate and signature random number. The specific validity verification process includes: whether the customer's certificate is valid on the date of use, whether the CA that provides the certificate is reliable, whether the public key of the CA can properly unbind the digital signature of the CA that issues the
website.At this point you should has five files. If you ' re missing any, double-check the previous steps and re-download them:
Ca.pem-startssl ' s Root certificate
Private.key-the unencrypted version of your private key (be very careful no one else have access to this file!)
Sub.class1.server.ca.pem-the Intermediate Certificate for Startssl
Ssl.key-the encrypted version of your privat
start with "Https; 2. A small yellow lock must appear on the IE browser's status bar.
How to apply for an SSL Certificate
Generally, the SSL server certificate application process is roughly as follows: the website administrator runs the certificate application package Ge
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.