best tech certs

the introductions on the Internet are incomplete and not fully operable.I currently know about the following types of certificates:1. keytoolCannot create CA certificate2. createcert.exe from Sybase ASAIt seems that you cannot create a PKCS12 Certificate3. OpenSSLThe most powerful function.Therefore, only OpenSSL is introduced here.After installing the OpenSSL-Win32 to d: \ tools, modify the configuration file d: \ tools \ OpenSSL-Win32 \ bin \ openssl. cfgFind:[CA_default]Dir = $ ENV: OPENSSL_

Script content: The code is as follows Copy Code #!/bin/bash# Author:mos# Script Name:mos_ca.sh# Date time:2013-01-06/23:05:35# version:1.0.2# Description:#[-f/etc/sysconfig/mos_ca.conf] . /etc/sysconfig/mos_ca.confConfig () {CNF=${CNF:-/ETC/PKI/TLS/OPENSSL.CNF}CP $Cnf $CNF. ' Date +%f-%t '. bakdir=${dir:-/etc/pki/ca/}CNY=${CNY:-CN}Pve=${pve:-henan}Cty=${cty:-zhengzhou}Bis=${bis:-youguess}Bnh=${bnh:-tech}opn= ' grep ' sta

certificate is/etc/pki/CA, store the certificate-related information of the intermediate CA in your own directory. To reflect the transfer logic of the trust chain, you can create a directory under/etc/pki/CA, assume that the certificate directory of the intermediate CA is/etc/pki/CA/intermediate /. The process of initializing the certificate directory is no different from that when the Root CA is created: 　　# mkdir /etc/pki/CA/intermediate　　# cd /etc/pki/CA/intermediate　　# mkdir

. In this case, we can use the write list field to implement this ~For example, the company Samba server has a shared directory tech. The company requires that only the boss account and the tech group account have full control, and others have only read-only permissions. If only the writable field is used, the instance's requirements cannot be met, because when writable = Yes, all users can write data. When

Docker starts the listening port, uses HTTP, and can remotely manage the Docker host.Such a scenario has drawbacks, the API level is not provide user authentication, Token, such as authentication, anyone can use the address plus port to control Docker host, in order to avoid such a situation, Docker official support HTTPS, but we need to generate certificates ourselves. The OpenSSL command is used to generate CA certificates, server private keys, client certificates, signatures, and OpenSSL com

Enable uploading of images to the native repository via SSL on the warehouse host nativelyServer side:1. Generate a Certificate[Email protected]:~$ sudo openssl req-x509-nodes-days 365-subj '/cn= ' test.registry.com '-newkey rsa:4096-keyout cer Ts/domain.key-out certs/domain.crt #把证书生成到certs目录下, generate a test.registry.com domain name certificate2. Start the container[Email protected]:~$ Docker run-d-P 500

=650, "alt=" Linux Ftp+ssl implementation FTPs "src=" Http://www.linuxidc.com/upload/2012_09/120924164133188.png " Style= "border:0px;"/>[Email protected] tls]# cd/etc/pki/ca/#切换到与CA服务器有关的目录[Email protected] ca]# mkdir certs #建立与证书有关的目录[Email protected] ca]# mkdir newcerts #与新证书有关的目录[[email protected] ca]# mkdir CRL #证书吊销列表[email protected] ca]# Touch index.txt[email protected] ca]# Touch serial[Email protected] ca]# echo gt; Serial #给serial一个初始值[emai

.i386.rpm-R -- 220 root 686650 wireshark-gnome-1.0.8-1.el5_3.1.i386.rpm[Root @ mail Server] # yum install wireshark-1.0.8-1.el5_3.1.i386.rpm[Root @ mail Server] # tshark-ni eth0-R "tcp. dstport eq 21" (traffic used to capture packets through this port)[Root @ mail ftproot] # cd/etc/pki/CA/[Root @ mail pki] # vim./tls/openssl. cnf[Root @ mail CA] # touch index.txt serial[Root @ mail CA] # mkdir certs newcerts crl[Root @ mail pki] # echo "01"> serial[Ro

LocalityName_default = Zhengzhou O. organizationName_default = MageEdu OrganizationalUnitName_default = Tech ###### The default information can be customized as needed 3. Generate a self-signed certificate 4. Prepare a directory and documents for the certificate [Root @ localhost CA] # mkdir certs crl newcerts [Root @ localhost CA] # touch index.txt [Root @ localhost CA] # echo 01> serial 5. Ins

GuideLike many linuxjournal readers, I have also lived in today's very popular "tech nomads" life, between networks, from one access point to another, where we are in different parts of the real world and remain connected to the Internet and other networks we use on a daily basis. Recently I have found that more and more network environments are starting to block common ports such as SMTP (port), SSH (Port 22), and so on. When you walk into a café and

Requirements:1. Establish a HTTPD server that requires:provides two name-based virtual hosts:(a) www1.stuX.com, page file directory is/web/vhosts/www1; error logFor/var/log/httpd/www1.err, the access log is/var/log/httpd/www1.access(b) www2.stuX.com, page file directory is/web/vhosts/www2; error logFor/var/log/httpd/www2.err, the access log is/var/log/httpd/www2.access(c) Establish their own home page file/index.html for two virtual hosts, respectively, with their respective host names(d) Output

=-wNyEUrxzFU " Asciinema Recording command line Operations PIP3 Install Asciinema Asciinema rec asciinema play https://asciinema.org/a/132560 " View all properties and methods of an object Pip install pdir2 >>> import pdir,requests >>> Pdir (requests) module attribute: __cached__, __file__ , __loader__, __name__, __package__, __path__, __spec__ Other: __author__, __build__, __builtins__, __copyright__, __l icense__, __title__, __version__, _internal_utils, adapters, API, Auth,

Remote]type = Imapremotehost = $dav _mail_serverremoteport = 1143remo Teuser = $your _account, no @remotepass = $your _pwdssl = Falsesslcacertfile =/etc/ssl/certs/ Ca-certificates.crtmaxconnections = 1realdelete = noAttention:1. The company mailbox in the custom directory preferably no Chinese name, or bad luck will be error2. To create a local directory ~/mail3. Maxcoinnections can only be set to 1, more than 1 I have encountered an error, can only

1, the first configuration nginx and other plug-ins, this Google, a lot of configuration options.2. Configure the server's certificate. The procedure is as follows:[Email protected] ~]# cd/etc/pki/tls/certs [[email protected] certs]# MakeServer.key umask the ; /usr/bin/openssl genrsa-aes1282048>server.keygenerating RSA private key,2048BitLongModulus ..... ..... ..... ..... ... .. ................-.....-....

1. Environment 1) Ubuntu14.04 2) Docker 1.12.0 2, in the Ubuntu14.04 virtual machine installed Docker 1.12.0, this experiment to create two virtual machines, The IP is 192.168.110.137 and 192.168.110.138, where 192.168.110.138 's hostname is ip-192-168-110-138.ec2.internal, and the hosts in 192.168.110.138 The following records are added to this 192.168.110.138 ip-192-168-110-138 ip-192-168-110-138.ec2.internal 3. Environment configuration 1) Configuration of 192.168.110.138 Add the followin

delete permissions3. ACL policiesGetfacl file view ACL policySetfacl[options] u: User name: Permissions fileSetfacl[option] G: Group name: Permission file- m defines an ACL policy- x deletes the specified ACL policy- b clears all ACL policies that have been set- R recursive settings- D Set default permissions for the directoryI. Basic authority and attributionThe company's technical department has a Linux development server, according to the composition of the project team within the Dep

belongs to insecure in the official eyes of Docker, but this is just a self-signed certificate to illustrate the deployment steps of secure registry. 1, the production of self-signed certificate If you have a certificate signed by a well-known CA, this step can be ignored directly. $ openssl req -newkey rsa:2048 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crtGenerating a 2048