cheap certs

crypto-utils-y......│the key would be stored in││/etc/pki/tls/private/www.westos.com.key││the Certificate Stored in││/etc/pki/tls/certs/www.westos.com.crt[Email protected] conf.d]# Genkey www.westos.com/usr/bin/keyutil-c makecert-g 1024-s "cn=www.westos.com, Ou=linux, O=westos, L=xi ' An, St=shannxi, C=CN"-V 1-a-z/etc /pki/tls/.rand.8103-o/etc/pki/tls/certs/www.westos.com.crt-k/etc/pki/tls/private/www.west

1. First create a private CA for 192.168.108.159#cd/etc/pki/ca# (Umask 077;openssl genrsa-out PRIVATE/CAKEY.PEM 2048)#ls private/#touch Index.txt#echo Index.txt2. Create a self-signed certificate on the server#openssl Req-new-x509-key private/cakey.pem-out cacert.pem-days 73003. Generate a Certificate signing request on the Web server, on the 192.168.108.160 virtual machine#cd/etc/httpd#mkdir SSL#cd ssl/# (Umask 077;openssl genrsa-out httpd.key 1024)//Generate key# OpenSSL Req-new-key httpd.key-

/etc/pki/tls/certsMake Sendmail.pemWhen you enter the above command, you will be asked to enter some information, in fact, the same as the previous step. Then configure the/ETC/MAIL/SENDMAIL.MC file Vi/etc/mail/sendmail.mc#然后找到这一行, delete the front dnl. DNL daemon_options (' Port=smtps, Name=tlsmta, M=s ') dnl#然后找到下面这几行, get your certificate path in, remember to delete DNL. DNL define (' Confcacert_path ', '/etc/pki/tls/certs ') dnlDNL define (' Co

SSL certificate configuration for Nginx1. Use OpenSSL to realize Certificate centerbecause you are using OpenSSL to set up a private certificate center, make sure that the following fields are the same in Certificate Center certificates, server side certificates, client certificates Country name or province name locality name organization Name organizational unit name Country name or province name locality name organization Name organizational unit name Edit Certificate C

.certificate and p12.rsa var certs = Wopenssl.x509.parseCert (p12.certificate); Because I don't know how to turn a hexadecimal certificate id:certs.serial into a decimal certificate ID because it's a big plastic biglong var certsdata = {}; Certsdata.certid = Config.certid; Certsdata.key = P12.rsa; certsdata.ca = certs; Deposit config config.certsdata = certsdata; Callback (Null,certsdata); {key:string, cert

This article plans to use 3 commands to run a Docker registry is actually very simple Environment Preparation: Docker 1.11.2 Compose file Docker-compose.yml Version: ' 2 ' Services: registry: image:registry:2.5.1 hostname:registry ports: -" 5000:5000 " Environment: -tz=" Asia/shanghai " -" registry_auth=htpasswd " -" registry_auth_ Htpasswd_realm=registry REALM " -registry_auth_htpasswd_path=/auth/htpasswd -Registry_htt

After you enable Apache Mod_ssl, you need a certificate to function properly. Wrote a script to manipulate it. The first thing to make sure is that there are OpenSSL on the machine. Copy Code code as follows: #!/bin/sh # # The root directory for SSL certificate output.ssloutputroot= "/etc/apache_ssl"If [$#-eq 1]; ThenSsloutputroot=$1Fiif [!-D ${ssloutputroot}]; ThenMkdir-p ${ssloutputroot}Fi CD ${ssloutputroot} echo "starts creating CA Root Certificates ..."## Create the CA r

F1.txt.enc[Email protected] ~]# RM-RF f1.txt[email protected] ~]# OpenSSL enc-des3-d-in f1.txt.enc-out f1.txtEnter DES-EDE3-CBC decryption Password:[[email protected] ~]# ls f1*F1.txt F1.txt.encDeploying the CA ServerFirst step: Configure the CA signing environment[Email protected] ~]# ls/etc/pki/ca/#工作目录Certs CRL Newcerts Private[Email protected] ~]# ls/etc/pki/ca/certs/#存储签发的数字证书[Email protected] ~]# tou

Design Mode: Abstract Factory Mode The generation of objects consumes system resources, so how to efficiently produce, manage, and operate objects has always been a topic worth discussing. The Creational model is related to the establishment of objects, the pattern under this classification provides some guiding principles and design directions. The list below all belongs to the Creational model. Simple Factory mode Abstract Factory mode Builder mode Factory Method mode Prototype mode Single

recognize the error, only chrome can recognize, according to the following article, Http://www.gaojinbo.com/nginx-https-%E5 %85%8d%e8%b4%b9ssl%e8%af%81%e4%b9%a6%e9%85%8d%e7%bd%ae%e6%8c%87%e5%8d%97.html ==============2009/11/26 update=================== In STARTSSL forum See official said firefox3.5 not support is because not configured. After the configuration resolved Firefox 3.5 does not trust the issue of the certificate, Ubuntu Studio under test passed. The step is: Get Htt

configuration file :/etc/httpd/conf/httpd.conf/etc/httpd/conf.d/*.conf all conf files in the CONF.D directory Virtual Hostbased on host name :add a field to control file access permissions :Create 2 users (not system users, users who are accessing HTML)[[emailprotected]conf]#htpasswd-c/etc/ Httpd/.htpasswduser1newpassword:re-typenewpassword:addingpassword foruseruser1[[emailprotected]conf]#htpasswd/etc/httpd/.htpasswd user2Newpassword:Re-typenewpassword:Addingpasswordfor User

NetworkIfconfigCurl http://192.168.20.10Curl http://192.168.20.11Cdmount/dev/cdrom/mnt/cdrom/Yum-y Install IpvsadmVim ipvsadm.sh#!/bin/bash#Ipvsadm-cIpvsadm-a-T 172.16.249.124:80-s RRIpvsadm-a-T 172.16.249.124:80-r 192.168.20.10-mIpvsadm-a-T 172.16.249.124:80-r 192.168.20.11-m################Bash ipvsadm.shIpvsadm-l-N######################### HTTPS ######################################################### HTTPS ################################DateCd/etc/pki/ca(Umask 077;openssl genrsa-out PRIVA

To enable SSL in CentOS5, install mod_sslyuminstallmod_ssl in/etc/httpd/conf. d/there will be an ssl. to open the conf file, check the certificate and key location SSLCertificateFile/etc/pki/tls/certs/localhost. crtSSLCertificateKey CentOS 5 enable SSL Install mod_ssl first Yum install mod_ssl After completion There is an ssl. conf file under/etc/httpd/conf. d/. open It mainly looks at the certificate and key location SSLCertificateFile/etc/pki/tls/

Openssl_pkcs12_read ($ priv_key, $ certs, $ privkeypass); // read the public key and private key $ Prikeyid = $ certs ['pkey']; // private key Openssl_sign ($ data, $ signMsg, $ prikeyid, OPENSSL_ALGO_SHA1); // register to generate encryption information $ SignMsg = base64_encode ($ signMsg); // base64 transcoding encryption information // Public key decryption

review is complete, place the certificate on ftp, and the server can download the certificate from the CA ftp. 2) CA is implemented in linux, and the linux system can be implemented through openca. However, this implementation is too complicated. We can replace it with simple openssl, however, the CA and web server of openssl are usually on the same machine. But we can also implement it if it is not on the same machine. First, complete the request on the web server, upload the request to the

certificate. The unit is day; (3) provide the required directories and files for CA; ~] # Mkdir-pv/etc/pki/CA/{certs, crl, newcerts} ~] # Touch/etc/pki/CA/{serial,index.txt} ~] # Echo 01>/etc/pki/CA/serial This script analyzes the openssl. conf file to obtain the relevant path, and then builds a private CA using commands. The information about the self-signed certificate is saved in an array and sent to the command that generates the self-signed cert

In this paper, a puppet load Balancing environment experiment is presented.Foreman-proxy can be four-layer or seven-layer load, can be implemented in the Foreman Web interface to add a smart-proxy, backend multiple real foreman-proxy processing purposesPersonal adoption of the Haproxy implementation of the four-layer and seven-tier agents, PM01 and pm03 are Foreman-proxy server, AG01 is the foreman server, LVS is a Load Balancer server (VIP on the LVS01 server), the above agent puppet, Foreman-p

;params;unset ($tmp [' Signature ']);Return $tmp;}/*** RSA Signature data, and base64 encoding* @param string $data pending signature data* @return Mixed*/Private Function Rsasign ($data){$privatekey = $this->getsignprivatekey ();$result = openssl_sign ($data, $signature, $privatekey);If ($result) {return Base64_encode ($signature);}Return false;}/*** Take THE. PFX format certificate ID (SN)* @return String*/Private Function Getcertidpfx ($path){$pkcs 12certdata = file_get_contents ($path);Opens

defined by the[[Email protected] ~]# (umask 077; OpenSSL genrsa-out/etc/pki/ca/private/cakey.pem 2048) (Executing the command in a child shell Umask 077 does not affect the current SH ell umask) generating RSA private key, 2048 bit long modulus....................+++..................+++e is 65537 (0x10001) [[email protected] ~]# LL/ETC/PKI/CA/PRIVATE/CAKEY.PEM//generated private key file-RW-------. 1 root root 1675 Sep 16:57/etc/pki/ca/private/cakey.pem(2) generated from the visa book//specifi

= Openssl_pkey_new (); $CSR = Openssl_csr_new ($dn, $privkey); $sscert = openssl_csr_sign ($CSR, NULL, $privkey, $numberofdays); Openssl_x509_export ($sscert, $csrkey); Export Certificate $csrkey Openssl_pkcs12_export ($sscert, $privatekey, $privkey, $privkeypass); Export Key $privatekey Generate a certificate file $fp = fopen ($cerpath, "w"); Fwrite ($fp, $csrkey); Fclose ($FP); Generate Key File $fp = fopen ($pfxpath, "w"); Fwrite ($fp, $