https pki

] # openssl req-new-key httpd. key-out httpd. csr generates the server's request file [root @ zzu certs] # openssl ca-in httpd. csr-out httpd. cert generates the server certificate file [root @ zzu certs] # cp/etc/pki/CA/cacert. pem. /copy the ca certificate file [root @ zzu certs] # chmod 600 * [root @ zzu certs] # yum install mod_ssl * change file permissions to increase security [root @ zzu certs] # vim/etc/httpd/conf. d/ssl. conf bind the Certific

/M01/7F/3B/wKiom1cXNjCQbC1gAAArRE8N8KE046.jpg "title=" 3.jpg " alt= "Wkiom1cxnjcqbc1gaaarre8n8ke046.jpg"/>Other function annotations (without modification):Sslengine on #开启SSL功能SSLProtocol all-sslv2 #支持SSL所有协议, but Sslv2sslciphersuite high:medium:!anull:! is not supported md5:! seed:! Idea #支持的SSL加密方式,! indicates no support~]# httpd-t (test syntax)~]# Service httpd Restart (change listening port)because it points to the default path, it supports both HTTP and

) Service This key encrypts the resource requested by the user, responds to the client; The note: SSL session is created based on IP address, so on a single IP host, Only one HTTPS virtual host can be used; Review several terms: pki,ca,crl,x.509 (v1, v2, v3) configuration httpd support https: (1) Request a digital certificate for the serv

Here is a simple demonstration of encrypted access-https encrypted access under Apache. 1. I will not repeat the DNS resolution here. I will see the dns resolution situation in this demonstration: [root @ localhosthtml] # nslookupwww. abc. comServer: 192.168.2.115Address: 1 Here is a simple demonstration of encrypted access-https encrypted access under Apache. 1. I will not go into details about DNS resolut

there would be a default value,If you enter '. ', the field would be a left blank.-----Country Name (2 letter code) [XX]:State or province name (full name) []:Locality Name (eg, city) [Default City]:Organization Name (eg, company) [Default company LTD]:Organizational Unit Name (eg, section) []:Common name (eg, your name or your server ' s hostname) []:registry-backup.niudingfeng.comEmail Address []:5. Generate Configuration fileCd/data/harbor/make ./prepare6. Copy docker-compose fileCd/data/har

Enter the following ' extra ' attributesto is sent with your certificate Requesta challenge password []:an Optional Company Name []:[[emailprotected] ssl]# SCP HTTPD.CSR 192.168.64.104:/etc/pki/ca[emailprotected] ' s password: HTTPD.CSR 100% 696 0.7kb/s 00:00[[emailprotected] ssl]# tree. ├──cacert.pem├──httpd.crt├──httpd.csr└──httpd.key0 directories, 4 filesvim/etc/httpd/conf.d/ssl.conf servername www . magedu.com:443sslcertificatekeyfile/etc/httpd/c

virtual host defined in the vim/etc/httpd/conf.d/v ...25. Send the certificate request to the CA station on the SSL directory SCP HTTPD.CSR 192.168.9.250:/tmp26, go to 9.250 on the server OpenSSL ca-in/tmp/httpd.csr-out/tmp/httpd.crt-days 365027, Cd/etc/pki/ca;;;;;cat serial found to be 0228, we go back to the server, SCP to 9.250 to take an integerSCP 192.168.9.250:/TMP/HTTPD.CRT./29, go 9.250 on delete tmp under RM httpd.c*30, configure the server

more SSL connections and disconnects, consumes a lot of resources, the CPU pressure is very high. It is important to have a certificate in HTTPS with the following certificate format: Certificate version number Certificate serial Number Certificate signing algorithm Certificate issuer Certificate Validity period The name of the object (which needs to be consistent with the server's host name) The public key of the object Additional Information Digita

HTTPS one-way verification application widely presumably everyone is familiar with, I have been in a blog share, this time to see how nginx to achieve two-way authentication. The difference between one-way validation and two-way validation: One-way authentication: Refers to the client Authentication server-side certificate, the server does not need to authenticate the client certificate. Bidirectional authentication: The client authenticates the se

, cryptographic components 2File Preparationwget http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip# Download wget https://files.phpmyadmin.net/phpmyadmin/4.6.5.2/phpmyadmin-4.6.5.2-all-languages.zip# Download Mkdir/www #创建文件夹unzipphpmyadmin-4.6.5.2-all-languages.zip-d/www #解压unzip discuz_x3.2_sc_utf8.zip-d/www/discuz/#解压chown-R Apache:apache /www #更改权限3DatabaseSystemctl Start Mariadb.service #开启数据库Next is the one-click Build LibraryMySQL

Here is a simple demonstration of Apache encryption based authentication access----HTTPS encryption method access. 1.DNS Resolution resolution: [Root@localhost html]# nslookup www.downcc.com server:192.168.2.115 address:192.168.2.115#53 Name:www.downcc.com address:192.168.2.115 2. Install the Apache SSL support module: # yum install-y mod_ssl (default yum installation httpd is not installed this module, automatic production of/etc/httpd/conf.d/

renegotiate, of course, due to the need of special scenarios, should allow the server to initiate re-negotiation. 5 concluding remarks HTTPS practice and optimization involves a lot of knowledge points, because of the space relationship, this article on a number of optimization strategies are simply introduced. If you want to understand the rationale behind the protocol, you need to read the TLS protocol and PKI