ocsp

/nginx/sites-enabled/*; server {server_name 192.168.62.132; Listen 443; SSL on; SSL_CERTIFICATE/ETC/NGINX/CA/NGINX.CRT; SSL_CERTIFICATE_KEY/ETC/NGINX/CA/KEY.PEM; SSL_CLIENT_CERTIFICATE/ETC/NGINX/CA/CA.PEM; SSL_CRL/ETC/NGINX/CA/MANAGEMENTCA.CRL; Ssl_session_timeout 5m; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Ssl_ciphers all:! Adh:! Export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp; Ssl_prefer_ser

Xcode releases an app to the debugging Machine Today, we will introduce how to use xcode to release our developed app to our own machine (how to release it to app store is not covered in this article ). We will use xcode to write a small test program, which will be tested on the simulator and the real machine respectively. Note that before testing on a real machine, you must first purchase an apple IOS developer certificate (99 knives ). Specific purchase process can refer to here: http://blog

use PKI in the LSU design. Moreover, although LSU is a large organization, most of its users are on the same campus network (with a 10 Gbps trunk line ), this allows the advantages of Active Directory-based CDP release to be minimized. Therefore, we only release CRL to an HTTP path, making it easier to build a redundant hosting platform (our main website has already created an image site ). This eliminates the potential complexity associated with enabling the client LDAP lookup. We release CRL

, and other browsersSupports using open APIs and tools to apply for certificates from other applicationsNew users added by RA can send email reminders.Passwords can be generated randomly or manually for new user authentication.Supports hardware modules to integrate hardware issuing systems (such as smart cards)SCEP supportedMulti-polarization management with specific user permissions and user groupsYou can configure certificates of different types and contents.You can configure objects for diffe

certificates of different types and contents.You can configure objects for different types of users.Complies with X509 and pkix (rfc3280) StandardsSupports CRLFully supports OCSP, including AIA ExtensionCRL generation and URL-based CRL distribution points follow rfc3280 and can store certificates and CRL in any SQL database (processed by the Application Server ).Multiple publishers are available to publish certificates and CRL in LDAP.Supports the ke

browsersSupports using open APIs and tools to apply for certificates from other applicationsNew users added by RA can send email reminders.Passwords can be generated randomly or manually for new user authentication.Supports hardware modules to integrate hardware issuing systems (such as smart cards)SCEP supportedMulti-polarization management with specific user permissions and user groupsYou can configure certificates of different types and contents.You can configure objects for different types

For real-machine debugging, you must first register an app ID on the Apple website and buy an iPhone develop program (IDP) Developer license for $99. To create a CSR request for a certificate, follow these steps:Set OCSP and CRL to disabled.In Mac OS, open the application and findKey string access(Keychain access) tool to openMain Menu-Certificate Assistant(Certificate Assistant )-Request a certificate from a certificate proxy(Request a certificate fr

Java and..; First, let's take a look at Java's support for security.JDK provides a very powerful set of APIs and general implementation of common algorithms and protocols. It mainly includes four aspects:1,Encryption and decryptionThis section provides support for common algorithms and their encryption standards, and is embodied in JCA [Java cryptographic architecture] And JCE [Java cryptographic extension]. Through these two components, users can implement their own encryption and decryption al

Store-create an App ID first apply for an App ID for the iOS App, which is the unique identifier of your App. Log on to the iOS Developer website, click the iOS Provisioning Portal link on the right, and select the App ID. Select the ID of the created app. Enter the Description of the application in Description. Bundle Identifier refers to the Code ID of an application. You can use the company name and Application name to identify the application, for example, com. company. demoapp. Open X-Code

creating a new connection, eliminating the hassle of re-establishing communication. OCSP stapling Optimization-crawls SSL/TLS authentication information to reduce the time for establishing communications. 6. Deploy HTTP/2 or SPDY For websites with SSL/TLS enabled, once combined with HTTP/2 and SPDY, it can achieve strong performance cooperation; the result is that the establishment of a single connection requires only one communication handshake. SP

Provisioning PortalLink, selectApp ID. Select the ID of the created app. InDescriptionEnter the description of the application.Bundle IdentifierThe application code identifier. You can use the company name. Application name to identify the application, for example, com. company. demoapp. Open X-Code and selectTarget> Summary. InIdentifierEnter the registeredBundle Identifier. Publish iOS apps to App Store-create Distribution Certificate Each iOS app has a security certificate used to verify th

Decrypt the file:> OpenSSL ENC-D-RC4-in 1. Key. enc-out 1. Key. Dec 3.6Calculate the hash value Calculate the MD5 value of the file:> OpenSSL MD5 Calculate the sha1 value of the file:> OpenSSL sha1 •Algorithm Programming API OpenSSL supports many cryptographic algorithms and provides good encapsulation and interfaces. Cryptographic algorithms include symmetric algorithms, public key algorithms, hash algorithms, and random number generation algorithms. OpenSSL is designed to implement securit

description of the application.Bundle identifierThe application code identifier. You can use the company name. Application name to identify the application, for example, Com. Company. demoapp. Open X-code and selectTarget> Summary. InIdentifierEnter the registeredBundle identifier. 2. Release the iOS app to App Store-create Distribution Certificate Each iOS app has a security certificate used to verify the developer's identity and signature. InProvisioning PortalThe Distribution Section of is

. Server Hello DoneThe package we grabbed is the package that merges server Hello done and server key exchage:7, the client to verify the authenticity of the certificateThe client verifies the legality of the certificate, and if the validation passes for subsequent communication, otherwise prompts and actions are made depending on the error condition, including the following:(1) The credibility of the certificate chain trusted certificate path, as described above;(2) Whether the certificate is r

good, bingo! If you can withstand a refusal or even heavier punishment, perhaps you can try, but there are reasons to believe that Apple has many ways to judge the associated sites, can not afford the risk of people do not try.3. ATS Setup also has a switch nsallowsarbitraryloadsinwebcontent, open after allowing the use of any web links, this and nsallowsarbitraryloads some differences, Primarily for apps that provide web browser-like services, you cannot restrict the type of links because you

the communication. OCSP stapling optimization-Reduce the time to establish communications by crawling SSL/TLS authentication information. 6. Deploy HTTP/2 or SpdyFor websites that already have SSL/TLS enabled, the combination of HTTP/2 and Spdy will enable a powerful combination of performance, because the result is that a single connection is created with only one communication handshake. The main feature of Spdy and HTTP/2 is that they use

from:http://www.oschina.net/news/53070/haproxy-1-5-0After 4 years of unremitting efforts,HAProxy 1.5.0 finally released!Compared to version 1.4, the 1.5 version includes many new features and performance improvements: Native SSL support for SNI/NPN/ALPN and OCSP stapling; Support IPV6 and UNIX sockets; Full HTTP keep-alive to better support of NTLM and improved efficiency in static farms; http/1.1 Compression (deflate, gzip) to save bandwidt

autoenrollment events-machineinfo--Displays Active Directory computer object information-dcinfo--Display domain controller information-entinfo--Display enterprise information-tcainfo--Displaying CA information-scinfo--Displaying smart card information -scroots--Managing smart card root Certificates -verifykeys--Verifying public/private key set-verify--Verifying certificates, CRLs, or chains-sign-Re-sign a CRL or certificate -vroot--Create/delete Web virtual root and File share-vocsproot--Cre

Record Size, OCSP stapling, etc. These features greatly increase the speed of HTTPS transmission and the user's access experience.continuous optimization to make HTTPS faster and more secureIn order to enable HTTPS to achieve faster data transmission performance, and in the transmission process more secure, and take the cloud to spare no effort to optimize it. Here's a look at what these new features actually bring to HTTPS.Http/2+server PushHTTP/2 i

Record Size, OCSP stapling, etc. These features greatly increase the speed of HTTPS transmission and the user's access experience.Continuous optimization to make HTTPS faster and more secureIn order to enable HTTPS to achieve faster data transmission performance, and in the transmission process more secure, and take the cloud to spare no effort to optimize it. Here's a look at what these new features actually bring to HTTPS.Http/2+server PushHTTP/2 i