pki cert

// Makecert. cpp: defines the entry point for the console application.// # Include "stdafx. H"# Include DWORD makecert ();Void log (char * error_msg, int error_num ); Int _ tmain (INT argc, _ tchar * argv []){Int T;If (t = makecert ()! = 0)Printf ("error num:> D", t );Return 0;} DWORD makecert (){Hcryptprov hprov;Hcryptkey hkey; Bool cret = cryptacquirecontext ( AMT; hprov, "licontainer", ms_enhanced_prov, prov_rsa_full, crypt_verifycontext );If (cret = false){Cret = cryptacquirecontext ( AMT;

Centos6.5 create a private docker RepositoryDocker private Registry Installation Guide under centos 6.x Note: docker.yy.comThis is the domain name of the docker registry server, that is, the host address of your company's docker private server. Assume that the ip address is192.168.2.114Because the https SSL certificate cannot use an IP address, I can name it. registryThe server acts as the upstream server to process the final upload and download of docker images, using an official image. ngi

OpenSSL configuration file:/etc/pki/tls/openssl.cnfThree strategies: matching, support, and optional. Match: The information required to fill in the request must be consistent with the CA setup information; Support: means the application information must be filled in; optional: means dispensable.Experimental environment: Requires two hosts, I here with Host a (centos6:ip for 172.17.250.83) to create a CA and to other hosts to provide CA services; host

Building a private CAWe use the OpenSSL software to achieveSo first, let's look at the configuration file for the software.Implementing the Environment CentOS 7.2[[email protected] ~]# RPM-QC OpenSSL//can see that the command does not have any output, we can think of the package there are other support packages [[email protected] ~]# Rpm-qa |grep "OpenSSL"//sure enough we can see the existence of the Libs pack Openssl-libs-1.0.1e-42.el7.9.x86_64openssl-1.0.1e-42.el7.9.x86_64[[email Protected] ~]

CA IntroductionBuild the CA server (data encryption transfer for Web services)CA Server (172.40.55.10)First step: Configure the CA signing environmentStep two: Generate the private key for the CA serverStep three: Create a root certificate for the CA serverFourth step: Publish the root certificate fileFirst step: Configure the CA signing environment[Email protected] ~]# RPM-QF/ETC/PKI/TLS/OPENSSL.CNFOpenssl-1.0.1e-42.el6.x86_64[Email protected] ~]#Vim

generate all the two-level domain name available site certificate.To sign with a CA:openssl ca -policy policy_anything -days 1460 -cert ca.crt -keyfile ca.key -in www.example.com.csr -out www.example.com.crtWhere the policy parameter allows signed CAs and web site certificates to have different countries, place names and other information, the days parameter is the signature time limit.If you execute the signing command, the "I am unable to access th

encrypt the data sent to the server to complete the key exchange;(5) The service uses this key to encrypt the resource requested by the user, responding to the client;Note: SSL sessions are created based on IP address, so only one HTTPS virtual host can be used on a single IP host;Review several terms: pki,ca,crl,x.509 (v1, v2, v3)Configure HTTPD to support Https:(1) apply for a digital certificate for the server;Testing: issuing a certificate throug

sender's identity, but it can also determine whether the sent information has been tampered with during delivery.Identity authentication: Both parties that deliver e-mail on the Internet cannot meet each other, so there must be a way to determine the identity of each other. The sender's digital certificate is used to digitally sign an e-mail message before it is delivered to determine the identity of the sender, not the person impersonating it.Non-repudiation: The sender's digital certificate i

Server Configuration 1 , Installation Openvpn Rpm-IVHHttp://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Yum install openvpn-y Of course, you can also download from this page:Http://openvpn.net/index.php/download.html 2 , Configure the server 2.1 Initialize the server CD/etc/openvpn/ CP/usr/share/doc/openvpn-2.2.2/sample-config-files/server. conf. Mkdir-P easy-RSA/keys CD easy-RSA CP-RF/usr/share/doc/openvpn-2.2.2/easy-RSA/2.0/*. chmod + x *

-manager.confConfigure default contextKubectl config use-context system:[email protected]--kubeconfig=controller-manager.confAfter the controller-manager.conf file is generated, the file is distributed to the/etc/kubernetes directory of each Master node.Controller-manager.conf k8s-master03:/etc/kubernetes/Create the Kube-controller-manager systemd service startup file as follows:Export kube_apiserver="https://192.168.15.200:6443"Cat>/usr/lib/systemd/system/kube-controller-manager.service eof[uni

-lib=/usr/local/lib#--with-ssl-headers=/usr/local/include/openssl#--with-ssl-lib=/usr/local/libMakeMake install Generate certificate Key Initializing PKI(You can also use the setenv [name] [value] command if you do not have an export command) Code:Cd/openvpn-2.0.5/easy-rsaExport d= ' pwd 'Export key_config= $D/openssl.cnfExport key_dir= $D/keysExport key_size=1024Export KEY_COUNTRY=CNExport KEY_PROVINCE=GDExport Key_city=szExport key_org= "xiaohui.com

The Initialization of the Kubeletes cluster failed with the following error: [Root@etcd-host1 ~]# [root@etcd-host1 ~]# kubeadm init--kubernetes-version=v1.9.0--pod-network-cidr=10.244.0.0/16 [ INIT] using kubernetes version:v1.9.0 [init] using Authorization modes: [Node RBAC] [preflight] Running pre-flight . [WARNING Fileexisting-crictl]: Crictl not found in System path [preflight] starting the Kubelet service [certificates] Gen Erated CA certificate and key. [Certificates] Generated

line break, add other HTTP headers--auth-type=atype HTTP Authentication type (base, digest, or NTLM) (Basic, Digest or NTLM)--auth-cred=acred HTTP Authentication credentials (user name: password)--auth-cert=acert HTTP Authentication certificate (key_file,cert_file)--proxy=proxy using an HTTP proxy to connect to the destination URL--proxy-cred=pcred HTTP proxy authentication credentials (user name: password)--ignore-proxy ignoring the system default H

How to initialize kubenetes to report errors and initialize kubenetes An error occurred while initializing the kubeletes cluster: [root@etcd-host1 ~]#[root@etcd-host1 ~]# kubeadm init --kubernetes-version=v1.9.0 --pod-network-cidr=10.244.0.0/16[init] Using Kubernetes version: v1.9.0[init] Using Authorization modes: [Node RBAC][preflight] Running pre-flight checks. [WARNING FileExisting-crictl]: crictl not found in system path[preflight] Starting the kubelet service[certificates] Generated

Server2.example.com 172.25.85.2Server4.example.com 172.25.85.4Server5.example.com 172.25.85.51.nginx Source Code compilation:Tar zxf nginx-1.9.14.tar.gzcd/root/nginx-1.9.14/auto/ccVim GCC# debug#cflags= "$CFLAGS-G"Yum Install Pcre-devel openssl-devel-yCD nginx-1.9.14./configure--prefix=/usr/local/lnmp/nginx--with-http_ssl_module--with-http_stub_status_module # #编译成功650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/85/65/wKioL1eiIdzS3oJJAACDnfm1AvM419.png-wh_500x0-wm_3 -wmp_4-s_214804279

Server3.example.com 172.25.85.3Server4.example.com 172.25.85.4Server5.example.com 172.25.85.51.nginx Source Code compilation:Tar zxf nginx-1.9.14.tar.gzcd/root/nginx-1.9.14/auto/ccVim GCC# debug#cflags= "$CFLAGS-G"Yum Install Pcre-devel openssl-devel-yCD nginx-1.9.14./configure--prefix=/usr/local/lnmp/nginx--with-http_ssl_module--with-http_stub_status_module # #编译成功650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/85/65/wKioL1eiIdzS3oJJAACDnfm1AvM419.png-wh_500x0-wm_3 -wmp_4-s_214804279

new IP and gateway in an existing configuration file Other addresses can use "+" to set multiple addresses on an existing address before the address)[[email protected] ~]# nmcli Connection Modify "Profile name" Ipv4.dns "DNS Address"(modifies the DNS address of an existing configuration file)[[email protected] ~]# nmcli Connection Modify "Profile name" Ipv4.method manual(modified address is static)Third, start-level management[[email protected] ~]# systemctl get-default(get default init level;

name such as *.creke.net to generate all the two-level domain name available site certificate.To sign with a CA: OpenSSL ca-policy policy_anything-days 1460-cert ca.crt-keyfile ca.key-in blog.creke.net.csr-out blog.creke.net.crt Where the policy parameter allows signed CAs and web site certificates to have different countries, place names and other information, the days parameter is the signature time limit.If you execute the signing co

Here is a simple demonstration of encrypted access-https encrypted access under Apache. 1. I will not go into details about DNS resolution here. I will discuss the dns resolution situation in this demonstration: [Root @ localhost html] # nslookup www. abc. comServer: 192.168.2.115Address: 192.168.2.115 #53 Name: www. abc. comAddress: 192.168.2.115 2. install the Apache SSL support module: # yum install-y mod_ssl (httpd is not installed by default in yum. After installation, it will automatic

domains.To sign with a CA:OpenSSL ca-policy policy_anything-days 1460-cert ca.crt-keyfile ca.key-in blog.creke.net.csr-out blog.creke.net.crtWhere the policy parameter allows signed CAs and web site certificates to have different countries, place names and other information, the days parameter is the signature time limit.If the signature command is executed, the"I am unable to access the. /.. /ca/newcerts directory "Modify/etc/