pki cert

/ssl.conf//Master configuration file/usr/lib64/httpd/modules/mod_ssl.so/var/cache/mod_ssl/var/cache/mod_ssl/scache.dir/var/cache/mod_ssl/scache.pag/var/cache/mod_ssl/scache.sem#cd/etc/httpd/conf.d/#cp ssl.conf{,.bak}//should make a backup before modifying the configuration file#vim/etc/httpd/conf.d/ssl.confModify DocumentRoot "/var/www/html"//need to be turned on and respond to changes, such as/vhosts/web1/htdocsServerName www.example.com:443//server name is web1.magedu.comSslengine on this must

Installing Docker,gitYum Install Docker docker-logrotate git-yInstalling Docker-composeYum Install python-virtualenv-yvirtualenv ven_harborsource ven_harbor/bin/activatepip install--upgrade pippip Install Docker-composeDownload Harborwget Https://github.com/vmware/harbor/releases/download/0.4.1/harbor-offline-installer-0.4.1.tgztar Xvzf Harbor-offline-installer-0.4.1.tgzGenerate a self-signed certificatemkdir CACD caopenssl req-newkey rsa:4096-nodes-sha256-keyout ca.key-x509-days 365-out ca.crto

administrator token set during keystone configuration. 12.Admin_user, admin_password, admin_tenant_name: If the Administrator token is not provided, the three configuration items should be the service account that has been configured in Keystone. 13.Certfile: (Required) if the keystone server requires the client to provide cert, this item must be provided 14.Keyfile: (Required) if the keystone server requires the client to provide

-cert/etc/pki/tls/private/(absolute path notation)CP Make-dummpy-cert. /private/(relative path notation)Cp/root/server1.ks.cfg. (Copy the file to the current path)Point:ctrl alt F1~F6 Command Port F7 is a graphical interfaceOTHERCPU hot swap is controlled by/sys/devices/system/cpu/cpux/onlineOther.1echo Online >/sys/devices/system/memory/memory[number]/state enab

--engine list to print the supported engines at compile time Single. Note that not all (or no) engines are available at run time. --environment (RISC operating system only) set up a series of environment variables, using the name supported by the-w option, allow It is easier to extract useful information after running curl. --egd-file (SSL) Specifies the path name for the entropy gathering Daemon socket. This socket is used for SSL connection A random seed is generated. See also the--random-f

certificate signing request file (CSR file): OpenSSL Req-new-key client.key-out CLIENT.CSR Three. Generate the CA certificate file #server. CSR and CLIENT.CSR files must be signed by a CA to form a certificate. Cd/tmp/create_key/ca 1. First generate the CA's key file: OpenSSL genrsa-des3-out Ca.key 1024 2. Generate the CA self-signed certificate: OpenSSL req-new-x509-key ca.key-out ca.crt-days 3650 You can add the certificate Expiration Time option "-days 3650". Four. Signing with a CA certif

Add/Remove node to Kubernetes cluster Minion node pre-operation preparation#关闭防火墙systemctl stop firewalld#禁止防火墙开机启动systemctl disable firewalld#检查selinuxgetenforceDisabled#端口检查 Add node to the Kubernetes clusterWhen the KUBEADM Init initialization operation is complete, the system finally gives the command to join the node to the cluster:kubeadm join 10.0.0.39:6443 --token 4g0p8w.w5p29ukwvitim2ti --discovery-token-ca-cert-hash sha256:21d0adbfcb40

=/mydata/relaylogs/relay-bin #中继日志位置Read_Only = 1 #设置为只读[[email protected] MySQL] #service mysqld startConnect to the master server from the server (from the top)Mysql>change Master to master_host= ' master_ip ', master_user= ' previously authorized user in Master ', master_password= ' 123456 ', Master_log _file= ' Master_banary_log ', master_log_pos=336 (this without quotation marks);View from server StatusMysql> Show Slave status \gMaster-slave replication testmaster server Add Datamysql>creat

hard. Run the following command to generate a self-signed certificate: openssl genrsa -out key.pem 1024openssl req -new -key key.pem -subj "/CN=localhost" -out req.pemopenssl x509 -req -days 365 -in req.pem -signkey key.pem -out cert.pem Note that the above localhost should be changed to your domain name, and the key of the private key file will be used in the end. pem and Certificate file cert. pem, replace the two files with the location mentioned

all bound, that is, they are on every hour, that is, standalone mode (independent sftpd server) 116 pam_service_name = vsftpd # define the name used by PAM, the default value is vsftpd117 userlist_enable = YES # If this option is enabled, the userlist_deny option is enabled. 118 tcp_wrappers = YES # enable tcp_wrappers. 5. Case ------- implement ftp server that supports SSL encrypted transmission 1. Before ssl encryption is implemented, install a packet capture software [root @ localhost ~] # Y

added to the browser's whitelist of trust.However, in some operating systems, it is also necessary to configure the root certificate as a system-level certificate to allow for continued use.　　　　Mac OS XTo add a certificate:sudo security add-trusted-cert-d-R trustroot-k/library/keychains/system.keychain~/new-root-certificate.crtTo remove a certificate:sudo security delete-certificate-c ""　　　WindowsTo add a certificate:Certutil-addstore-f "ROOT" new-ro

certificate#为了防止报错，需要提前做一些准备工作#touch /etc/pki/CA/index.txt#echo 01 > /etc/pki/CA/serial#openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ../openssl.cnf#这是会提示以下信息Sign the certificate? [y/n]:y#选择y1 out of 1 certificate requests certified, commit? [y/n]y#选择y8. This time will get ca.crt,ca.key,server.crt,server.csr,server.key.9. Send th

Browser access:http://linuxprobe.org/~wang/, the following interface appears Eight, set up a virtual host Configure the virtual host to use multiple domain names.The following example is set in an environment where the domain name is [linuxprobe.org] and the virtual domain name is [virtual.host (Root [/home/wang/public_html]].You must set the Userdir setting for this example [1] Configure virtual host [Root@linuxprobe ~]# vi/etc/httpd/conf.d/vhost.conf # for original Domain

After two days of configuration, I finally came up with it. In combination with many blog posts on the internet, I would like to summarize it! Configuration environment: Ubuntu 11.04 PCRE 8.31 OpenSSL 2.0.2 Nginx 1.2.5 To make sure that you can use regular expressions in nginx for more flexible configuration, You need to determine whether the PCRE (Perl Compatible Regular Expressions) package is installed in the system before installation. Can go to ftp://ftp.csx.cam.ac.uk/pub/software/programmi

Bad condition: Ca and Apache are the same host First, use the local machine as the CA Server: [[Email protected] ~] # Yum-y install OpenSSL-devel [[Email protected] ~] # Vi/etc/pki/tls/OpenSSL. CNF [Ca_default] Dir =..././CA Changed: [Ca_default] Dir =/etc/pki/CA To reduce unnecessary repeated operations, you can pre-define some of the following content in [req_distinguished_name]. You can just customize th

] listen to TCP ports (default:6633) punix:file listen on Unix domain Socket FILEBut it seems the Ovs-controller supports SSL. [emailprotected]:~$ ovs-controller--helpovs-controller:openflow Controllerusage:ovs-controller [ OPTIONS] Methodwhere method is any OpenFlow connection method. Active OpenFlow Connection methods:tcp:ip[:P ort] PORT (default:6633) at remote IP ssl:ip[:P ORT] SS L PORT (default:6633) at remote IP unix:file UNIX domain socket named filepassive Open

] listen to TCP ports (default:6633) punix:file listen on Unix domain Socket FILEBut it seems the Ovs-controller supports SSL. [emailprotected]:~$ ovs-controller--helpovs-controller:openflow Controllerusage:ovs-controller [ OPTIONS] Methodwhere method is any OpenFlow connection method. Active OpenFlow Connection methods:tcp:ip[:P ort] PORT (default:6633) at remote IP ssl:ip[:P ORT] SS L PORT (default:6633) at remote IP unix:file UNIX domain socket named filepassive Open

uses to store transaction-related states. Blockchain ServicesBlockchain services provide a distributed ledger platform. In general, multiple transactions are packaged into chunks, and multiple chunks form a blockchain. Blockchain represents the historical process of changing the state machine of a ledger. TransactionTrading means operating around a chain code.Trading can change the state of the world.The main contents of the transaction include:• Transaction type: Currently includes Deploy, Inv

Here is a simple demonstration of encrypted access-https encrypted access under Apache. 1. I will not repeat the DNS resolution here. I will see the dns resolution situation in this demonstration: [root @ localhosthtml] # nslookupwww. abc. comServer: 192.168.2.115Address: 1 Here is a simple demonstration of encrypted access-https encrypted access under Apache. 1. I will not go into details about DNS resolution here. I will discuss the dns resolution situation in this demonstration: [Root @ lo

enter is what is called a Distinguished Name or a DN. there are quite a few fields but you can leave some blank For some fieldsthere will be a default value, If you Enter '. ', the field will be left blank. ----- Country Name (2 letter code) [XX]: CNState or Province Name (full name) []: HALocality Name (eg, city) [Default City]: ZZOrganization Name (eg, company) [Default Company Ltd]: mageduOrganizational Unit Name (eg, section) []: 14 qiCommon Name (eg, your name or your server's hostname) []