Certificate requirements:
1. The format of the digital certificate follows the X.509 standard
2. Version V3
3. Signature Algorithm SHA256ECDSA
CA used in FABRIC-JAVA-SDK:
./e2e-2orgs/channel/crypto-config/peerorganizations/org1.example.com/users/admin@org1.example.com/msp/signcerts
./e2e-2orgs/channel/crypto-config/peerorganizations/org1.example.com/users/admin@org1.example.com/msp/keystore
Tags: Data Encryption basic CA digital signature
Data security-> Encryption
1. Basic concepts:
Confidentiality: prevent others from getting data
Integrity: data is not damaged
Authentication: ensure the data source
PKI (Public Key Infrastructure): Public Key Infrastructure.
Generate password through negotiation: interne Key Exchange (IKE)
Diffie-Hellman protocol (this is a common security Ike)
Principle;
Negotiate between A and B:
92.168.10.187 CA Server192.168.10.190 Web Server(1) Build CACd/etc/pki/caCreate serial and Index.txt two files in this directoryecho > Serial (00 is the initial version number of the issuing certificate)Touch Index.txt(Umask 006;openssl genrsa-out private/cakey.pem 4096) generate private keyOpenSSL req-new-x509-key private/cakey.pem-out cacert.pem-days 3650 Generate self-signed CA certificate(
certificate is signed by the entrust. We trust entrust. Entrust says it trustsCNNIC, so we are forced to trust cnnic ssl. Find "entrust.net secure server CertificationAuthority ", which is the same as above, removes and saves the three options (Tip: The entrust is canceledMay not be able to open some normal websites signed by the website. As for which website uses its signature, I tried it and did not find an example ).
Finally, let's verify it. Restart Firefox.And thisIf Firefox has given sec
target.
Let's show you how to create a private CA on a Linux systemFirst we will generate the private key on the machine that will create the private CA and view it, and guarantee that the file has permission of 600650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/87/F8/wKioL1fl4r_Tgny3AACHxaO95VI213.png "style=" float: none; "title=" 1 generate the private key and view ensure that the permi
After installation, the OpenSSL package will generate three important pieces of content: the encryption librarySSL Related library filesOpenSSL command-line toolsHere's a look at the use of the OpenSSL command-line tool:OpenSSL, like Yum, has dozens of subcommands:650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/74/AB/wKiom1Ylv1XgWou3AADqPubPRXw401.jpg "title=" fz9[8} Wixqwz]ps0i@e82%s.png "alt=" Wkiom1ylv1xgwou3aadqpubprxw401.jpg "/>If you want to get the relevant man document for the
forged, how to pinch? Here, I would like to first declare, in this example, first assume that the official seal is difficult to forge a drop, or my story can not be said to go bird. ◇ introduction of referral to intermediary agenciesOK, back to the topic. If and B company has business dealings with a lot of companies, each company's official seal are different, the front desk will know how to distinguish all kinds of seal, very troublesome. So, there is an intermediary company C, found this opp
untrusted.Having said so many theories, here's how to add a digital signature when you use Outlook to send a message.I. Owning a CA certificateFirst, you have to have a CA certificate that belongs to you. Generally through the CA Center application, in the form of Usbkey issued. It is important to note that some key items must be correct when applying for the ce
试验环境介绍(Host for CA 192.168.23.10, httpd: 192.168.23.11)
1: Create a new Web server with a host name of www Yum Install- y httpd 2: Generate private keymkdir/etc/httpd/SSL CD/etc/httpd/SSL (Umask077;openssl genrsa-out/etc/httpd/ssl/httpd.key 2048) 3: Generate Certificate Signing requestOpenSSL req -new -key/etc/httpd/ssl/httpd. Key -out httpd. CSR -days 365 The certificate request co
How does OpenSSL implement private CA.
NOTE 1: The blue part is the main process, and the yellow arrow points to the specific operation steps.
What is OpenSSL?
1. A security protocol that provides security and data integrity for network communication, including key algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a wide range of applications for testing or other purposes;
Secure ftp access method 1: Using tcp_wrappers (Simple Firewall) in the main configuration file of vsftpMethod 2: implement secure ftp access using CA authenticationStep 1:1. The main modified file is/etc/hosts. allow/etc/hosts. deny.[Root @ mail ~] # Ldd 'which vsftpd'2. The effect of control is that only the 192.168.1.0 network can be accessed, and others canno
This article is not original, original address: https://www.cnblogs.com/lichunting/p/9274422.htmlA CA Certificate Request(a). New STARTSSL Registered Account1. STARTSSL official website
Official website: https://www.startssl.com/
2. After entering the STARTSSL, click on the registered account directly and then go to the email registration page.3. Click Send verification code, go to the followi
Encryption, decryption, and OpenSSL private CA
I. Common Algorithms
Common encryption algorithms and protocols include symmetric encryption, asymmetric encryption, and one-way encryption.
1. symmetric encryption: one key is used for encryption and decryption. algorithms can be made public and keys cannot be public, because encryption relies on keys. Security depends on keys rather than algorithms;
Common algorithms:
DES (Data Encryption Standard, 56 b
encryption features:
Fixed-length output: No matter how big the raw data is, the results are of the same size.
Avalanche effect: small changes in input will cause huge changes in results
One-way encryption algorithms: MD5 (128 bits), sha1, sha256, sha384, and sha512
Iii. encryption process and principles
Iv. self-built private CA process
A
① Generate a key
[[Email protected] ~] # (Umask 077; OpenSSL genrsa-out/etc/pki/
Reprint Please specify source: http://blog.csdn.net/l1028386804/article/details/46695495For corporate access considerations, the use of a CA is a native OpenSSL self-signed generated, and therefore cannot be verified through the Internet work letter root CA, so the site is not trusted or the security certificate is not valid prompt. Skip directly, direct access to ask!The principle of HTTPS and the intervie
Ca:certificate Authority, a certificate authority, also known as a certification authority or certification center, is a trusted third-party entity in a PKI. Responsible for several important tasks such as certificate management tasks such as certification issuance, revocation, update, and renewal, and CRL publishing and event logging. First, the principal issues the certificate request, typically, the principal generates the key pair, and sometimes the CA
Configure HTTPS encrypted reverse proxy access in NGINX-Self-Signed CA
For internal access considerations of the company, the CA used is generated by self-Signed Openssl on the local machine. Therefore, it cannot be verified by the Internet industry Root CA. Therefore, the website is not trusted or the security certificate is invalid, skip this step and access it
NGINX configuration HTTPS encryption reverse proxy access-Self-Signed CA, nginxhttpsFor internal access considerations of the company, the CA used is generated by self-Signed Openssl on the local machine. Therefore, it cannot be verified by the Internet industry Root CA. Therefore, the website is not trusted or the security certificate is invalid, skip this step
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.