[Essence] The original Win+apache implementation of SSL certificate authentication is so simple
Http://www.chinaunix.net Author: ataman posted: 2008-05-22 18:16:46
"Comment" "View original" "Web server Discussion Area" "Close"
Windows+
digital signatures or transmission encryption. to ensure security, it must be clearly separated and cannot be mixed for auditing in case of disputes, provides a basis for arbitration.Of course, these operations are transparent to users.Several ideas about digital certificates (two-way) [ZT]Two-way digital authentication requires that the client and server have their own private key and Public Key (generally X509
SSL two-way authentication and certificate creation and use, ssl authentication certificate
The following describes how to create a Root CA certificate, server certificate, and client certific
# Issue client certificate mkdir2048-new-key./client/client.key-out. client/-in"/etc/ssl/openssl.cnf"-export-clcerts- in./client/client.crt-inkey./client/client.key-out./client/client.p12All of the above three scripts can be found in Https://github.com/dreamingodd/CA-generation-demoCopy the above three scripts into your own demo directory, as follows:Join Run Permissions:chmod +x *. SHThe results are as follows:Not to be continued ...To be Continued
Preface:
When the client fails to carry non-anonymous authentication modes such as Basic Authentication/digest authentication in IIS, the client must provide the corresponding credential.
Important Notes:
1. How to generate proxy class
When using the WSDL command, you must provide the user name and password connected to the Web service to generate proxy.
In Internet-based WCF services, security is a very important part. There are many security modes in WCF. This time, we will consider using a limited server environment (such as a virtual host) to configure the message security mode for X509 Certificate authentication. Generally, in this extreme environment, it is difficult to implement SSL-based transmission security. Therefore, we consider deploying messag
We all know that the mobile device connection server for an Exchange 2013 server uses SSL Basic authentication by default. 650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" Http://s3.51cto.com/wyfs02/M01/7F/F6/wKioL1cy94nw_ T2naacmr90nrsa533.png "" 620 "height=" 384 "/> Requiremen
This is a very interesting experiment.
As you know, certificates issued by some SSL certification authorities are installed on the server side, allowing visitors to access the site through SSL links, and can confirm the site's true address to the visitor. However, if you want to restrict the visitors to your site, you need to verify the certificate that the client owns so that you can establish a secure link. and the organization in the issuance of SS
-cakey private/ca.key.2048-caserial CA.SRL -cacreateserial-in Private/server.csr-out Certificates/server.cer #创建客户端证书 the input to the prompt and how to fill in the service-side certificateOpenSSL genrsa-out private/client.key.2048 2048OpenSSL Req-new-key private/client.key.2048-out PRIVATE/CLIENT.CSR--Password required #利用CA根证书, issue client certificate OpenSSL x509-req-days 3650-sha1-extensions v3_req-ca certificates/ca.cer-cakey private/ca.key.2048
SSL Certificate for various HTTPS sites, extended SSL certificate, key exchange and authentication mechanism rollupA common HTTPS site used by the certificate and Data encryption technology list, easy to compare the reference when needed, will continue to join the new HTTP site, the information given here based on the
\mykey.cer-keystore D:\home\tomcat.keystore
3 with the List command to view the server's certificate library, you can see two certificates, one server certificate and one trusted client certificate:Keytool-list-keystore D:\home\tomcat.keystoreFour, let the client trust the server certificate
1. Because it is a two-way SSL
In the previous article, we talked about common authentication methods: User Name/password authentication and Windows authentication. In the next article, we will introduce another important credential type: X.509 Certificate and the authentication method for X.509
Configuring IIS 4.0 Certificate Authentication
Ramon Ali
Windows NT Magazine-February 1999
Use Certificate Server 1.0 (Certificate Server 1.0) as Certificate Authority
Wouldn't it be nice if you could give trusted users access to encrypted websites transparently? In this
" file. Double-click the Tomcat.cer file, follow the prompts to install the certificate, and fill in the certificate to Trusted root certification authorities.Fifth step: Configure the Tomcat serverOpen the/conf/server.xml under the Tomcat root directory and locate the following configuration section, as follows:Sslenabled= "true" maxthreads= "scheme=" "https"Secure= "true" Clientauth= "true" sslprotocol= "
Turn from: HTTPS Unidirectional authentication Instructions _ digital certificate, digital signature, SSL (TLS), SASLBecause TLS + SASL is used in the project to do the security authentication layer. So read some online information, here to do a summary.1. First recommend several articles:Digital certificate: http://ww
Complete the SSL (Secure Socket Layer) Certificate Service through Linux + Apache + OpenSSL, and provide secure HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) services.
Device SSL
1. device OpenSSL
Tar-zxvf openssl-0.9.8a.tar.gz
CD openssl-0.9.8a
./Configure
Make
Make install
The OpenSSL device is in the/usr/local/SSL directory.
2. install Apache
T
From: http://liujy1111.blog.163.com/blog/static/49739712008842372293/
However, when I follow the steps above, the HTTPS service will not start, and the certificate file will always be prompted that it does not exist or the format is invalid. After a long time, I finally got it done. Here I will summarize it.
Environment Information:
Software Version installation path
Tomcat APACHE-Tomcat-7.0.11 D:/tomcat
Recently in a project, the project was previously used. NET do, now need to rewrite with PHP. After development, you need to migrate the SSL certificate on IIS to the Apache environment.
Workaround:
Roughly three steps
First, export the certificate file to IIS
1. Start-> Run->mmc
2. Menu-> file-> Add/Remove snap-in
3. Select the
algorithm is used to encrypt the generated password during the handshake process. The symmetric encryption algorithm is used to encrypt the actually transmitted data, while the HASH algorithm is used to verify the data integrity.(3) if any errors occur during the TLS handshake, the encrypted connection is disconnected, thus preventing the transmission of private information.2. Two-way authentication step 1-certif
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.