Discover checking ssl certificate with openssl, include the articles, news, trends, analysis and practical advice about checking ssl certificate with openssl on alibabacloud.com
Installing Apache2sudo Install apache2Installing OpenSSLGeneral system comes with, can be viewed through OpenSSL version, if not,sudo Install OpenSSLCreate a DirectoryCreate a directory that is named SSLsudo mkdir /etc/apache2/sslCreate a self-signed vouchersudo 365 -newkey RSA:2048 -KEYOUT/ETC/APACHE2/SSL/APACHE.KEY-OUT/ETC/APACHE2/SSL/APACHE.CRTOpen Apache
unsafe content.
If a page needs to be accessed through HTTPS, all of the elements must be HTTPS, if there are: Pictures, JS script, Flash plug-ins are called through HTTP, it will appear this error, the most common is the call Flash playback plug-ins: codebase = ' http://download.macromedia.com/pub/shockwave/Cabs/flash/swflash.cab ', change HTTP to HTTPS, and test the SSL problem after refreshing. issue: The security
. Generate Server.key (name not important)OpenSSL genrsa-out Server.key 20483. Generate a Certificate signing requestOpenSSL req-new-key server.key-out server.csr-config openssl.cnfCommon Name is filled in this step, *.baidu.com4. Using a self-signed CA, sign SERVER.SCROpenSSL ca-days 180-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config openssl.cnf#输入第一步设置的密码, always press Y.SERVER.CRT Server.
Thrift ssl Certificate arrangement, thriftssl
1. Generate A certificate. The number of machines required must be greater than or equal to 2 (one server certificate is generated and one server certificate is generated). The following server uses A as the server and B as the c
1. Configure the SSL module for nginx
Nginx does not have an SSL module by default, while nginx 0.7.63 is installed in my VPs by default. The following describes how to upgrade nginx to 0.7.64 and configure the SSL module:
Download nginx 0.7.64 and decompress it to the decompressed directory:
CopyCode The Code is as follows: wget http://sysoev.ru/nginx/nginx-0
certificate through IE on the client.
Enter: If you are afraid of mistakes, you will fill in the country or something. In fact, you only need to write a name.
Type: when accessing the web application of CA, it is best to open "more options" and "Advanced Certificate Application". Fill in the URL of the web server in the "note name" column, such as www.boc.cn
Please note: The
[root@iz620cgsubhz/tmp]# git clone https://git.dwhd.org/lookback/docker-gitlab.gitCloning to ' Docker-gitlab ' ...Fatal:unable to access ' https://git.dwhd.org/lookback/docker-gitlab.git/': Peer ' s certificate issuer are not recognized.
[root@iz620cgsubhz/tmp]# cd/etc/ssl/certs/[root@iz620cgsubhz/etc/ssl/certs]# Make Serial=5This makefile allows your to create:
OpenSSL to convert the format, the specific commands are as follows, replace MYCERT.CRT with your own file.
OpenSSL x509-in mycert.crt-out mycert.pem-outform PEM
Third, Upyun configuration
In the Upyun background find "toolbox"--> "Add SSL Certificate", open the Pem file in Notepad, fill in the
Original address: http://www.lamppr.com/node/648
Generate a certificate using OpenSSL
1. How to generate RSA keys
OpenSSL genrsa-des3-out Privkey.pem 2048
This command generates a 2048-bit key with a password that is encrypted by the Des3 method, and if you do not want to enter the password every time, you can change it to:
Before, there is a domain name using the online free SSL certificate, and then want to change the certificate after the expiration of Let's encrypt free certificate, then want to query the domain name SSL certificate How many days
1, Nginx configuration SSL ModuleThe default nginx is no SSL module, and my VPS is installed by default Nginx 0.7.63, incidentally, the Nginx upgrade to 0.7.64 and configure the SSL module as follows:Download Nginx 0.7.64 release, unzip into the extract directory:Copy CodeThe code is as follows:wget http://sysoev.ru/nginx/nginx-0.7.64.tar.gzTar zxvf nginx-0.7.64.
unit Name (eg, section) []:zhangc.com
Common name (eg, your name or your server ' s hostname) []:www.zhangc.com
Email Address []:vipzhangchao@yeah.net
[ROOT@ZHANGC server]# mkdir/etc/vsftpd/certs "Create certificate store Directory"
[ROOT@ZHANGC server]# cd/etc/vsftpd/certs/
[ROOT@ZHANGC certs]# OpenSSL genrsa 1024 gt;vsftpd.key ' Create key '
[ROOT@ZHANGC certs]#
, probably the distance expires in three days or more than 10 days before the update, otherwise you will be prompted not to update. (Yesterday updated the certificate, today directly with renew, prompt not allowed to update) #这里方便测试, add parameter--force-renew, can force immediate update (but it seems to have a check, the time will be shorter, such as I have just updated, immediately again execution will be error and prompt does not need to update). C
private key is specified (private key)Generate CSR based on existing CRT files and private keysOpenSSL x509 -in domain.crt -signkey domain.key -x509toreq-out DOMAIN.CSR-x509toreq using X509 certificates to generate CSRStep two: Generate an SSL certificateGenerate a private key and a self-signed certificate:OpenSSL req -newkey rsa:2048-nodes-keyout domain.key -x509-days 365-out domain.crt-days 365 365 days validityTo
SSL Certificate Request file (CSR) Generation Guide-TomcatHttp://www.zhenssl.com/support/CSRgen/tomcat_CSR.htm
important points to note An Important Note before you StartGenerate your private key at the same time as the CSR file is generated, and if you lose the private key or forget the private key password, the certificate is issued to you and
1, download the CA certificate from Curl official website (of course, you can also choose to create an SSL CA certificate, refer to 54898870 for details, or Baidu for yourself)CA Certificate: https://curl.haxx.se/docs/caextract.html page to select downloadOr: Https://curl.haxx.se/ca/cacert.pem2. Create a new folder in
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.