Build your own CA to sign the certificate
This series of articles is divided into three parts: build your own certificate issuing service, generate a certificate request, and sign the generated certificate request through the self-built
Twobased onHTTPS replication for CA certificates ??????? I just looked at it. On the system disaster tolerance based on Kerberos and CA certificate (on) or in 2017-08-31, until now half a year passed, lazy cancer is too heavy, has not been updated, from today onwards will gradually update the beginning of the tutorial, I hope to have more friends to understand an
92.168.10.187 CA Server192.168.10.190 Web Server(1) Build CACd/etc/pki/caCreate serial and Index.txt two files in this directoryecho > Serial (00 is the initial version number of the issuing certificate)Touch Index.txt(Umask 006;openssl genrsa-out private/cakey.pem 4096) generate private keyOpenSSL req-new-x509-key private/cakey.pem-out cacert.pem-days 3650 Generate self-signed
authentication is so sure to be supported by a certificate to implement a CA encryption connection, first install the certificate and the certificate is installed on the domain controller. How do I install the certificate?
First, install
VISUALSVN Server Download Address: http://www.visualsvn.com/server/download/
OpenSSL download Address: http://code.google.com/p/openssl-for-windows/
Also available for download through my resources: http://download.csdn.net/detail/deleteelf/4161438
Note that OpenSSL requires support from C + + Redistributable
2008 Version: HTTP://WWW.MICROSOFT.COM/DOWNLOADS/ZH-CN/DETAILS.ASPX?FAMILYID=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF
2010 Version: http://www.microsoft.com/downloads/zh-cn/details.aspx?family
I. Configuring HTTPS and self-signed certificates for Nginx1. Making CA CertificateCa.key CA Private Key:OpenSSL genrsa-des3-out Ca.key 2048Make the decrypted CA private key (which is generally not necessary):OpenSSL rsa-in ca.key-out Ca_decrypted.keyCA.CRT CA Root certificate
This article original from Http://blog.csdn.net/voipmaker reprint annotated source.This series is divided into three articles, mainly about building your own certificate issuance services, generating certificate requests, and signing and eventually applying the generated certificate request to the service through your own built ca.This article is the last one, co
Operating system: Mac OS X (Yosemite) Burp Suit Version: 1.6.09 Firefox version: 37.0.1 1. Configure Burp Suit A. Double hit Open burp Suit B. Configuration proxy (Options->edit, proxy) 2. Configure the agent for Firefox browser A. Enter Firefox settings B. Configure the proxy as, and save: Connection (Settings), Network, advanced 3. Obtaining a Certificate A. Access http://burp/in Firefox browser B. Click "CA
试验环境介绍(Host for CA 192.168.23.10, httpd: 192.168.23.11)
1: Create a new Web server with a host name of www Yum Install- y httpd 2: Generate private keymkdir/etc/httpd/SSL CD/etc/httpd/SSL (Umask077;openssl genrsa-out/etc/httpd/ssl/httpd.key 2048) 3: Generate Certificate Signing requestOpenSSL req -new -key/etc/httpd/ssl/httpd. Key -out httpd. CSR -days 365 The
1, download the CA certificate from Curl official website (of course, you can also choose to create an SSL CA certificate, refer to 54898870 for details, or Baidu for yourself)CA Certificate: https://curl.haxx.se/docs/caextract.ht
First, generate certificate signing Request (CSR) in IIS
Personal understanding: The generation of a CSR is the creation of a "private/public key pair" from which the public key is extracted.
1. Open IIS Manager, select Server certificates in the root node, click the Create certificate Request on the right ..., and then fill in the corresponding distinguished Name Properties (see figure below).
Common
Issuer: Cn = Duke, ou = Java software, O = "Sun Microsystems, Inc.", L = Palo Alto, St = Ca, c = us
Serial number: 3c22adc1
Valid from: Thu DEC 20 19:34:25 PST 2001 until: Thu Dec 27 19:34:25 PST 2001
Certificate fingerprints:
When we visit HTTPS, for some programs need to provide access to the site's CA certificate, this time clients can access the system website, such as using Tibco Business Workspace 5 HTTP send request activty to visit google API provides the rest service, we need to provide the CA certificate of the Www.googleapis.com w
An error has been prompted at the self-signed CA certificate:[email protected] ssl]# OpenSSL ca-in master.csr-out master.crt-days 365Using configuration From/etc/pki/tls/openssl.Cnfcheck that the request matches the Signaturesignature okerror:serial number have already been issued, check the Database/serial_file for corruptionthe matching entry have the following
certificaterequest.servervariables["Cert_cookie"]Unique Client Certificate ID numberrequest.servervariables["Cert_flag"]Client certificate flag, if there is a client certificate, BIT0 is 0 if the client certificate validation is invalid, bit1 is set to 1request.servervariables["Cert_issuer"]The Publisher field in the
Tags: des style blog HTTP Io color ar OS sp
Create a Certificate Authority private key (this is your most important key ):
$ openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key
Create your ca self-signed certificate:
$ openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem
Issue a client
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.