Root certificate
1. Establish the CA working directory
mkdir CA
CD CA
2. Generate the CA private key
OpenSSL genrsa-out Ca-key.pem 1024
3. Generate a certificate to be signed
OpenSSL req-new-out Ca-req.csr-key
First, prepare the environmentBuild platform: linux+apache-tomcat-7.0.35.tar.gzIi. Generating CA certificatesTo create a directory:#mkdir CA Client ServerCurrently does not use a third-party authoritative CA to authenticate itself as a CA role.2.1 Creating a private key#openssl Genrsa-out
How to configure a secure http service to make the service more secure. You can also learn how ca works. 650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/055P4N91-0.gif "alt =" j_0003.gif "/>
HTTP + SSL = HTTPS
Configure the CA Server
========================================================== ======================
1. Configure CA 172
refresh the map
Java code
Public
voidRefreshmapview () {Geopoint p =
NewGeopoint (
int) (dlat* 1E6), (
int) (dlng* 1E6)); Mmapview01.displayzoomcontrols (
true); Mmapcontroller01.animateto (P); Mmapcontroller01.setzoom (Intzoomlevel); }
public void Refreshmapview () {geopoint p = new Geopoint (int) (dlat* 1E6), (int) (dlng* 1E6)); Mmapview01.displayzoomcontro LS (true); Mmapcontroller01.animateto (P); Mmapcontroller01.setzoom (Intzoomlevel); }
according to the current latitude and lon
, update, delete on *. * To EJBCA @ "%"
Identified by "123456"; // log on to any database on any machine.Grant all on EJBCA. * to admin @ localhost identified by "123456" with grant option
5. Go to the decompressed directory of EJBCA for execution.E: \ EJBCA> ant replaceds press ENTERBuildfile: Build. xml
Replaceds:[Input] type of database:
(Oracle, MSSQL, MySQL, ipvs, ipvs8, sapdb, HSQLDB, Sybase)MySQL press ENTER[Input] Data Source (default Java:/defaultds, recommended Java:/ejbcads ):Java:/ej
variable to point to its bin folder.
Download OpenSSL profile http://www.securityfocus.com/data/tools/openssl.conf
And copy it to a folder so that it can be specified through the command line. Here is C:/SSL/
Otherwise, the error "unable to load config info from/usr/local/SSL/OpenSSL. CNF" is reported during running.
==================================
The following installation and configuration environments are Linux, Tomcat-5.5.30
1. Create a directory
CD/home
Mkdir SSL
CD SSL
Mkdir
From: http://blog.csdn.net/aking21alinjuju/article/details/7654097
I. Generate a CA certificate
Currently, the CA of a third-party authority is not used for authentication and serves as the CA.
Prerequisites: Download www.openssl.org from the OpenSSL official website to install OpenSSL [Windows and Linux are different]
Start generating certificates and keys
If no
After sorting out a Windows batch file, 8 steps are required.
Echo off REM reference: http://book.51cto.com/art/201004/192440.htm pushd "E: \ OpenSSL Certificate Management \" Echo. echo 1. creates a random number. rndopenssl rand-out. RND 1000: the meaning of each parameter is as follows: Rand random number command. :-Out output file path. Here, the random number file. RND is output to the current directory.: 1000 indicates the number of pseudo-random numbers. Echo. echo 2. build the root cert
Obtain GPS information via mobile phone, then use GPS latitude and longitude to query the corresponding geographical location information.1, the use of Android with the implementation of the API, after testing basically no results. Reserved for reference. The key code is as follows:Geocoder geocoder=new Geocoder (gotomylocationactivity.this); Geocoder
content on this website. And the transfer process is encrypted. is not very simple. The entire transfer process is probably the case, the client requests the SSL connection handshake (which will be with the server some SSL protocol interaction between, this we do not have to study in detail) the server to pass its own certificate to the client, The client authenticates the certificate (the certificate is installed by default on each client computer, which is used by the certificate authority),
Http://www.h3c.com.cn/Products___Technology/Technology/Security_Encrypt/Other_technology/Representative_ Collocate_enchiridion/201010/697325_30003_0.htmHTTPS Web Configuration ExampleKeywords: HTTPS, SSL, PKI, CA, RASummary: HTTPS is an HTTP protocol that supports SSL. The user can safely log on to the device via the HTTPS protocol and control the device through a Web page. This article describes the configuration process for HTTPS.Abbreviations:
$ tar-zxvf pcre-8.36.tar.gz$ CD pcre-8.36$./configure$ make$ sudo make install 1.2.4 Installing Nginx $ tar-zxvf nginx-1.7.10.tar.gz$ CD nginx-1.7.10$./configure--with-pcre=. /pcre-8.36--with-zlib=. /zlib-1.2.8--with-openssl=. /openssl-fips-2.0.9$ make$ sudo make install Nginx is installed by default in the/usr/local/nginx directory.1.3 Verify the Nginx installation is successful$ sudo/usr/local/nginx/sbin/nginx-tNginx:the configuration file/usr/local/nginx/conf/nginx.conf syntax is OKNginx:con
) Encrypt the digest and the original data using a symmetric secret key;4) Then use Bob's public key to encrypt the symmetric secret key;5) Ciphertext data transmission ———— >Bob:1) 2) Use Bob's private key to decrypt the symmetric secret key;3) Decrypt the original data and the encrypted digest using the symmetric secret key;4) Decrypt the digest using Alice's public key;5) Calculates the hash summary of the original data and compares it with the decrypted digest to determine the integrity of t
Deploy a globally trusted PKI
John Morello's column contains prerelease information that may change.
The Public Key Infrastructure (or PKI) is a basic element for building trust between different applications, operating systems, and identity recognition fields. It is built on a hierarchical trust model. In this model, the final entity trusts the highest root level public key, so it implicitly trusts any other key signed by the root.
In view of this structure, it is easy to expand the well-desig
public key, which is usually sent to the client by the server, and the receiver verifies whether the certificate is trusted by a trusted CA or is relative to the local certificate, and if two-way authentication is required, Both the server and the client need to send a digital certificate to the other party for verification;
three random numbers : These three random numbers form the " conversation key "that is used to decrypt the data for symmetr
See if SSL is supported
First, execute the following command on MySQL to query whether MySQL supports SSL:
Mysql> show VARIABLES like ' Have_ssl ';
+---------------+-------+
| variable_name | Value |
+---------------+-------+
| Have_ssl | YES |
+---------------+-------+
1 row in Set (0.02 sec)
When Have_ssl is YES, it means that the MySQL service already supports SSL. If it is desable, you will need to enable the SSL feature when you start the MySQL service.
Using OpenSSL to c
See if SSL is supported
First, execute the following command on MySQL to query whether MySQL supports SSL:
Mysql> show VARIABLES like ' Have_ssl ';+---------------+-------+| variable_name | Value |+---------------+-------+| Have_ssl | YES |+---------------+-------+1 row in Set (0.02 sec)
When Have_ssl is YES, it means that the MySQL service already supports SSL. If it is desable, you will need to enable the SSL feature when you start the MySQL service.
using OpenSSL t
understand a few concepts before doing a specific switching operation:Ssl/tslAbout SSL/TSL, Nanyi's two blog posts are a good introduction:
Overview of the operating mechanism of SSL/TLS protocol
Graphical SSL/TLS protocol
Simply put, SSL/TSL through four handshake, the main exchange of three information:
Digital Certificate : The certificate contains information such as the public key, which is usually sent to the client by the server, and the receiver verifies wheth
This article describes how to build a Web server certificate and personal digital certificate using the HTTPS feature of Tomcat, and a CA that you create yourself, and eventually build an HTTPS two-way authentication environment that can be used for testing purposes. The business process of building HTTPS two-way authentication in this article is as follows:1. Create a Web server public key key and generate a server certificate request.2. Use a self-b
and slow query log. It depends on which application supports the password, it may also contain some Server Load balancer settings.
What is the difference between SSL in MySQL and SSL in browsers?
The browser has a CA Trust List by default, but MySQL does not. This is their biggest difference. MySQL and OpenVPN use SSL very similar.Both MySQL server and Web server have enabled SSL and both require client certificates, which are the same for them.There
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.