When we visit HTTPS, for some programs need to provide access to the site's CA certificate, this time clients can access the system website, such as using Tibco Business Workspace 5 HTTP send request activty to visit google API provides the rest service, we need to provide the CA certificate of the Www.googleapis.com w
If the site is for intranet access, build the CA server to issue certificates, if it is for the Internet to access, or to buy SSL certificate is better, today to introduce themselves to build CA server issued a certificate to do encrypted Web site.192.168.10.187 CA Server192
Build your own certificate issuing service (CA)
This series of articles is divided into three parts. It mainly introduces how to build your own certificate issuing service, generate certificate requests, and sign the generated certificate request through the self-built
Tags: des style blog HTTP Io color ar OS sp
Create a Certificate Authority private key (this is your most important key ):
$ openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key
Create your ca self-signed certificate:
$ openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem
Issue a client
file without the write configuration fileOpenSSL req-new-key server.key-out server.csr-config./openssl.cnf3.2 Generate the CSR file need to fill in some information, Common name to fill in the main domain name, the domain name in dns.xxCountry name (2 letter code) [Au]:cnstate or province name (full name) [some-state]:fujianlocality name (eg, city) []:xiam Enorganization name (eg, company) [Internet widgits Pty ltd]:cnblogsorganizational Unit Name (eg, section) []:cnblogscommo n Name (e.g. serv
After a lot of groping experiments I finally succeeded in achieving the SSL certificate authentication function, so I think this time I want to record these steps for future reference.
For security and convenience reasons, I want to sign a client's certificate on a separate dedicated machine, also known as a Certificate Certification center (
Boss's need to put the company WebLogic server by HTTP access mode for HTTPS premises CA certificate issued by itself not by a unified CA Agency applicationFirst, the Environment preparationinstallationJDK(optional)Weblogicafter installation comes withJDKinstallation. If you generate a certificate request directly on t
optional company name []:
[Root @ tsghweb OpenSSL] #
... ...Verify ca File
[Root @ tsghweb OpenSSL] #OpenSSL verify-cafile rootca. CRT-purpose sslserver rootcaserver. CRT
Rootcaserver. CRT:/C = US/o = Verisign, Inc. /ou = Verisign trust network/ou = Terms of Use at https://www.verisign.com/rpa (c) 09/CN = Verisign Class 3 secure server ca-G2
Error 20 at 0 depth lookup: Unable to get local issuer
In my article, I mentioned how to use OpenSSL to export the SSL CA certificate from the HTTPS Web site. This method is not very intuitive, and requires the user to manually copy, and then save as a file, then there is no better and more convenient tool?Fortunately, people in the industry who are enthusiastic about open source projects provide us with a more convenient and simple tool: portecle; Using this t
Charles Proxy, like Fiddler under Windows, can view HTTPS traffic, but when you check HTTPS requests using the CA certificate provided by Charles, the following error occurs on Firefox 35 Web page:Twitter.com uses a invalid security certificate. The certificate is not trusted because the issuer
first create a private on the other host CaIf I were to open a different virtual machine now,Log inOne, surviving a pair of keys (the private key and the public key, the public key can be extracted in the private key so that the private key is created)[[Email protected] ~] #cd/ETC/PKI/CA[[Email protected] ca]# (umask 077; opensslgenrsa–out PRIVATE/CAKEY.PEM 2048)second, the generation
Build your own CA to sign the certificate
This series of articles is divided into three parts: build your own certificate issuing service, generate a certificate request, and sign the generated certificate request through the self-built
Twobased onHTTPS replication for CA certificates ??????? I just looked at it. On the system disaster tolerance based on Kerberos and CA certificate (on) or in 2017-08-31, until now half a year passed, lazy cancer is too heavy, has not been updated, from today onwards will gradually update the beginning of the tutorial, I hope to have more friends to understand an
Create a server private key, and the command will let you enter a password:
$ OpenSSL genrsa-des3-out server.key 1024
Create a certificate (CSR) for the signing request:
$ OpenSSL req-new-key server.key-out SERVER.CSR
Remove the required password when loading SSL-supported Nginx and using the above private key:
$ CP Server.key server.key.org
$ OpenSSL rsa-in server.key.org-out Server.key
The last token
authentication is so sure to be supported by a certificate to implement a CA encryption connection, first install the certificate and the certificate is installed on the domain controller. How do I install the certificate?
First, install
VISUALSVN Server Download Address: http://www.visualsvn.com/server/download/
OpenSSL download Address: http://code.google.com/p/openssl-for-windows/
Also available for download through my resources: http://download.csdn.net/detail/deleteelf/4161438
Note that OpenSSL requires support from C + + Redistributable
2008 Version: HTTP://WWW.MICROSOFT.COM/DOWNLOADS/ZH-CN/DETAILS.ASPX?FAMILYID=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF
2010 Version: http://www.microsoft.com/downloads/zh-cn/details.aspx?family
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.