First, the HTTPS service must be built with an HTTPS certificate. This certificate can be viewed as an application-level certificate. The reason for this is that the HTTPS certificate is generated based on the CA certificate. For official websites, CA certificates require a
Web Server supports HTTPS access requiring two files, private keys, and certificates. The private key and certificate are placed on the server, the private key is used to encrypt the data, and the certificate is passed to the client. Your own signed certificate is passed to the browser, because the
create a Root CA. We can only sign the certificate request by ourselves. Therefore, we asked OpenSSL to sign the request using the key attached to the certificate request, that is, the so-called "Self sign ":
$ OpenSSL ca-selfsign-In careq. pem-out cacert. pem
Parameter description
CA
SSL security certificates can be generated on their own or through a third-party CA (certification authority) Certification Center payment request. SSL security certificates include: 1, CA certificate, also called root certificate or intermediate level certificate. For one-way authenticated HTTPS, the CA certificate is
1. to generate a self-signed certificate, you usually need to configure an https server and an X509 certificate that is authenticated by a formal CA. When the client connects to the https server, the CA's common key is used to check whether the certificate is correct. However, it is very troublesome to obtain the CA
Connect the server to replace the self-signed certificate OpenSSL
A paragraph of each chapter:
Excuses too many people, success and he did not, finally doomed to rest sigh, regret, any thing, afraid! You will lose your life.
One, install the following roles within the Windows server AD server1. IIS, "with IIS client credent
own root certificate to verify that a server's certificate is valid.
If you want to provide a valid certificate, the server's certificate must be signed from a certificate authority such as VeriSign so that the browser can verify
private key is obtained, then the key file of the private key is used to generate the sign req file (. CSR), and the CSR file is sent to the authority, awaiting certification by the authority, and the certificate file (. crt) is returned after successful authentication. A: Generate the private key key.Step A is consistent with the second section using OpenSSL to generate the RSA key pair. Use command:
directly into the browser so that the browser can use its own root certificate to verify that a server's certificate is valid.
If you want to provide a valid certificate, the server's certificate must be signed from a certification authority such as VeriSign so that the bro
) Service This key encrypts the resource requested by the user, responds to the client; The note: SSL session is created based on IP address, so on a single IP host, Only one HTTPS virtual host can be used; Review several terms: pki,ca,crl,x.509 (v1, v2, v3) configuration httpd support https: (1) Request a digital certificate for the server; nbsp testing: Issuing certificates through private CAS NBSP ; (a)
1. First to generate the server-side private key (key file):Command:OpenSSL genrsa-des3-out Server.key 1024The runtime prompts for a password, which is used to encrypt the key file (the parameter des3 is the encryption algorithm, and of course you can choose other algorithms that you think are safe). You need to enter a password whenever you need to read this file (via the command or API provided by OpenSSL)2. Generate CSR and key on the serverCommand
connecting clients
Authenticate using a username andPassword. By default, passwords for both protocols are passed over
Network unencrypted.To configure SSL on Dovecot:? Edit the Dovecot configuration file/etc/pki/Dovecot-
OpenSSL. conf as you prefer.However in a typical installation, this file does not require
Modification.
Rename, move or delete the files/etc/pki/Dovecot/certs/Dovecot. pem
And/etc/pki/Dovecot/private/Dovecot. pem.? Execute the/usr/s
of a third-party authority is not used for authentication and serves as the CA.
Download an OpenSSL software online
1. Create a private key:
D:/OpenSSL> OpenSSL genrsa-out Ca/ca-key.pem 1024
2. Create a certificate request:
Note: This step prompts that the OpenSSL file is m
-signed to get the root certificate (. CRT) (CA issued to itself ).
[Plain]View Plain Copy
# Generate CA private key
Open SSL genrsa-out ca. Key 2048
# Generate CSR
OpenSSL req-New-key ca. Key-out ca. CSR
# Generate self signed certificate (CA root
Self-Signed X.509 digital certificate generation and Verification
Self-Signed X.509 digital certificate generation and Verification
Digital Certificates are used to mark the identity of network users. In Web applications, digital certificates are widely used, such as secure email, secure website access, Secure Electr
The OpenSSL Certificate Action command generates a self signed certificate# Generate a key, your private key, OpenSSL will prompt you to enter a password, you can enter, you can not lose,# Enter the words, each time you use this key to enter the password, security, or there
The main file types and protocols for certificates are: PEM, DER, PFX, JKS, KDB, CER, Key, CSR, CRT, CRL, OCSP, SCEP, etc.
Pem–openssl uses the PEM (privacy enhanced Mail) format to hold various information, which is the default way of storing information in OpenSSL. The PEM file in Openssl generally contains the following information: Content type: Indicates wha
OpenSSL self-built certificate SSL + Apache
I have prepared it. Well, the following is my note. For details, enter the author name: wingger.In this article, we will test the certificate on Linux9 + apache2.0.52, tomcat5.5.6, j2se1.5, and openssl0.97.The purpose of this article is to communicate. If any errors occur, please advise.Reprinted, please indica
OpenSSL genrsa-out server.key 1024 (no password required)OpenSSL Req-new-key server.key-out SERVER.CSRCat SERVER.CSRPaste the above text into http://dc2.sankuai.info/certsrv/request Advanced Certificate request---->web Server certificate, OK, download base 64 encoded certificate
First, you need to understand some basic concepts before installing
1. Certificates used by SSL can be self-generated or signed by a commercial ca such as Verisign or thawte.
2. Certificate concept: First, you must have a root certificate, and then use the root certificate to issue the server
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.