Configuration Requirements
Operating System: Ubuntu 16.04 LTS.
Web server: Apache 2.4.
Database: MySQL/MariaDB and InnoDB storage engine
PHP 7
Installation preparation
Before installation, you must prepare the following content:
A Linux host that meets the minimum configuration requirements can be a VM instance, router, or server.
The host can access from the Internet through an IP address or d
Linux Cryptographic decryption basics, PKI and SSL, creating private CAs1. Encryption and Decryption Basics:Data in the network transmission process to ensure that three points:(1) Data integrity: To prevent the data in the transmission process by unauthorized users of the destruction or tampering.(2) Confidentiality of data: Prevent the disclosure of file data to unauthorized users so that it can be exploi
One, public key private key1, the public and private keys appear in pairs2, the public key is called the public key, only you know the private key3, the data encrypted with the public key can only be decrypted by the corresponding private key4, the data encrypted with the private
Configuration of SSL connections for private CAs and MySQL servers using OpenSSLI. INTRODUCTION of CAThe CA also has a certificate (with public and private keys included). Public users on the Internet trust the CA by verifying the CA's signature, and anyone can get the CA's certificate (with the public key) to verify t
A problem occurred recently. my IE is visiting an encrypted website, such as www. ICBC. com. when Using CN, you are always prompted to use the 128-bit "Secure Socket Layer (SSL)" security protection for the resources you want to access. To view this resource, you must use a browser that supports this SSL version. I am very depressed. My IE looks normal:
I chec
information.
Virtual Private Network VPN
Virtual Private network VPN is "virtual private network". Defined as a temporary, secure connection through a public network (usually the Internet), a secure, stable tunnel through a chaotic public network. VPN through virtual private
. The large scale of state-owned enterprises, high demonstration effect, first from the pilot, the latter gradually promoted.This year most of the technical staff to consult know Baidu Tiangong, although not clear about the specific role of Baidu Tiangong, but all know that Baidu has an internet of things platform.MQTT will become the preferred cloud communication protocol for the domestic industrial Internet
completed in the handshake phase! then say it:identity authentication can be two-way, that is, the server can also request a certificate to the client, the authentication process is similar, simple is to compare the signature and the private key and host name, and so on, under normal circumstances this matching process is very strict, third-party forged certificate difficult to pass. Incidentally, the algorithm used in identity authentication and the
reliable data transfer over a physical network link. Different data link layers define different network and protocol features, including physical addressing, network topology, error checking, frame sequences, and flow control. The data link layer is actually comprised of two separate parts, media access control (media access Control,mac) and the Logical Link Control layer (Logical link CONTROL,LLC). The d
Vincent. Windows Nginx Configuration SSL for HTTPS access (including certificate generation)Windows Nginx configuration SSL for HTTPS access (includes certificate generation)The first step is to explain why HTTPS is implemented.HTTP full name Hypertext Transfer Protocol, in which the client obtains hypertext content on
needs the k adsl line. Leave it to the people most needed by the branch office. However, I found that there was a problem with the route after the restart, So I typed the following command to add a permanent route: route-p add 10.0.0.0/8 10.152.64.253 so that I don't need to manually add a route every time I start the system. This finds out the essence of the vulnerability, the main Firewall uses the IPSEC-VPN (L2TP mechanism), divided into an intranet IP address, equivalent to the authenticati
restarted. OK, now we can go into the catalogue /usr/local/apache/conf to see. NBSP;HTTPD.CONF- This is the main configuration file for Apache, where you can set the basic environment for server startup, such as service?? Start mode, port number, the maximum number of connections allowed, and so on, this file is very detailed comments, to see the Ming?? White should have no problem. NBSP;ACCESS.CONF- This file is set in the system access mode a
secretly using Susan's computer and swapping Bob's public key with her public key. At this point, Susan actually owned Doug's public key, but thought it was Bob.'s public key. So Doug could impersonate Bob, make a "digital signature" of his private key, write to Susan, and let Susan decrypt it with a fake Bob's public key.Later, Susan felt something wrong and found herself unable to determine whether the public key really belonged to Bob. She thought
recently reported many security issues. Some authors point out that employees connect to the Internet through private computers, this greatly increases the likelihood that sensitive enterprise information may leave the company's location and die in the hands of an individual. In fact, these people may not need to access this information at all. At present, some
, this location must be consistent with the location defined by the virtual host in the Apache configuration file.
Sslengine on # enable
Sslcertificatefile/etc/httpd/SSL/httpd. CRT # certificate storage location
Sslcertificatekeyfile/etc/httpd/SSL/httpd. Key # key storage location
: WQ
[[Email protected] SSL] # echo text.bj.com>/var/www/html/index.html
[[Email pr
The SSL module is not installed by default, and if you want to use the module, you will need to specify the –with-http_ssl_module parameter when you compile Nginx.Demand:Doing a website domain name for www.localhost.cn requires access through https://www.localhost.cn.10.10.100.8 www.localhost.cnExperimental steps:1. First ensure that OpenSSL and Openssl-devel are installed on the machine#yum Install Openssl
; Ssl_session_cache shared:ssl:1m; Ssl_session_timeout 5m; Ssl_ciphers High :!anull:! MD5; Ssl_prefer_server_ciphers on ; / { root /usr/share/nginx/html; Index index.html index.htm; }}Three, restart Nginx, completesudo service nginx restartThe Pem pass phrase is typically queried during the restart process because the RSA private key file is protected with a passphrase. When the CA issued a certificate, set a pa
When developing a mobile website, we must use the "ssl client certificate" to deploy encrypted websites that are only accessible to specific mobile phones ",
Does all mobile phone systems support ssl client certificates well? Let's see how to use various mobile phone systems to access websites with ssl client certifi
-----" and "-----End certificate-----",The 2_www.domain.com.key file includes a section of the private key code "-----BEGIN RSA private key-----" and "-----End RSA private key-----.
Save the first paragraph of 1_DOMAIN.COM_CERT.CRT code in a CRT-formatted file DOMAIN.CRT, and the second paragraph is pasted into a text that is saved in CRT format.
File CA.CRT.(I
When you use httpwebrequest to access an SSL-type address https: // XXXX, the error "failed to establish a trust relationship for the SSL/TLS Security Channel (cocould not establish trust relationship for the SSL/TLS Secure Channel)"
I checked msdn and found a solution. For S
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.