transferred from:http://www.getvm.net/apache-crt-ssl-convert-to-iis-pfx/Apache uses the The SSL certificate is. crt format, if your website from Apache to the Windows host IIS, this time to put the original certificate on IIS to use, is not able to directly use this
In the SSL bidirectional handshake configuration for Tomcat, APR is enabled by default in version 6.0.33 (APR is a portable library accessed through JNI, which can improve Tomcat performance and scalability ), therefore, an exception is reported when you use the traditional configuration method (as shown below;
Traditional SSL Configuration:XML Code
Maxthreads = "150" Scheme = "HTTPS" secure = "true"
1. Convert the JKS format certificate into a PFX format Keytool-importkeystore-srckeystore D:\server.jks-destkeystore D:\server.pfx-srcstoretype JKS- Deststoretype PKCS12 2. Converts a PFX format certificate to JKS format keytool-
The SSL certificate formats used by different platforms and languages are often different. Here we record some common conversion methods.
All are converted using OpenSSL or keytool. You do not need to implement the conversion using your own code. You can replace the corresponding file name in use.
-------------------------------------- I am a split line -----------------------------------------
# Convert CR
following page is displayed:
To create a root certificate, select a self-authenticated certificate with serial number 1, select SHA 256 as the signature algorithm, select the default CA as the certificate template, and then click Apply all (this cannot be missed) as follows:
Switch to the Subject Page and fill in all fields.
Click Generate a new key to Genera
First, make sure that your Apache compiles the SSL module, which is the necessary condition to support SSL certificate (if not, compile, "open Phpstudy" "Other options Menu", "php extension", "Php-openssl" in front of the check box).Create the CERT directory under Apache's installation directory, and copy all downloaded files to the Cert directory.Open the httpd.
PHP to view SSL Certificate Information, php to view ssl Certificate
Preface
An SSL certificate is a trusted Digital Certificate Authority (CA) that issues an
.
VII, check and perfect the application of SSL certificate
It doesn't matter if you see a problem after deployment starts. We are going to solve the problem. This problem is because there are some pictures, text, call links or HTTP format, we need to replace all the HTTPS format URL.
SSL Certificate for various HTTPS sites, extended SSL certificate, key exchange and authentication mechanism rollupA common HTTPS site used by the certificate and Data encryption technology list, easy to compare the reference when needed, will continue to join the new HTTP s
With Xca (X Certificate and Key Management) Visual Project Manager SSL Certificate series articles (2) and (3). We learned how to generate a certificate with XCA (X Certificate and Key Management), how you have generated your own defined Credential Management Center (
Recently in a project, the project was previously used. NET do, now need to rewrite with PHP. After development, you need to migrate the SSL certificate on IIS to the Apache environment.
Workaround:
Roughly three steps
First, export the certificate file to IIS
1. Start-> Run->mmc
2. Menu-> file-> Add/Remove snap-in
3. Select the
nginx.csr OpenSSL ca-in nginx.csr-out nginx.crt-days=3650
3. Create a client browser certificate
(umask 077;openssl genrsa-out client.key 1024)
OpenSSL req-new-key client.key-out client.csr OpenSSL ca-in client.csr-out client.crt-days=3650
Convert a certificate in text format to a certif
articles in the mention, but not clearly specified, will let the reader confused. 强烈推荐使用OpenSSL的读者阅读x509v3_config-x509 V3 Certificate Extension configuration format
recognises, the actual combat now!OpensslI am using Ubuntu, so there may be different operating system OpenSSL configuration file path is not the same situation, please readers themselves according to their own situation to find the defaul
certreq.csr -keystore
Replace with the path and .keystore the file name created by your local certificate.
Submit the created file to the certreq.csr CA that you want to authorize.Please refer to the documentation for the CA to find out how to do this.
The CA will send a certificate that you have signed.
To import a new certificate to
Several problems encountered when purchasing an SSL certificate to deploy a website and ssl Problems
As a cainiao, I don't know much about SSL certificates. I only know that it is safer to use its website. So I encountered various problems on the way to using SSL certificate
certificate, you can divide the certificate into two types: for example, when our native owns the certificate's private key, as shown on the left, otherwise, as shown on the right :As you can see, the diagram on the left identifies "you have a private key that matches the certificate" and the right image does not. For a cert
certificate (umask 077;openssl genrsa-out client.key 1024)OpenSSL Req-new-key client.key-out CLIENT.CSROpenSSL ca-in client.csr-out client.crt-days=3650Convert a certificate in text format to a certificate that can be imported into a browserOpenSSL pkcs12-export-clcerts-in Client.crt-inkey client.key-out client.p12 5
To successfully set up SSL security site key to have the following conditions.
1, need to obtain the server certificate from the trusted certificate mechanism ca.2, you must install the server certificate on the Web server.3. The SSL feature must be enabled on the Web server
This is a very interesting experiment.
As you know, certificates issued by some SSL certification authorities are installed on the server side, allowing visitors to access the site through SSL links, and can confirm the site's true address to the visitor. However, if you want to restrict the visitors to your site, you need to verify the certificate that the clien
However, for ordinary personal sites, to date has not been said to use the SSL domain name certificate, but some similar to the consumer interaction and account security class site must be used, even if not for the site in search engine experience needs, but also the user's information is responsible. In previous posts, Lao left also shared several configurations of SSL
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.