How to configure a secure http service to make the service more secure. You can also learn how ca works. 650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/055P4N91-0.gif "alt =" j_0003.gif "/>
HTTP + SSL = HTTPS
Configure the CA Server
========================================================== ======================
1. Configure CA 172.16.1.2 to generate the CA's own public key and private key CA to self-sign the certificate (generated by script)
CA Server Configura
Add fedora yum source in China ~ All ~ Accelerate your download speed-general Linux technology-Linux technology and application information. For more information, see the following. Foreign yum sources are very slow, and there are good sources in China, so it is best to set up the source in China, the best in China are beiyou, Tsinghua, and Shanghai Jiaotong University.
The procedure is as follows:
First, install the yum-fastestmirror plug-in and select the fastest source automatically.
# Yum in
Experimental environment:
Virtual machine: Vmware®workstation ProHost A:ip to 10.1.255.55/16, create CA and provide CA service to other hostsHost B: For httpd server, IP for 10.1.249.115/161, view the OpenSSL profile/etc/pki/tls/openssl.cnf
[Root@localhost ~]# cat/etc/pki/tls/openssl.cnf (View the contents of the CA portion of the configuration file)
......
[CA]Default_ca = ca_default # The default CA s
/secret-t 127.0.0.1:6082 # Login Admin command lineVcl.list # List all the configurationsVcl.load TEST1/ETC/VARNISH/DEFAULT.VCL # Load compiled new configuration, test1 is the configuration name, TEST.VCL is the configuration fileVcl.use Test1 # Use configuration, specify the configuration name, the current configuration to use the last vcl.use to prevailVcl.show test1 # Show configuration content, specify configuration name##############################4. Configure Nginx SSL AccessConfiguring C
will prompt you to enter the required personal information in step-by-steps (for example: country,province , City,company, etc.).Two. Client1. Generate The client private key (key file); OpenSSL genrsa-des3-out client.key 1024x7682. Generate Client certificate signing request file (CSR file);OpenSSL req-new-key client.key-out CLIENT.CSR CD /tmp/create_key/ca three. Generate the CA certificate file#server. CSR and CLIENT.CSR files must be signed by a CA to form a certificate.1. First generate th
copy of the past on the line)
The following steps do not have to
The code is as follows
Copy Code
[Root@station23 ca]# mkdir./newcerts[Root@station23 ca]# touch./{serial,index.txt}[Root@station23 ca]# echo "> serial
If you forget the above operation, the CA will have the following error on the visa, as follows:
The code is as follows
Copy Code
[root@station23 test]# OpenSSL ca-in my.csr-out ldap.crtUsing Configuration From/etc
[CentOSplus], [contrib]… Priority = 2
Third-party software Source: priority = N (N> 10 recommended)
For example, my CentOS-Base.repo configuration is (CentOS 6.0 ):
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and
# Update status of each mirror to pick mirrors that are updated to and
# Geographically close to the client. You shoshould use this for CentOS updates
# Unless you are manually picking other mirrors.
#
# If the specified list = does not work f
choice, and the new version of Docker also recommends that we do so and look down.
3.3 Installing an SSL certificate for NginxFirst open the three-line comment for SSL in the Nginx configuration file# vi /etc/nginx/conf.d/docker-registry.conf...server { listen 8000; server_name registry.domain.com; ssl on; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key;...After saving, Nginx will separate from /etc/nginx/ssl/nginx.crt and /etc/nginx/ssl/nginx.key rea
Certificate category-Root certificate generates the server certificate, which is the basis of the client certificate. Self-signed.-The server certificate is issued by the root certificate. configured on the server.-The client certificate is issued by the root certificate. Configured on the server, and sent to the customer, to allow customers to install in the browser.
Be aware that1. The CN of the server certificate is consistent with ServerName, otherwise there is a warning when starting httpd.
why password of any type should not be used on Windows networks) )).
Is PKI used?
One of the most common misunderstandings about EFS is that EFS uses a public key infrastructure (PKI. Although EFS can be easily integrated and used with PKI (your company should already have PKI), this is absolutely not necessary. That
: print ("Unable to generate database") # Once the database is generated of it already has been, I can # initialize the connection. try: self. _ conn = sqlite3.connect (self. _ dbfile) self. _ cursor = self. _ conn. cursor () failed t Exception, why: print ("Unable to connect to database \" % s \ ": % s. "% (self. _ dbfile, why) log. debug ("Connected to SQLite database \" % s \". "% Self. _ dbfile) def _ generate (self): "" Creates database structure in a SQLite file. "if OS. path. exists (self
minutes on my page, saying my computer has the downadup. B virus (and its variants ). Is my computer poisoned?A: No. However, your computer is a computer that has the opportunity to be infected by downadup (so you still need to contact the computer room personnel in time to prevent attacks in an all-round way), just because Symantec antivirus software has prevented further infection. On the contrary, computer viruses are not clearly indicated.
Q: wh
through the types of mobile payment security issues, it is generally considered that the security of mobile payment can be ensured by means of wireless public key Infrastructure (WPK I), WAP Security and identity authentication.1 , Wireless public Key Infrastructure (WPKI)WPKI (Wireless PKI) is a kind of extension of the cable PKI , it introduces the security mechanism of
, deleting, and querying basic user information.
4. the application system retains user management functions, such as user grouping and user authorization.
5. uums should have a complete log function, recording in detail the uums operations of various application systems.
Unified user authentication is based on uums. It provides unified authentication methods and policies for all application systems to identify the legitimacy of user identities. Unified user authentication should support t
unified authentication methods and policies for all application systems to identify the legitimacy of user identities. Unified user authentication should support the following authentication methods:
1. Anonymous Authentication: users can log on to the system anonymously without any authentication.
2. User Name/password authentication: This is the most basic authentication method.
3. PKI/CA digital certificate authentication: authenticates the user's
Self-built CA Based on OpenSSL and SSL certificate issuance
For details about SSL/TLS, see the SSL/TLS principles.For more information about Certificate Authority (CA) and digital certificate, see OpenSSL and SSL digital certificate concepts.
Openssl is a suite of open-source programs. It consists of three parts: one islibcryto, This is a general function of the encryption library, which implements a large number of encryption libraries; secondlibsslThis implements the ssl mechanism. It is used
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.