Objective
The CA is the issuing authority for the certificate, which is the core of the PKI. CA is the authority responsible for issuing certificates, certifying certificates, and administering issued certificates.It is to develop policies and specific steps to verify, identify, and sign user certificates to ensure that the identity of the certificate holder andOwnership of the public key.The CA also has a certificate (public key included) and a
the server's/etc/pki/tls/certs/, and copy the. Key and. CSR files to/etc/pki/tls/private/. (for CentOS server only, other servers please Baidu).You will also need to link the CERT.PEM (if not one) under/etc/pki/tls/to/ETC/PKI/TLS/CERTS/ROOT.CRTThis will not be reported sec_error_unknown_issuer this error when it is ac
mirror system uses the connecting IP address of the client and the# update status of each mirror To pick mirrors that is updated to and# geographically close to the client. You should use this for CentOS updates# unless is manually picking other mirrors.## If the mirrorlist= does For your, as a fall back you can try the # remarked out Baseurl= line instead.##[base]name=centos-$releasever-basemirrorl ist=http://mirrorlist.centos.org/?release= $releasever arch= $basearch repo=os#baseurl=http://
message is as follows
Using Configuration From/etc/pki/tls/openssl.cnf/etc/pki/ca/index.txt:no such file or directoryUnable to open '/etc/pki/ca/index.txt '140292081481544:error:02001002:system library:fopen:No such file or Directory:bss_file.c:398:fopen ('/etc/pki/ca/ Index.txt ', ' R ')140292081481544:error:2007400
When you use HTTPS to access a Web site, ie reminds you that the page must use a more secure Web browser to see that the resource you are accessing uses a 128-bit version of Secure Sockets Layer (SSL) security. To view this resource, you need to use an SSL browser that supports that version. Such as:This problem occurs because the server requires the use of 128 for encryption, the client's browser version is too low support, simple processing is to upgrade the client browser version, also suppor
Sometimes want to put some of the company's XX project to the HTTPS site, is to encrypt transmission in the transmission layer to prevent others to sniff the site important data information, usually we use the HTTP method is plaintext transmission is very insecure, easy to be stolen by others. And sometimes you have to set up a local HTTPS environment for testing, the following look at the specific local build HTTPS test site.First go to the certification authority to apply for a certificate for
other two files are not necessarily. C: \ Program Files \ helicon \ isapi_rewrite3 \ error. log pseudo static settings software ISAPI rewrite log file c: \ Program Files \ helicon \ isapi_rewrite3 \ rewrite. log pseudo static settings software ISAPI rewrite log file c: \ Program Files \ helicon \ isapi_rewrite3 \ httpd. the conf pseudo-static setting software ISAPI rewrite configuration file is mainly because the ISAPI rewrite 3.0 version has permission issues, and this type of problem is not f
point to the following programs:C:/Program Files/Common Files/qlwg42/Artmoney.exeC:/Program Files/Common Files/qlwg42/PMLoad42.exeDelete these links if you do not wish to keep the programs to which they point.
Partially overwritesPackedCatalogItemValues of several of the subkeys under the following registry key:HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock2/Parameters/Protocol_Catalog9/Catalog_Entries/The subkeys are named000000000001,000000000002,000000000003, And so forth.
Cr
This time in the company has a large part of the time used in the environment of the building, each software or service may need to build a number of versions, mainly build up a lot of software and services.Wireshark: Wireshark (formerly known as Ethereal) is a network packet analysis software. The function of the network packet analysis software is to retrieve the network packet and display the most detailed network packet information as far as possible. Wireshark uses WinPcap as an interface t
Symptom
After installing Symantec AntiVirus Corporate Edition 10.0 or Symantec Client Security 3.0 reboot the computer, Discovering that the Doscan.exe process consumes a large amount of CPU and memory, the Rtvscan.exe process uses approximately MB of memory at the end of the Doscan.exe process to slow down the computer.
Solving Method
This issue has been fixed in the
1. set up a CA server [root @ zzu ~] # Yuminstallopenssl * [root @ zzu ~] # Cd/etc/pki/[root @ zzupki] # vimtls/openssl. cnf45dir/etc/pki/CA88countryNameop...
1. set up a CA server [root @ zzu ~] # Yum install openssl * [root @ zzu ~] # Cd/etc/pki/[root @ zzu pki] # vim tls/openssl. cnf45 dir =/etc/
/mykey.private-pubout-out/root/mykey.public
Ca
Public authoritative CA
Private CA
How to build your own CA:
Openssl
OpenCA: The OpenSSL of two times package.
Configuration file:/etc/pki/tls/openssl.cnf
How to build a private CA:
Generate a self-signed certificate on the server that confirms that it is configured as a CA and provide the require
-$basearch-debugbaseurl=file:///yum/serverenabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/ rpm-gpg-key-redhat-release[rhel-vt]name=red Hat Enterprise Linux $releasever-$basearch-debugbaseurl=file:///yum/ Vtenabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-redhat-release[rhel-cluster]name=red Hat Enterprise Linux $releasever-$basearch-debugbaseurl=file:///yum/clusterenabled=1gpgcheck=1gpgkey=fi
encryption is non-reversible encryption, which is a non-decrypted encryption method that extracts the fingerprint of the data. The common encryption algorithm has MD5, SHA, HMAC three kinds of encryption algorithm. We usually only use them as the basis for encryption, pure three kinds of encryption is not reliable.One-way encryption such as:
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/73/DD/wKiom1YI3ZehpnMxAAB1fTgDh_Q522.jpg "title=" 3.png " alt= "Wkiom1yi3zehpnmx
that when generating makefile the correct parameters are filled in.Exit MySQL, edit/etc/my.cnfBetween [mysqld] and [mysqldump], add the following configuration information:
Ssl
Restart MySQL after saving and login to MySQL again
Mysql-uroot-p
mysql> Show variables like '%ssl% ';
+---------------+-------+
| variable_name | Value |
+---------------+-------+
| have_openssl | YES |
| Have_ssl | YES | | ssl_ca | | | ssl_capath | | |
ssl_ cipher | | | |
ss
Since the development of the Internet, various application services have been very rich, and every website is trying to gather its own user base, so we have countless "accounts" and "passwords ".
Different applications have different security requirements. Different services have different security requirements due to their importance. If one of my frequently browsed Forum accounts is lost, I will be depressed for a maximum of a few days. Just register another account, but if one of my online ba
were found.The discovery was caused by the system initiating selinux.Temporarily close SELinuxSetenforce 0Permanently closedVim/etc/selinux/configModifySelinux=enforcingChange intoSelinux=disabled(c)New index.html in WWW1 and WWW2, respectively, www1.buybybuy.com and www2.buybybuy.com# vim/web/vhosts/www1/index.html# vim/web/vhosts/www2/index.html(d)Create an Access account and follow the instructions# htpasswd-c/ETC/HTTPD/CONF.D/.HTPASSWD WebAdminModify Httpd.conf, joinAuthType BasicAuthName "
Installation version: The 32-bit desktop version downloaded from the official website
1. Add Source:
(1) Add a 163 Source:
First, enter the terminal to open and enter the Su, password, and administrator permission;
Enter gedit/etc/yum. Repos. d/163. Repo, and press Enter.
Copy the following content to the opened 163. Repo:
Fedora-mirrors.163.comName = fedora 12-i386Base url = http://mirrors.163.com/fedora/updates/12/i386/Enabled = 1Gpgcheck = 0Gpgkey = file: // etc/
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.