verisign pki

number, suitable for when the passwordOpenSSL rand-base | tr-dc ' [: alnum:] ' generates a 12-bit random password and leaves only numbers and lettersgenerate key Pair childGenerate private key(umask 066;openssl genrsa-out private.key 1024)private key Encryption(umask 066;openssl genrsa-out private.key-des 1024) generate public key (OpenSSL rsa-in private.key-pubout-out Public.key) decrypts the encrypted keyextracting the public key from the private keyOpenSSL rsa-in privatekeyfile-pubout-out pu

. The server trusts the CA, so the client has the CA's certificate so that the client can access the service side.Next, we will implement the authentication of the private CA certificate.Preparation : Two hosts, Centos7 do CA certificate, centos6 do Web serverStep : First, the production of CA certificate (CENTOS7)1. Check if the OpenSSL software is installed# Rpm-qa OpenSSL2. Generate self-signed certificate"Complete in/etc/pki/ca directory"(1) Creat

Digital certificates provide electronic authentication for the secure communication between the two parties. In the Internet, corporate intranet or extranet, the use of digital certificates for identification and electronic information encryption. The digital certificate contains the identification information of the owner of the key pair (public key and private key) to authenticate the identity of the certificate holder by verifying the authenticity of the identified information.Certificate app

HTTPS implementation: HTTPD uses the HTTPS protocol to secure encryption through certificates, allowing the resources to be encrypted for transmission//ssl sessions are built on IP addresses, so a server with a single IP address can create only one HTTPS-based virtual host Create a private Ca:openssl 1. Create a private key for the CA: ~]# (umask 077;openssl GENRSA-OUT/ETC/PKI/CA/PRIVATE/CAKEY.P EM 2048) 2. Generate the CA's self-visa book: ~]#

First, enter the terminal to open and enter the Su, password, and administrator permission; Enter gedit/etc/yum. Repos. d/163. Repo, and press Enter. Copy the following content to the opened 163. Repo: Fedora-mirrors.163.comName = fedora 12-i386Base url = http://mirrors.163.com/fedora/updates/12/i386/Enabled = 1Gpgcheck = 0Gpgkey = file: // etc/pki/rpm-GPG-key-fedora file: // etc/pki/rpm-GPG/RPM-GPG-KEYE

encryption features: Fixed-length output: No matter how big the raw data is, the results are of the same size. Avalanche effect: small changes in input will cause huge changes in results One-way encryption algorithms: MD5 (128 bits), sha1, sha256, sha384, and sha512 Iii. encryption process and principles Iv. self-built private CA process A ① Generate a key [[Email protected] ~] # (Umask 077; OpenSSL genrsa-out/etc/pki/CA/private/cakey. pem2048)Gene

Go to the/etc/yum. Repos. D folder, create a new SJTU. Repo file, copy the following content, and update yum Fedora-ftp.sjtu.edu.cnName = fedora 15-i386Base url = http://ftp.sjtu.edu.cn/fedora/linux/releases/15/Fedora/i386/ OS/Enabled = 1Gpgcheck = 0Gpgkey = file: // etc/pki/rpm-GPG-key-fedora file: // etc/pki/rpm-GPG/RPM-GPG-KEYEverything-ftp.sjtu.edu.cnName = everything 15-i386Base url = http://ftp.sjtu.e

Public Key InfrastructurePKI: Public-Key Infrastructure)Public Key Infrastructure (PKI) is a system that provides Public Key creation and management based on the concept of Public Key encryption Public Key Cryptography. It supports efficient data encryption and Key exchange processes.The PKI system is developed by the Internet standards group and NIST. In the PKI

symmetric encrypted key. This method not only guarantees the security of the encryption, but also guarantees the speed of the encryption, and also knows who sent the data. FiveKey authentication for asymmetric encryptionAsymmetric Encryption has a focus, if we want to communicate with a host B , we must have his public key to send private messages, if a website directly out of a public key that is the public key of host a , how do we prove that the public key is b 's public key. The internet on

Centos7 epel source configuration For CentOS6, edit/etc/yum. repos. d/epel. repo and enter the following content. [epel] name=ExtraPackages for EnterpriseLinux6-$basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https: //mirrors .fedoraproject.org /metalink ?repo=epel-6arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey= file : ///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo] name=ExtraPackages fo

*. rpm# Service salt-minion status | restart | stop Appendix 1: epel. repo [Root @ el5-test salt] # cat/etc/yum. repos. d/epel. repo[Epel]Name = Extra Packages for Enterprise Linux 5-$ basearchUsing list = http://mirrors.Fedoraproject.org/mirrorlist? Epel-5 arch = $ basearchFailovermethod = priorityEnabled = 1Gpgcheck = 0# Gpgkey = file: // etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL [Epel-debuginfo]Name = Extra Packages for Enterprise Linux 5-$ basearch-Debug

163 source configuration file for CentOS7 (7.1.1503) The 163 source of centos 7 was not found for a long time on the Internet, most of which only had 6 configurations. Write a code that can be used in 7. Pay attention to the next version. Replace it with your own version. [base]name=CentOS-$releasever - Base - 163.com#mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=osbaseurl=http://mirrors.163.com/centos/7.1.1503/updates/x86_64gpgcheck=0gpgkey=file:///etc/

163 source configuration file of CentOS 7 (7.1.1503), centos7.1.1503 The 163 source of centos 7 was not found for a long time on the Internet, most of which only had 6 configurations. Write a code that can be used in 7. Pay attention to the next version. Replace it with your own version. [base]name=CentOS-$releasever - Base - 163.com#mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=osbaseurl=http://mirrors.163.com/centos/7.1.1503/updates/x86_64gpgcheck=0gpgkey=file

rhel5.4 machines and use rpm for installation. # rpm -ivh *.rpm# service salt-minion status|restart|stop Appendix 1: epel. repo [root@el5-test salt]# cat /etc/yum.repos.d/epel.repo [epel]name=Extra Packages for Enterprise Linux 5 - $basearchmirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5arch=$basearchfailovermethod=priorityenabled=1gpgcheck=0#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL[epel-debuginfo]name=Extra Packages for

, the password and description file are not in the same directory. New password: Re- type new password: Adding password for user admin # cat .htpasswd admin:OEWyxf6WFthog # ll -a drwxr-xr-x. 3 root root 4096 May 14 14:21 . drwxr-xr-x. 6 root root 4096 Mar 30 15:01 .. -rw-r--r--. 1 root root 20 May 14 14:21 .htpasswd drwxr-xr-x. 5 root root 4096 May 14 14:20 wordpress # service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] Client browser access http://www.yinuo.com/wo

1. Install the ssl module # Yum-y install mod_ssl 2. Tell apache which website is to Use https, that is, to build a website. It can also be the same as what was previously set up in http. # Vi/etc/httpd/conf. d/ssl. conf DocumentRoot/var/www/test/html Servername www.bkjia.com 3. Create a certificate file # Cd/etc/pki/tls/certs [Root@www.bkjia.com] # make server. key ### generate a key file [Root@www.bkjia.com] # openssl rsa-in server. key-out server.

the use of this for CentOS updates# Unless you is manually picking other mirrors.## If The mirrorlist= does not work for you, as a fall back to you can try the# remarked out Baseurl= line instead.##[Base]name=centos-$releasever-base-163.commirrorlist=http://mirrorlist.centos.org/?release= $releasever arch= $basearch repo=osbaseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/Gpgcheck=1Gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-5#rele

OpenSSL creating a private CA----------------------------------------------------1. Generate a private key for the CA(Umask 077; OpenSSL GENRSA-OUT/ETC/PKI/CA/PRIVATE/CAKEY.PEM 2048) Generate private key2. Generate self-signed certificateOpenSSL req-new-x509-key/etc/pki/ca/private/cakey.pem-out/etc/pki/ca/cacert.pem-days 3650CNGdSZLTJSBCa.litao.com[Email protecte

into the system, otherwise there will be a warning messageRPM-IVH yum-metadata-parser-1.1.2-4.el5.x86_64.rpm rpm--import RPM-GPG-KEY-CENTOS-5RPM–IVH yum-3.2.22-40.el5.centos.noarch.rpm yum-fastestmirror-1.1.16-21.el5.centos.noarch.rmSo we can use Yum online.Iv. Modifying the Yum sourceTo use Yum to install the software online faster, we can use the domestic netease yum source or other domestic yum sourceV. Change the Yum source #我们使用网易的CentOS镜像源Cd/etc/yum.repos.d/virhel-debuginfo.repo#centos-ba

directory are modified as follows: 　 　　 #/etc/yum.repos.d/fedora-core.repo[core]name=Fedora Core $releasever - $basearch - Base#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/os/baseurl=ftp://ftp3.tsinghua.edu.cn/mirror/download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/os/#baseurl=http://mirrors.geekbone.org/fedora/core/$releasever/$basearch/os/#mirrorlist=http://fedora.redhat.com/download/mirrors/fedora-core-$releaseverenabl