number, suitable for when the passwordOpenSSL rand-base | tr-dc ' [: alnum:] ' generates a 12-bit random password and leaves only numbers and lettersgenerate key Pair childGenerate private key(umask 066;openssl genrsa-out private.key 1024)private key Encryption(umask 066;openssl genrsa-out private.key-des 1024) generate public key (OpenSSL rsa-in private.key-pubout-out Public.key) decrypts the encrypted keyextracting the public key from the private keyOpenSSL rsa-in privatekeyfile-pubout-out pu
. The server trusts the CA, so the client has the CA's certificate so that the client can access the service side.Next, we will implement the authentication of the private CA certificate.Preparation : Two hosts, Centos7 do CA certificate, centos6 do Web serverStep : First, the production of CA certificate (CENTOS7)1. Check if the OpenSSL software is installed# Rpm-qa OpenSSL2. Generate self-signed certificate"Complete in/etc/pki/ca directory"(1) Creat
Digital certificates provide electronic authentication for the secure communication between the two parties. In the Internet, corporate intranet or extranet, the use of digital certificates for identification and electronic information encryption. The digital certificate contains the identification information of the owner of the key pair (public key and private key) to authenticate the identity of the certificate holder by verifying the authenticity of the identified information.Certificate app
HTTPS implementation: HTTPD uses the HTTPS protocol to secure encryption through certificates, allowing the resources to be encrypted for transmission//ssl sessions are built on IP addresses, so a server with a single IP address can create only one HTTPS-based virtual host Create a private Ca:openssl 1. Create a private key for the CA: ~]# (umask 077;openssl GENRSA-OUT/ETC/PKI/CA/PRIVATE/CAKEY.P EM 2048) 2. Generate the CA's self-visa book: ~]#
First, enter the terminal to open and enter the Su, password, and administrator permission;
Enter gedit/etc/yum. Repos. d/163. Repo, and press Enter.
Copy the following content to the opened 163. Repo:
Fedora-mirrors.163.comName = fedora 12-i386Base url = http://mirrors.163.com/fedora/updates/12/i386/Enabled = 1Gpgcheck = 0Gpgkey = file: // etc/pki/rpm-GPG-key-fedora file: // etc/pki/rpm-GPG/RPM-GPG-KEYE
encryption features:
Fixed-length output: No matter how big the raw data is, the results are of the same size.
Avalanche effect: small changes in input will cause huge changes in results
One-way encryption algorithms: MD5 (128 bits), sha1, sha256, sha384, and sha512
Iii. encryption process and principles
Iv. self-built private CA process
A
① Generate a key
[[Email protected] ~] # (Umask 077; OpenSSL genrsa-out/etc/pki/CA/private/cakey. pem2048)Gene
Public Key InfrastructurePKI: Public-Key Infrastructure)Public Key Infrastructure (PKI) is a system that provides Public Key creation and management based on the concept of Public Key encryption Public Key Cryptography. It supports efficient data encryption and Key exchange processes.The PKI system is developed by the Internet standards group and NIST. In the PKI
symmetric encrypted key. This method not only guarantees the security of the encryption, but also guarantees the speed of the encryption, and also knows who sent the data. FiveKey authentication for asymmetric encryptionAsymmetric Encryption has a focus, if we want to communicate with a host B , we must have his public key to send private messages, if a website directly out of a public key that is the public key of host a , how do we prove that the public key is b 's public key. The internet on
163 source configuration file for CentOS7 (7.1.1503)
The 163 source of centos 7 was not found for a long time on the Internet, most of which only had 6 configurations. Write a code that can be used in 7. Pay attention to the next version. Replace it with your own version.
[base]name=CentOS-$releasever - Base - 163.com#mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=osbaseurl=http://mirrors.163.com/centos/7.1.1503/updates/x86_64gpgcheck=0gpgkey=file:///etc/
163 source configuration file of CentOS 7 (7.1.1503), centos7.1.1503
The 163 source of centos 7 was not found for a long time on the Internet, most of which only had 6 configurations. Write a code that can be used in 7. Pay attention to the next version. Replace it with your own version.
[base]name=CentOS-$releasever - Base - 163.com#mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=osbaseurl=http://mirrors.163.com/centos/7.1.1503/updates/x86_64gpgcheck=0gpgkey=file
rhel5.4 machines and use rpm for installation.
# rpm -ivh *.rpm# service salt-minion status|restart|stop
Appendix 1: epel. repo
[root@el5-test salt]# cat /etc/yum.repos.d/epel.repo [epel]name=Extra Packages for Enterprise Linux 5 - $basearchmirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5arch=$basearchfailovermethod=priorityenabled=1gpgcheck=0#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL[epel-debuginfo]name=Extra Packages for
, the password and description file are not in the same directory.
New password:
Re-
type
new password:
Adding password
for
user admin
# cat .htpasswd
admin:OEWyxf6WFthog
# ll -a
drwxr-xr-x. 3 root root 4096 May 14 14:21 .
drwxr-xr-x. 6 root root 4096 Mar 30 15:01 ..
-rw-r--r--. 1 root root 20 May 14 14:21 .htpasswd
drwxr-xr-x. 5 root root 4096 May 14 14:20 wordpress
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Client browser access http://www.yinuo.com/wo
1. Install the ssl module
# Yum-y install mod_ssl
2. Tell apache which website is to Use https, that is, to build a website. It can also be the same as what was previously set up in http.
# Vi/etc/httpd/conf. d/ssl. conf
DocumentRoot/var/www/test/html
Servername www.bkjia.com
3. Create a certificate file
# Cd/etc/pki/tls/certs
[Root@www.bkjia.com] # make server. key ### generate a key file
[Root@www.bkjia.com] # openssl rsa-in server. key-out server.
the use of this for CentOS updates# Unless you is manually picking other mirrors.## If The mirrorlist= does not work for you, as a fall back to you can try the# remarked out Baseurl= line instead.##[Base]name=centos-$releasever-base-163.commirrorlist=http://mirrorlist.centos.org/?release= $releasever arch= $basearch repo=osbaseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/Gpgcheck=1Gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-5#rele
into the system, otherwise there will be a warning messageRPM-IVH yum-metadata-parser-1.1.2-4.el5.x86_64.rpm rpm--import RPM-GPG-KEY-CENTOS-5RPM–IVH yum-3.2.22-40.el5.centos.noarch.rpm yum-fastestmirror-1.1.16-21.el5.centos.noarch.rmSo we can use Yum online.Iv. Modifying the Yum sourceTo use Yum to install the software online faster, we can use the domestic netease yum source or other domestic yum sourceV. Change the Yum source #我们使用网易的CentOS镜像源Cd/etc/yum.repos.d/virhel-debuginfo.repo#centos-ba
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.