https的一些配置

为什么80%的码农都做不了架构师？>>>   

tunein 

sky.fm

browser import cert

ssl in archlinux

ssl in tomcat

 

openssl test https

openssl s_client -showcerts -connect 10.13.139.102:443 -state -debug

openssl s_client -connect 10.13.139.102:465

 

OpenSSL Command-Line HOWTO

http://www.madboa.com/geek/openssl/(中文版http://www.linuxfly.org/post/185/1/4/)

 

Tomcat

keytool -genkey -alias developerstation -keyalg RSA -keystore developerstation.keystore -keysize 2048

 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Software\Tomcat\conf\developerstation.keystore" keystorePass="password"/>

tomcat7中配置ssl的详细步骤(双向认证)http://developerstation.sinaapp.com/2012/03/27/tomcat7%E4%B8%AD%E9%85%8D%E7%BD%AEssl%E7%9A%84%E8%AF%A6%E7%BB%86%E6%AD%A5%E9%AA%A4%E5%8F%8C%E5%90%91%E8%AE%A4%E8%AF%81/

 

tomcat7中配置ssl的详细步骤(单向认证)http://developerstation.sinaapp.com/2012/03/22/tomcat7%E4%B8%AD%E9%85%8D%E7%BD%AEssl%E7%9A%84%E8%AF%A6%E7%BB%86%E6%AD%A5%E9%AA%A4/

 

IHS

例子

Listen 10.13.139.102:443

<VirtualHost 10.13.139.102:443>

   SSLEnable 

   SSLClientAuth none

   Keyfile C:\temp\ssl\key.kdb

   SSLV2Timeout 100

   SSLV3Timeout 1000

</VirtualHost>

SSLDisable

 

Reference:

Guide to properly setting up SSL within the IBM HTTP Server http://www-01.ibm.com/support/docview.wss?uid=swg21179559

在IHS上配置SSL http://www.blogjava.net/fastzch/archive/2007/08/03/134292.html

Configuring the IBM HTTP Server for SSL http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/index.jsp?topic=/com.ibm.lc_2.0_IC/t_configure_ihs.html

SSL Directives http://www-01.ibm.com/software/webservers/httpservers/doc/v1319/9acdssl.htm#sslen

Debugging SSL communications http://prefetch.net/articles/debuggingssl.html

 

IKEYMAN生成证书

例子

"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -keydb -create -db xx.kdb -pw password -type cms -expire 60 -stash 

"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -create -db xx.kdb -pw password -size 1024 -dn "CN=weblinux.raleigh.ibm.com,O=IBM,OU=IBM HTTP Server,L=RTP,ST=NC,C=US" -label mylabel -default_cert yes

"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -list -db xx.kdb -pw password

"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -details -db xx.kdb -pw password -label mylabel

"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -extract -db xx.kdb -pw password -label mylabel -format ascii -target forest-certficate

"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -export -db xx.kdb -pw password -label mylabel -target forest.p12 -target_pw password -target_type pkcs12 -encryption strong

 

Using iKeyman to create a key database file http://www-01.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21006430

Using the Key Management Utility  http://www-01.ibm.com/software/webservers/httpservers/doc/v2047/manual/ibm/en_US/9atikeyu.htm

httpservers doc http://www-01.ibm.com/software/webservers/httpservers/doc/v1312/ibm/2tabcontents.htm

ikeycmd参考 http://publib.boulder.ibm.com/infocenter/pcomhelp/v5r9/index.jsp?topic=/com.ibm.pcomm.doc/books/html/admin_guide13.htm

转载于:https://my.oschina.net/l1z2g9/blog/59134