tunein
sky.fm
browser import cert
ssl in archlinux
ssl in tomcat
openssl test https
openssl s_client -showcerts -connect 10.13.139.102:443 -state -debug
openssl s_client -connect 10.13.139.102:465
OpenSSL Command-Line HOWTO
http://www.madboa.com/geek/openssl/(中文版http://www.linuxfly.org/post/185/1/4/)
Tomcat
keytool -genkey -alias developerstation -keyalg RSA -keystore developerstation.keystore -keysize 2048
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Software\Tomcat\conf\developerstation.keystore" keystorePass="password"/>
tomcat7中配置ssl的详细步骤(双向认证)http://developerstation.sinaapp.com/2012/03/27/tomcat7%E4%B8%AD%E9%85%8D%E7%BD%AEssl%E7%9A%84%E8%AF%A6%E7%BB%86%E6%AD%A5%E9%AA%A4%E5%8F%8C%E5%90%91%E8%AE%A4%E8%AF%81/
tomcat7中配置ssl的详细步骤(单向认证)http://developerstation.sinaapp.com/2012/03/22/tomcat7%E4%B8%AD%E9%85%8D%E7%BD%AEssl%E7%9A%84%E8%AF%A6%E7%BB%86%E6%AD%A5%E9%AA%A4/
IHS
例子
Listen 10.13.139.102:443
<VirtualHost 10.13.139.102:443>
SSLEnable
SSLClientAuth none
Keyfile C:\temp\ssl\key.kdb
SSLV2Timeout 100
SSLV3Timeout 1000
</VirtualHost>
SSLDisable
Reference:
Guide to properly setting up SSL within the IBM HTTP Server http://www-01.ibm.com/support/docview.wss?uid=swg21179559
在IHS上配置SSL http://www.blogjava.net/fastzch/archive/2007/08/03/134292.html
Configuring the IBM HTTP Server for SSL http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/index.jsp?topic=/com.ibm.lc_2.0_IC/t_configure_ihs.html
SSL Directives http://www-01.ibm.com/software/webservers/httpservers/doc/v1319/9acdssl.htm#sslen
Debugging SSL communications http://prefetch.net/articles/debuggingssl.html
IKEYMAN生成证书
例子
"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -keydb -create -db xx.kdb -pw password -type cms -expire 60 -stash
"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -create -db xx.kdb -pw password -size 1024 -dn "CN=weblinux.raleigh.ibm.com,O=IBM,OU=IBM HTTP Server,L=RTP,ST=NC,C=US" -label mylabel -default_cert yes
"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -list -db xx.kdb -pw password
"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -details -db xx.kdb -pw password -label mylabel
"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -extract -db xx.kdb -pw password -label mylabel -format ascii -target forest-certficate
"C:\Program Files\IBM\gsk5\bin\gsk5cmd.exe" -cert -export -db xx.kdb -pw password -label mylabel -target forest.p12 -target_pw password -target_type pkcs12 -encryption strong
Using iKeyman to create a key database file http://www-01.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21006430
Using the Key Management Utility http://www-01.ibm.com/software/webservers/httpservers/doc/v2047/manual/ibm/en_US/9atikeyu.htm
httpservers doc http://www-01.ibm.com/software/webservers/httpservers/doc/v1312/ibm/2tabcontents.htm