当前位置:网站首页>CA certificate trampled pit
CA certificate trampled pit
2022-07-05 22:01:00 【The sea of waves】
CA certificate
What is a certificate ?
English name “pubilci key certificate”, It can be simply understood as official seal , The company's own official seal is to prove that it is true , What if someone forges ? After all, there are still many liars .
What is? CA?
English name “Certificate Authority” Abbreviation , Also called “ Certificate Authority Center ”. It can be understood as an authority , No one can forge the certificate of authority .
What is? CA certificate ?
Namely CA Certificate issued , Authoritative , Everyone agrees and believes .
How to see CA certificate ?
A pit : To configure server.xml (PFX Certificate )
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
# here , The official document is Http/1.1, The author failed in the test , Therefore, the protocol in this article is replaced
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="domain name.pfx"
# here keystoreFile Represents the path of the certificate file , Please replace... With the filename of your certificate domain name.
keystoreType="PKCS12"
keystorePass=" Certificate password " # Please replace the contents of the file with your certificate password .
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>
Pit two : HTTPS Error in self signed certificate during debugging ERR_CERT_COMMON_NAME_INVALID Solutions for
resolvent
When generating a certificate, you need to add an alternate name (subjectAltName) Extension field .
Use openssl add to subjectAltName Expand ;
Create a file ext.ini, Fill in the following :
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.dyxmq.cn
DNS.2 = *.maqian.xin
DNS.3 = *.maqian.io
DNS.4 = *.maqian.co
DNS.5 = *.maqian.cn
stay DNS.x Fill in your own domain name where you can , If more than one domain name , Can follow the law DNS.1/DNS.2/DNS.3/… To add , It also supports IP The form of address , fill IP.1 = x.x.x.x That's all right. .
Take the parameters when issuing the certificate :
openssl x509 ... -extfile ext.ini
Troubleshooting ideas for certificate installation failure
It's just two aspects
- On the one hand is server There is a problem with the configuration , Be sure to pay attention to the suffix of the certificate , Different files correspond to different configuration files
- The other is the certificate itself , You can check whether the certificate is secure through the certificate details on the browser , And check the details of the error information in the browser page .
There is something wrong , Welcome to the discussion .
Last , Welcome to pay attention to my wechat , What do you like , Collection , Forwarding is my greatest encouragement .
Reference article
HTTPS Error in self signed certificate during debugging ERR_CERT_COMMON_NAME_INVALID Solutions for
Create a self signature CA and SSL certificate
边栏推荐
- 怎么利用Tensorflow2进行猫狗分类识别
- Detailed explanation of memset() function usage
- 华为联机对战如何提升玩家匹配成功几率
- Installation of VMware Workstation
- Analysis and test of ModbusRTU communication protocol
- 装饰器学习01
- About the writing method of SQL field "this includes" and "included in" strings
- Sentinel production environment practice (I)
- 每日刷题记录 (十四)
- Codeforces 12D Ball 树形阵列模拟3排序元素
猜你喜欢
Kingbasees v8r3 cluster maintenance case -- online addition of standby database management node
Reptile practice
A number of ventilator giants' products have been recalled recently, and the ventilator market is still in incremental competition
AD637使用笔记
数博会精彩回顾 | 彰显科研实力,中创算力荣获数字化影响力企业奖
PIP install beatifulsoup4 installation failed
Getting started with microservices (resttemplate, Eureka, Nacos, feign, gateway)
database mirroring
元宇宙中的三大“派系”
Countdown to 92 days, the strategy for the provincial preparation of the Blue Bridge Cup is coming~
随机推荐
Database recovery strategy
资深电感厂家告诉你电感什么情况会有噪音电感噪音是比较常见的一种电感故障情况,如果使用的电感出现了噪音大家也不用着急,只需要准确查找分析出什么何原因,其实还是有具体的方法来解决的。作为一家拥有18年品牌
1.3 years of work experience, double non naked resignation agency face-to-face experience [already employed]
Database tuning solution
Comment développer un plug - in d'applet
Drawing HSV color wheel with MATLAB
Chap2 steps into the palace of R language
Create a virtual machine on VMware (system not installed)
Lightweight dynamic monitorable thread pool based on configuration center - dynamictp
PyGame practical project: write Snake games with 300 lines of code
Implementing Lmax disruptor queue from scratch (IV) principle analysis of multithreaded producer multiproducersequencer
数博会精彩回顾 | 彰显科研实力,中创算力荣获数字化影响力企业奖
华为游戏多媒体服务调用屏蔽指定玩家语音方法,返回错误码3010
【愚公系列】2022年7月 Go教学课程 003-IDE的安装和基本使用
Summary of El and JSTL precautions
Shell script, awk uses if, for process control
Yolov5 training custom data set (pycharm ultra detailed version)
NET中小型企业项目开发框架系列(一个)
Experienced inductance manufacturers tell you what makes the inductance noisy. Inductance noise is a common inductance fault. If the used inductance makes noise, you don't have to worry. You just need
MMAP