[英]how to apply ssl certificates to aol server in tcl script?
using https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,33 I generated "server.csr" to further create public certificate. 使用https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,33我生成了“ server.csr”以进一步创建公共证书。 then i got two encrypted keys.
然后我得到了两个加密密钥。 I tried to make changes in the config.tcl accordingly but still the project-open application is pointing to local certificates.
我尝试相应地在config.tcl中进行更改,但仍在打开项目的应用程序仍指向本地证书。 particial code of config.tcl in which i made changes as follows:
我在其中进行了如下更改的config.tcl的特殊代码:
ns_section ns/server/${server}/module/nsopenssl/sslcontexts
ns_param users "SSL context used for regular user access"
ns_section ns/server/${server}/module/nsopenssl/defaults
ns_param server users
ns_section ns/server/${server}/module/nsopenssl/sslcontext/users
ns_param Role server
ns_param ModuleDir ${serverroot}/etc/certs/
ns_param CertFile newcert.pem
ns_param KeyFile keyfile.pem
ns_param CADir ca
ns_param CAFile shipo_cert.txt
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
shipo_cert.txt is the certificate provided along with one more certificate shipo_interm.txt. shipo_cert.txt是与另一个证书shipo_interm.txt一起提供的证书。
I searched and tried my best but couldn't do it. 我搜索并尽了最大努力,但未能做到。 please help me out in this.
请帮助我。
PS the project-open instance is already working with self signed certificate using openssl. PS项目开放实例已使用openssl使用自签名证书。 but my organization wants it to run with the certificates they are providing
但是我的组织希望它与他们提供的证书一起运行
DF > Have you packed your private key and the signed public key,
DF > together with the CA keychain, into a .p12 file yet?
Victor > how to do that? please guide me through
This has been answered previously at Adding an intermediate certificates to a pkcs12 file in JBoss . 前面在将中间证书添加到JBoss中的pkcs12文件中已对此问题进行了解答。
Assuming you have a certificate and private key for example.com: 假设您具有example.com的证书和私钥:
openssl pkcs12 -export -in www-example-com.crt -inkey www.example.key -out www-example-com.p12
Be sure your certificate ( www-example-com.crt
above) has all the intermediate certificates required to build a valid chain; 确保您的证书(上述
www-example-com.crt
)具有构建有效链所需的所有中间证书; and not just the server's certificate. 而不仅仅是服务器的证书。 That means
www-example-com.crt
will have multiple PEM entries. 这意味着
www-example-com.crt
将具有多个PEM条目。
Test it with the following. 用以下方法进行测试。
ca.pem
is your CA's root certificate. ca.pem
是您的CA的根证书。
echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect example.com:443 -CAfile ca.pem
You should finish with Verify return code: 0 (ok)
. 您应该完成
Verify return code: 0 (ok)
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.