堆栈内存溢出
  简体   繁体   English

如何在TCL脚本中将SSL证书应用于AOL服务器?

[英]how to apply ssl certificates to aol server in tcl script?

 原文  2014-04-16 09:41:33       ssl/ https/ openssl/ tcl/ aolserver

问题描述

using https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,33 I generated "server.csr" to further create public certificate. 使用https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,33我生成了“ server.csr”以进一步创建公共证书。 then i got two encrypted keys. 然后我得到了两个加密密钥。 I tried to make changes in the config.tcl accordingly but still the project-open application is pointing to local certificates. 我尝试相应地在config.tcl中进行更改,但仍在打开项目的应用程序仍指向本地证书。 particial code of config.tcl in which i made changes as follows: 我在其中进行了如下更改的config.tcl的特殊代码: 

ns_section ns/server/${server}/module/nsopenssl/sslcontexts
ns_param users "SSL context used for regular user access"
ns_section ns/server/${server}/module/nsopenssl/defaults
ns_param server users
ns_section ns/server/${server}/module/nsopenssl/sslcontext/users
ns_param Role server
ns_param ModuleDir ${serverroot}/etc/certs/
ns_param CertFile newcert.pem
ns_param KeyFile keyfile.pem
ns_param CADir ca
ns_param CAFile shipo_cert.txt
ns_param Protocols "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false

shipo_cert.txt is the certificate provided along with one more certificate shipo_interm.txt. shipo_cert.txt是与另一个证书shipo_interm.txt一起提供的证书。

I searched and tried my best but couldn't do it. 我搜索并尽了最大努力,但未能做到。 please help me out in this. 请帮助我。

PS the project-open instance is already working with self signed certificate using openssl. PS项目开放实例已使用openssl使用自签名证书。 but my organization wants it to run with the certificates they are providing 但是我的组织希望它与他们提供的证书一起运行

1 个解决方案

解决方案1
 2 已采纳  2014-04-17 04:53:38

DF > Have you packed your private key and the signed public key,
DF > together with the CA keychain, into a .p12 file yet? 
Victor > how to do that? please guide me through

This has been answered previously at Adding an intermediate certificates to a pkcs12 file in JBoss . 前面在将中间证书添加到JBoss中的pkcs12文件中已对此问题进行了解答。

Assuming you have a certificate and private key for example.com: 假设您具有example.com的证书和私钥: 

openssl pkcs12 -export -in www-example-com.crt -inkey www.example.key -out www-example-com.p12

Be sure your certificate ( www-example-com.crt above) has all the intermediate certificates required to build a valid chain; 确保您的证书(上述www-example-com.crt )具有构建有效链所需的所有中间证书; and not just the server's certificate. 不仅仅是服务器的证书。 That means www-example-com.crt will have multiple PEM entries. 这意味着www-example-com.crt将具有多个PEM条目。

Test it with the following. 用以下方法进行测试。 ca.pem is your CA's root certificate. ca.pem是您的CA的根证书。 

echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect example.com:443 -CAfile ca.pem

You should finish with Verify return code: 0 (ok) . 您应该完成Verify return code: 0 (ok)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 SSL 和证书如何在服务器和浏览器之间工作 - How SSL and Certificates work between server & browser 如何将不同的SSL证书应用于同一IP上的不同域? - How to apply different SSL certificates to different domains on the same IP? Tomcat服务器中的SSL证书 - SSL certificates in tomcat server 如何验证 ssl 证书? - How are ssl certificates verified? 如何将SSL服务器证书与中间和根CA证书链接在一起? - How to chain a SSL server certificate with the intermediate and root CA certificates? 如何将多个SSL证书与一台服务器(C语言)相关联? - How to associate multiple SSL certificates with one server (C language)? 在服务器上更新SSL证书时进行处理 - Handling SSL certificates as they are renewed on the server 续订IAM SSL服务器证书 - Renewing IAM SSL Server Certificates WebLogic Server-SSL-多个证书 - WebLogic Server - SSL - Multiple certificates 如何为 Java 服务器拥有多个 SSL 证书 - How can I have multiple SSL certificates for a Java server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM