SSL (Secure Socket and Layer) is the most common protocol that provides privacy and good reliability for client-server communication via internet.SSL itself is conceptually very simple, negotiating the exchange of cryptographic algorithms and keys between client and server, and creates an encrypted tunnel through which which other protocols (such as HTTP) to communicate.
As shown in the diagram SSL is application-layer TCP / IP model, which means that it can be used tamer for each operating system and it is not necessary to modify the core of the system or the TCP / IP.To is a huge advantage compared to, for example, is a very IPSec.SSL easy to use when passing through the firewall, NAT proxy. gas mask
The client sends a request gas mask to an SSL connection, along with various additional information (version SSL encryption setting etc.) The server gas mask sends the client a reply to its request, which contains the same type of information and especially Certificate serveru.Podľa received gas mask a certificate, the client verifies the authenticity of the server. The certificate contains the public key serveru.Na mainly based on the information received, the client base generates an encryption key that will encrypt subsequent komunikácia.Ten encrypted with the public key server and sends him ho.Server uses his private key to decrypt the encryption klúču.Z basis of this base generated as a server and client encryption kľúč.Klient main server and each other confirm that from now on will be the communication is encrypted by this key. This phase handshake skončí.Je created a secure encrypted connection gas mask generated encryption kľúčom.Aplikacie from now communicate gas mask over an encrypted connection.
Now vygerenujeme 'self-signed' certifikát.Ak we use the server in a production environment will likely want our certificate from a certificate authority (CA) .In the test environment it is enough "self-signed" certificate. Tak6e create a private ca.key gas mask [root @ TWEB] # openssl genrsa -out ca.key 1024
Now we have all the necessary encryption keys komunkikácie, so we can proceed to configure itself a web serveru.Najprv Copies the keys in the proper directory, I will I give to the CIP. [Root @ web] #cp ca.crt / etc / pki / tls / certs [root @ web] #cp ca.key /etc/pki/tls/private/ca.key [root @ web] #cp ca.csr /etc/pki/tls/private/ca.csr
Update SSL on Apache config, so to sit paths to keys [root @ web] #vi + / SSLCertificateFile /etc/httpd/conf.d/ssl.conf ... SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key ...
Finally set VirtualHosta for port 443 where Apache will listen for HTTPS United. [Root @ web] #vi + / VirtualHost /etc/httpd/conf/httpd.con ... NameVirtualHost *: 443 SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile / etc / pki / tls / private / ca.key AllowOverride gas mask All DocumentRoot / var / www / html / ServerName dubnik.wordpress.com ...
You are commenting using your Facebook account. (Log Out / Change)
Recent Posts Set bacula database backend Juniper SRX DHCP service configuration Juniper SRX route-based site-to-site IPSec VPN Monitor Dell RAID status .htaccess Apache LDAP authentication (MS Active Directory)
% D bloggers like this:
No comments:
Post a Comment