TLS
来源:互联网 发布:ubuntu 退出vi编辑器 编辑:程序博客网 时间:2024/05/16 08:05
SSL overview
Server-Only Authentication
Client-Authenticated
The certificate is nothing more than a document containing the public key the client will use to compute key material and information about expiration, common and distinguished names, contact information, etc. A certificate can be modified until it is signed.
use a single SSL cert on multiple servers
The critical part is not the certificate per se, but the private key. The certificate, properly said, contains the public key; the power of the server lies in the corresponding private key. If two servers "share" a certificate, then this means that both servers have access to the private key.
The recommended management method for private keys is to keep them local: the server itself is supposed to generate the key pair (the private and public keys), then send the public key to the CA (as part of a "certificate request") so that the CA may create (and sign) the certificate. The private key, thus, never leaves the server's entrails, and this is good, because the private key must be keptprivate.
When two servers contain the private key, then that key must have travelled at some point. Generically speaking, such key travel is sensitive and dangerous, and shall be done only with great care. Copying the key through SSH (i.e. a scp
command) ought to be safe. Alternatively, the private key may be packed with the certificate into a PKCS#12 archive (aka "PFX file") with password-based encryption: this will give decent protection for the key while it transits between the two servers IF the password has enough entropy (so use a big, fat and very random password).
Setting Up SSL proxy for Google Cloud Load Balancing
https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/
- TLS
- TLS
- TLS
- TLS
- TLS
- TLS
- TLS
- TLS
- tls
- TLS
- TLS
- TLS原理
- TLS callback
- TLS小记
- TLS 入门
- SSL/TLS
- TLS handshake
- TLS技术资料
- mysql删除重复记录,保留最小id的理解
- 实现自己的iOS小咖秀
- 《C++》14 C++ 类数据抽象
- 《C++》15 C++ 命名空间
- ROS image transport
- TLS
- Android学习(1) -- Android简单历史
- 第5周项目1(5)三角形类雏形
- 第5周项目2(1)游戏中的角色类
- Android学习(2) -- 体系结构
- 第5周项目2(2)游戏中的角色类
- 第5周项目3(1)钟表
- 第5周项目3(2)钟表
- 第5周项目4长方柱类