ssl

Programmatically update certificates in tomcat 8 without server restart

扶醉桌前 提交于 2021-02-20 18:50:10
问题 In order to update the certificate that I use for SSL for my server I have a code that does the import\export and validation that I need. It works well, but In order for the changes to take effect I have to restart the tomcat. I wish to avoid the restart, and update it without using external tools (keytool for example). I looked up for some similar questions, and found a solution - restarting the 443 connector. I'm able to do so, and the connector is stopping and starting, but the certificate

Set and verify SSL/TLS version used in Python MySQL connection

雨燕双飞 提交于 2021-02-20 18:49:06
问题 How can I tell the Python MySQL connector which SSL/TLS protocol to use? Either specific (e.g. TLS1.2) or minimum. How can I check which protocol is used on an established connection? I've got an app that uses mysql-connector-python (8.0.18). I connect something like this: cnx = mysql.connector.connect(user='x', password='y', host='localhost', database='xyz') Usually this gives me no trouble, but recently on a web hosting providers server it stopped working. The error I'm now getting is along

Set and verify SSL/TLS version used in Python MySQL connection

余生颓废 提交于 2021-02-20 18:48:03
问题 How can I tell the Python MySQL connector which SSL/TLS protocol to use? Either specific (e.g. TLS1.2) or minimum. How can I check which protocol is used on an established connection? I've got an app that uses mysql-connector-python (8.0.18). I connect something like this: cnx = mysql.connector.connect(user='x', password='y', host='localhost', database='xyz') Usually this gives me no trouble, but recently on a web hosting providers server it stopped working. The error I'm now getting is along

An example of a domain that uses AAACertificateServices cert

依然范特西╮ 提交于 2021-02-20 13:30:48
问题 The bounty expires in 18 hours . Answers to this question are eligible for a +500 reputation bounty. lf215 wants to draw more attention to this question. How can I find a domain whose root certificate is AAACertificateServices? Note this is a Comodo certificate. To prepare for a dependent server whose certificate will change soon, it looks my clients do have this certificate. However, I'd like to verify that my clients will work now by sending a request to a domain that is already using

Detecting TLS Version used for HttpClient POST or GET calls

我们两清 提交于 2021-02-20 09:44:08
问题 I am trying to retrieve the TLS Version information. The code I have below makes a successful HTTP GET call using HttpClient. What am I missing? Where do I get the TLS Version information from HttpClient? I am kind of doing the same thing as was suggested in Which TLS version was negotiated? but that is specific to WebRequest which is not the same as HttpClient. static async Task MainAsync() { Uri baseURI = new Uri("https://jsonplaceholder.typicode.com/posts/1"); string apiPath = ""; using

tomcat SSL

随声附和 提交于 2021-02-20 08:24:30
在网络上 , 信息在传递过程中会经过其他计算机 . 一般情况下它不会监听信息内容 . 但在网上使用网上银行或等交易的时候可能被监视 , 从而导致信息泄露 . 这时候就要应用 SSL; SSL 是一种保证在网络上的两个节点之间进行安全通信的机制 . 它可以用来建立安全的连接 . 网络通信协议如 HTTP,IMAP 都可以采用 SSL. 采用了 SSL 的 HTTP 协议叫 :HTTPS.HTTP 默认端口是 80;HTTPS 端口是 443. 网上购物时 , 安全隐患主要有两种 : 1. 客户的银行卡等信息被别人截获 . 2. 客户访问的是非法站点 , 专门从事诈骗活动 . SSL 使用加密技术实现会话对方信息的安全传递 , 可以实现信息传递的保密性和完整性 , 并且会话双方能够鉴别对方的身份 . 加密通信 Web 之间的通信可以被监视 ,SSL 使用加密对双方的信息进行加密 . 所以就算被截获了 , 它没有密钥也无法解密 . 多数浏览器支持 40 位或 128 位的加密或两者都支持 , 而服务器只有在安装了安全证书后才可以加密通信 . 安全证书 除了对信息加密 .SSL 还采用身份认证机制 . 确保通信双方都可以验证双方的真实身份 . 它和现实中的身份证类似 . 身份证由国家权威机构颁布发 , 且不允许伪造 . SSL 通过安全证书来证明 WEB 客户或 WEB 服务器的身份 .

Tomcat 启用 HTTPS/SSL

一曲冷凌霜 提交于 2021-02-20 08:04:35
生成 key # $JAVA_HOME/bin/keytool \ -genkeypair \ -keyalg RSA \ -keysize 2048 \ -keystore tomcat.jks \ -alias tomcat \ -storepass yourpass \ -keypass yourpass \ -dname "CN=YourName, OU=YourOrg, O=Your Company, L=YourCity, S=YourState, C=CN" 特别说明 :上边输入的“-storepass”和“-keypass“ 2个密码一定要相同,否则TOMCAT起不来。 参考: http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html http://www-01.ibm.com/software/webservers/hostondemand/library/v8infocenter/ssh-pk03.html 然后将生成的 tomcat.jks 文件 copy 到 $CATALINA_BASE/conf 目录 编辑 $CATALINA_BASE/conf/server.xml 打开下面的配置 <Connector port="8443" protocol="HTTP/1.1"

Setting up SSL security in spring boot 2.0.3

纵饮孤独 提交于 2021-02-19 07:39:29
问题 In earlier spring boot, the configuration for setting up SSL security had to be done on application.properties by mentioning server.port=8443 security.require-ssl=true server.ssl.key-store=classpath:shq.jks server.ssl.key-store-password=****** server.ssl.key-password=****** Would the same work on spring boot 2.0.3 If not what has to be changed. 回答1: The answer for your question is YES. It is same for Spring boot 2.0.x versions also. you can refer below to cross verify the same. Enable HTTPS

Hyperledger Fabric Java SDK Use GRPCS for peer and orderer connections

て烟熏妆下的殇ゞ 提交于 2021-02-19 07:00:35
问题 I have a Spring Boot project using the fabric-java-sdk pointing to the BYFN network that I've stood up locally. The BYFN network does not have a CA container. I am trying to connect to the peer and orderer with grpcs since tls is enabled on my local BYFN network. Grpc fails. However, it appears that it doesn't like the CN or some other field in the cert presented by the peer during the initial TLS handshake. I think it doesn't like that I am pointing to localhost for the grpcs url, but the CN

Checking a X509 Certificate Revocation

放肆的年华 提交于 2021-02-19 06:41:36
问题 Is it possible to check any X509 Certificate if it is revoked or not? Actually, I made a Java application that just gets a regular https link and outputs the X509 certificate. I want to add a service in my application that check if this certificate has been revoked or not? Is there a tutorial or a simple code to start with that can guide me to do that. Thank you in advance 回答1: Yes, of course the revocation status can be checked. If you want to do this "by hand", you need to extract the