Currently most of SSL handshakes would use ECDHE as key exchange algorithm. It supported PFS and also is more secure than RSA key exchange algorithm. I will show the handshake process with ECDHE-RSA-AES256-GCM-SHA384 and the version is TLS1.2. Becau »
TLS is different from SSL on technical part but the two terms are largely used interchangeable in the production. Secure Socket Layer(SSL) came first and was developed by Netscape. IETF standardized SSL and then Transport Layer Security(TLS) came al »
之前用letsencrypt为这个网站生成的证书快到期了,我是给泛域名生成的证书,所以在续签证书的时候需要DNS验证,但是续签是个自动的过程,你不知道需要把TXT记录改成什么。所以自动续签命令一直失败。看了一些教程,需要在续签的时候用有一个脚本来修改DNS记录,所以需要调用域名注册商的一些API。正好godaddy有API,下面分享一下步骤。先决条件一个在Godaddy注册的域名证书是letsencrypt生成的具体操作进入这个页面,为自己的Godaddy账号生成一对API Key,生成pro »
在用户目录下创建一个certs目录并进入,后续证书生成以这个目录为主目录。mkdir certs cd certs mkdir CA mkdir -p CA/{certs,crl,newcerts,private} touch CA/index.txt echo 01 > CA/serial echo 02 > CA/serial rm -rf keys mkdir keys OpenSSL的默认把证书生成在/etc/pki/CA,并且在签名其他证书的时候有一些策略,例如Count »
ps -A | grep aptkill -9rm /var/lib/dpkg/lockdpkg --configure -a或者rm /var/lib/apt/lists/lockrm /var/cache/apt/archives/lock»