HighWayToHell - Tag - ssl
花园里, 篱笆下
2023-08-13T10:38:15+08:00
Druggo
urn:md5:79dfcacdbfd6434dfc57423d51240051
Dotclear
苹果系统升级后证书不信任问题
urn:md5:0d06134aadcd62b0f7e85c74b49c6287
2019-10-18T20:59:00+08:00
2019-10-18T21:01:20+08:00
Druggo
计算机
10.15httpsmacosssl
<p>同事升级苹果系统到最新的10.15导致内部系统证书提示无效,换火狐浏览器就没问题(还是火狐好!)。</p>
<p>查了半天,发现是苹果新系统对证书有效性校验的更严格了:<a href="https://support.apple.com/zh-cn/HT210176" hreflang="zh" title=" iOS 13 和 macOS 10.15 中的可信证书应满足的要求"> iOS 13 和 macOS 10.15 中的可信证书应满足的要求</a></p>
<p>看到最后,就是新规定要求2019年7月1号以后签发的证书有效期不能超过825天(两年多一点),我们内部证书都好几年的,刚好签发日期在时间点之后,那么干脆重新签发证书,把签发时间提到6月份就好了。</p>
<p>PS, 这是苹果唯一值得称道的点,安全性。</p>
http://blog.druggo.org/post/2019/10/18/%E8%8B%B9%E6%9E%9C%E7%B3%BB%E7%BB%9F%E5%8D%87%E7%BA%A7%E5%90%8E%E8%AF%81%E4%B9%A6%E4%B8%8D%E4%BF%A1%E4%BB%BB%E9%97%AE%E9%A2%98#comment-form
http://blog.druggo.org/feed/atom/comments/269
https with lighttpd & nginx
urn:md5:155795a38c0a0a5401fbf713ba91d374
2013-06-11T01:01:00+08:00
2013-06-11T01:28:38+08:00
Druggo
计算机
httpslighttpdlinuxnginxspdyssl
<p><strong>lighttpd:
</strong></p>
<pre>$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ca/server.pem"
ssl.ca-file = "/etc/lighttpd/ca/ca.crt"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
ssl.honor-cipher-order = "enable"
ssl.disable-client-renegotiation = "enable"
}
</pre>
<p><strong>nginx:
</strong></p>
<pre>server {
listen 443 ssl spdy default_server;
server_name druggo.org;
ssl on;
ssl_certificate /etc/nginx/ca/server.pem;
ssl_certificate_key /etc/nginx/ca/server.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}
</pre>
<p><strong>test your site with <a href="https://www.ssllabs.com/ssltest/index.html" hreflang="en" title="SSL Server Test">ssllab</a></strong></p>
http://blog.druggo.org/post/2013/06/11/https-with-lighttpd-nginx#comment-form
http://blog.druggo.org/feed/atom/comments/244