go - TLS Authentication: What does each cert need to contain? -

-

I'm writing a define.

It works like this:

  • Post (update)
  • Put (create)
  • Delete (Delete)

  • Methods

    Example:

    put http: // server1 / key (body = value)

    Get the http: // server1 / key

    value in the body of the reaction

    < P> Now when a put, post is deleted, it duplicates the request and sends it to them, so that each node has the same data and the node is checked, in case of one of the nodes Is unavailable. This header adds, so nodes know that they should not duplicate a request and send it to other nodes.

    OK, it works so far, but now I just need to be able to transmit nodes and A WebUI to those nodes and here's the place where TLS comes in play.

    As far as I understand I need a root CA, so I can sign the server and client certificate. And I want to get a valid certificate, not "self-signed", because I use Go and Crypto / TLS and should check the certificate.

    My question is:

    Which extensions or fields require each certificate? I would not want to reproduce the server and client notifications when a new node is added to the config server pool.

    I will connect to the IP address, hostname / DNSName (to leave hostname lookups) and potentially conceal third party by specifying an IP for your own DNS, such as s1.myserver. Com My IP is 1.2.3.4 and random friend creates a DNS entry with random.dude.com 1.2.3.4, because I am getting a list of all the nodes, by an NS lookup of clustercfg.mydomain.com) < / P>

    On every new node I became a server search (It is true that this is true).

    On each new node, I will need to create a client certificate (so I can certify that this customer node is valid and Access to this server node is allowed)

    The question is: 

      X509v3 extension: X509v3 key usage: important digital signature, key encipherment, certificate sign X50 9 v3 extended key Usage: TLS Web Server Authentication X509v3 Basic Barriers: Important CA: TRUE X509v3 Subject Alternative Name: DNS: server1.myserver.com, IP Address: 2 A02 :: 0: 0: 0: 0: 0: 0: 2, IP Address: 1.2.3.4 < / Code>

    What is the need for a root CAA, a server certificate, a client certificate, so I'm able to "TLS authentication"?

    • You can use a common server certificate such as web services for servers . Check it properly when you are connected.

    For client certificates, how does the client show how to generate and use the certificate?

    I used this code for this code, the arrangement of customers contacting the server.

    Because you do not have to connect to the IP address, the client will check the server's certificate that matches the hostname which is a very good check.

    Hope that helps!


    Comments

    Post a Comment

    Popular posts from this blog

    winforms - C# Form - Property Change -

    -
    I have a form that has a property named car A class with many properties. The Properties is being displayed on the current car on the basis of some user actions that are being displayed. So I have to know whether the property has been allocated or set to zero. I'm aware of INotifyPropertyChanged , but in my case I'm not sure that since this change I have changed my car properties car do not want to monitor the property. Any idea how to accomplish this? In advance thank you If you have created a true asset in your class then You should be a great and setter, you can add the code directly to the form property in order to take action on the basis of "form": Public partial category Form 1: form {public form 1 () {InitializeComponent (); } // define car square public class car {public string name = string. Empty; } // private car to keep the value of the current car private variable _car = null; // Property of public form which you can ru...
    Read more

    javascript - amcharts makechart not working -

    -
    I am trying to create an amiratars serial chart on my Durandal single page application. This chart was working fine on Chrome browser but it is not working on IE. Can you please help me in this regard. Error while using Amcharts. The Macchart () method does not support the object in this object in IE.
    Read more

    java - Algorithm negotiation fail SSH in Jenkins -

    -
    I am trying to do SSH on the local server from Jenkins, but the following error has been thrown: [SSH] Exception: Algorithm negotiation fail com.jcraft.jsch.JSchException: algorithm talk com.jcraft.jsch.Session.receive_kexinit (Session.javaatar20) at com.jcraft.jsch.Session.connect (Sesson at com.jcraft.jsch.Session.connect (Session.java:150) at org.jvnet.hudson.plugins.SSHSite.createSession (SSHSite.java:141) on failed failed org.jvnet.hudson.plugins. java: 286) .SSHS on org.jvnet.hudson.plugins.SSHBuildWrapper.executePreBuildScript (SSHBuildWrapper.java:75) on Org.jvnet.hudson.plugins.SSHBuildWrapper.setUp (SSHBuildWrapper.java59) ite.executeCommand (SSHSite.java151) on hudson.model.Build $ BuildExecution.doRun hudson.model.AbstractBuild $ AbstractBuildExecution.run (AbstractBuild.java:533) to (Build.java:154) hudson.model.Run.execute ( Run.java:1754) in ended .model.FreeStyleBuild.run (FreeStyl hudson.model.ResourceController.execute (ResourceController.java:89) on hudson.mod...
    Read more