在基于OpenSSL的CA开发过程中,发现了许多不被OpenSSL支持的OID,在网上查了一些资料,发现下面的OID数据库不错,记录备忘!
星期五, 十二月 12, 2008
星期一, 十二月 08, 2008
星期日, 十一月 23, 2008
lighttpd-1.5.0-r1992-native.win32.zip
一直在等lighttpd for win32的发布,终于1.5.0版本中对于Win32的支持已经考虑在内了,但是官方版本是没有推出可以直接在MSVC中编译的工程,因为着急,所以自己改了一个,喜欢研究的朋友可以从这里下载一试!支持Lua!
下载 http://cid-93488dd0cf5117e9.skydrive.live.com/self.aspx/Public/lighttpd-1.5.0-r1992-native.win32.zip
星期三, 十一月 12, 2008
Windows PKI相关的一些资料
http://blogs.technet.com/pki/default.aspx
Manually publishing a CA certificate or CRL into a LDAP store
The CA is automatically publishing its own certificates and related CRLs into Active Directory if a LDAP reference is configured in the CA property “Extensions”.
If you are using a different LDAP server (such as Microsoft ADAM) to make the CA certificate and CRL available, certificates and CRLs must be published manually. The easiest way to do that is with certutil.
Perform the following command to publish the CRL manually into a LDAP-store.
certutil –addstore "LDAP://[server]/[DN]?certificateRevocationList?base?objectclass=cRLDistributionPoint" [CRL-File]
Replace [server] with the name of the LDAP server where you have write permissions.Replace [DN] with the path that you have used in the CA configuration.Replace [CRL-File] with the file name of the CRL that you want to publish.
Here is the command to publish a CA certificate manually:
certutil –addstore "LDAP://[server]/[DN]?cACertificate?base?objectClass=certificationAuthority" [cert-file]To manually publish a CA certificate or CRL into Active Directory you should still use certutil –dspublish instead of certutil –addstore.
Published Friday, April 13, 2007 10:27 AM by MS2065
Filed under: certutil, Configuration
Comments
# re: Manually publishing a CA certificate or CRL into a LDAP store
I'd like to import a CRL into Microsoft ADAM. I need to do this so the CRL can be read by a third party app that is expecting the CRL to be loaded in ADAM.
I've tried running the command listed above. e.g.
certutil –addstore "LDAP://[127.0.0.1:50000/ou=myou,dc=test,dc=net?cACertificate?base?objectClass=certificationAuthority" cert.crl
However, i get the following error:
Cannot open Cert store.
CertUtil: -addstore command FAILED: 0x80070005 (WIN32: 5)
CertUtil: Access is denied.
I'm logged on as the administrator and have full privs to ADAM. I'm guessing the error is caused by the fact certutil can't create an object of class cRLDistributionPoint (as it's not in the schema).
My question is, how do i setup ADAM so it can accept a CRL using the command you've shown.
Appreciate your help.
Monday, May 19, 2008 3:28 AM by hinchley
# re: Manually publishing a CA certificate or CRL into a LDAP store
I guess that "[127.0.0.1:50000" is a typo in your sample command. The bracket is definitely a misplaced character.
Secondly, your command uses objectClass=certificationAuthority instead of objectclass=cRLDistributionPoint. This should be also corrected.
You can try to use the -f option with -addstore. This forces certutil to create missing objects. If this does not work either, you have to extend the ADAM schema.
Tuesday, May 20, 2008 12:41 AM by MS2065 Anonymous comments are disabled
星期三, 四月 30, 2008
关于tomcat乱码问题的解决
(一) 更改 C:\Tomcat\conf\server.xml,指定浏览器的编码格式为“简体中文”:
方法是找到 server.xml 中的
<Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" URIEncoding='GBK' />
这时地址栏中就可传递中文了,对于tomcat5.0 不加 URIEncoding='GBK' 是不能传递中文的,有中文传递时只能变成乱码。
(二)如servlet不能正常显示汉字 则加入
public class ThreeParams extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html; charset=gb2312");
...
}
}
作用是把页面的内容定义为中文字集gb2312.
(三)如果从数据库中抽取的数据是乱码需要加过滤器
实现如下:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.UnavailableException;
public class SetCharacterEncodingFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)throws IOException, ServletException {
request.setCharacterEncoding("gb2312");
// 传递控制到下一个过滤器
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
配置web.xml
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>SetCharacterEncodingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
(四)字符的转换,如在读取文件内容,数据库内容出现乱码时,可由以下办法解决。
public class toGB2312
{
public toGB2312()
{
//
}
public String Gb2312(String uniC){
String gb2312Str = "";
if(uniC == null){
uniC = "";
}
try{
byte[] tep = uniC.getBytes("ISO8859_1");
gb2312Str = new String(tep,"GB2312");
}
catch(Exception ex){
}
return gb2312Str;
}
public String UniC(String gb2312Str){
String unicoStr = "";
if(gb2312Str == null){
gb2312Str = "";
}
try{
byte[] yte = gb2312Str.getBytes("GB2312");
unicoStr = new String(yte,"ISO8859_1");
}catch(Exception ex){
}
return unicoStr;
}
}
你也可以在直接的转换,首先你将获取的字符串用ISO-8859-1进行编码,然后将这个编码存放到一个字节数组中,然后将这个数组转化成字符串对象就可以了,例如:
String str=request.getParameter(“girl”);
Byte B[]=str.getBytes(“ISO-8859-1”);
Str=new String(B);
通过上述转换的话,提交的任何信息都能正确的显示。
关于tomcat乱码问题的解决
(一) 更改 C:\Tomcat\conf\server.xml,指定浏览器的编码格式为“简体中文”:
方法是找到 server.xml 中的
<Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" URIEncoding='GBK' />
这时地址栏中就可传递中文了,对于tomcat5.0 不加 URIEncoding='GBK' 是不能传递中文的,有中文传递时只能变成乱码。
(二)如servlet不能正常显示汉字 则加入
public class ThreeParams extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html; charset=gb2312");
...
}
}
作用是把页面的内容定义为中文字集gb2312.
(三)如果从数据库中抽取的数据是乱码需要加过滤器
实现如下:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.UnavailableException;
public class SetCharacterEncodingFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)throws IOException, ServletException {
request.setCharacterEncoding("gb2312");
// 传递控制到下一个过滤器
chain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
配置web.xml
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>SetCharacterEncodingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
(四)字符的转换,如在读取文件内容,数据库内容出现乱码时,可由以下办法解决。
public class toGB2312
{
public toGB2312()
{
//
}
public String Gb2312(String uniC){
String gb2312Str = "";
if(uniC == null){
uniC = "";
}
try{
byte[] tep = uniC.getBytes("ISO8859_1");
gb2312Str = new String(tep,"GB2312");
}
catch(Exception ex){
}
return gb2312Str;
}
public String UniC(String gb2312Str){
String unicoStr = "";
if(gb2312Str == null){
gb2312Str = "";
}
try{
byte[] yte = gb2312Str.getBytes("GB2312");
unicoStr = new String(yte,"ISO8859_1");
}catch(Exception ex){
}
return unicoStr;
}
}
你也可以在直接的转换,首先你将获取的字符串用ISO-8859-1进行编码,然后将这个编码存放到一个字节数组中,然后将这个数组转化成字符串对象就可以了,例如:
String str=request.getParameter(“girl”);
Byte B[]=str.getBytes(“ISO-8859-1”);
Str=new String(B);
通过上述转换的话,提交的任何信息都能正确的显示。
星期五, 四月 11, 2008
clientAccessCheck: proxy request denied in accel_only mode
Squid Cache: Version 2.5
Looks like the client is trying to use you as a proxy, either directly or indirectly via another proxy..
However, HTTP/1.1 requires HTTP servers to accept such request. Turn "httpd_accel_with_proxy on".
You should also make sure your access control rules is set correcly to only allow access to your servers if you haven't already.. Not the cause to your problem, but may be a cause to other problems later if not done..