The article explains HTTP’s plaintext nature and its susceptibility to man‑in‑the‑middle attacks, then details how HTTPS (TLS) uses asymmetric key exchange, certificates, and a trusted CA hierarchy to establish encrypted communication and prevent such attacks.
After updating a core API's SSL certificate, a partner reported repeated SSLHandshakeException errors, mistakenly labeling the cert as a development version; thorough verification revealed the issue stemmed from an outdated Java trust store lacking the new Sectigo root, leading to a set of concrete remediation steps and best‑practice lessons.
This article explains why HTTPS is essential for secure web communication, detailing how it upgrades plain HTTP by adding certificate‑based identity verification, TLS handshake negotiation, and AES‑GCM encryption with MAC verification to protect against eavesdropping, tampering, and phishing attacks.
This guide walks you through the four core stages of HTTPS certificate handling—CA distribution, domain request, validation, and data encryption—while providing detailed OpenSSL commands, Linux/Windows/macOS trust‑store paths, and a ready‑to‑run shell script for fully automated certificate generation.
This comprehensive tutorial explains the fundamentals of PKI, CA, CSR, and cfssl configuration, shows how to install cfssl on Linux, details the cfssl gencert command and its core parameters, and provides practical, end‑to‑end examples for creating root, intermediate, server, client, and Kubernetes certificates.
This comprehensive guide covers the ten most frequently asked SSL/TLS questions, explaining protocol differences, handshake processes, certificate structures, PKI components, common vulnerabilities, perfect forward secrecy, cipher suites, revocation methods, certificate pinning, and the key improvements introduced in TLS 1.3.
This guide walks through installing etcd, configuring a three‑node high‑availability cluster with TLS certificates, setting up host files, disabling SELinux and firewalld, creating a Certificate Authority using cfssl, generating node certificates, distributing them, and finally deploying and verifying the cluster on Linux systems.
This tutorial walks you through installing ocserv, creating a CA and server certificates, configuring ocserv settings, adjusting kernel parameters, setting up iptables firewall rules, managing VPN users, and controlling the ocserv service on a CentOS server.
When a Kubernetes cluster suddenly fails to respond with an x509 certificate expiration error, this guide walks you through using kubeadm commands to renew all certificates, update kubeconfig files, restart kubelet, and verify the new expiration dates, ensuring the cluster returns to normal operation.
This guide walks through creating a CA private key, a certificate signing request, and a self‑signed CA certificate using OpenSSL, detailing each command's parameters, technical nuances, and essential security practices.
With SSL/TLS certificates now limited to 13 months and soon to just 47 days, this article explains why encryption is essential, details symmetric and asymmetric cryptography, illustrates HTTPS handshake and certificate verification, and shows how these mechanisms protect against man‑in‑the‑middle attacks.
The article explains how Maven's default resource filtering corrupts binary .p12 certificates during packaging, causing Spring Boot startup failures, and provides a step‑by‑step solution using dual resource configurations and best practices for handling binary files in Java backend projects.
This guide explains what mkcert is, its key features, and provides step‑by‑step instructions for installing the tool, generating trusted local SSL/TLS certificates for multiple domains and IPs, and configuring Nginx to enable HTTPS in a local development environment across Windows, macOS, and Linux.
mkcert, an open‑source tool by Filippo Valsorda, lets developers quickly create and trust local SSL/TLS certificates across Linux, macOS, and Windows without manual configuration, offering zero‑setup installation, multi‑domain support, advanced features, and simple Nginx integration for secure local testing.
This tutorial walks through installing acme.sh, configuring JD Cloud DNS API credentials, issuing and installing SSL certificates for Nginx (or Docker‑based Nginx), and setting up automatic 60‑day renewal, providing all necessary commands and configuration examples.
When a Kubernetes cluster suddenly stops responding due to an expired x509 certificate, this guide shows how to renew all certificates using kubeadm alpha commands, copy the updated kubeconfig, restart kubelet, and verify the new expiration dates.
This guide explains common certificate formats (PEM, DER, CRT, CER), shows how to generate a CA key, CSR, and signed certificate with OpenSSL, demonstrates format conversions, and provides commands for inspecting and verifying certificates, all essential for secure operations.
This article provides a detailed, hands‑on analysis of HarmonyOS NEXT's native‑app signing process, covering certificate generation, CSR handling, leaf‑certificate issuance, profile creation, package signing, and the multi‑stage verification logic implemented in OpenHarmony's security modules.
This guide explains how to use OpenSSL to create private keys, certificate signing requests, and signed SSL/TLS certificates, covering key generation, password removal, PEM creation, extension configuration, and the final issuance of server.crt and server.key files.
This article introduces the open‑source tool mkcert, explains its key features, provides step‑by‑step installation and certificate generation commands, shows how to configure Nginx for HTTPS, and includes promotional notes about related community resources.
This article presents a Python script that retrieves a domain's SSL certificate information, parses its start and expiration dates, converts them to datetime objects, and calculates the remaining days until the certificate expires, providing a simple command‑line tool for monitoring certificate validity.
This guide explains how to troubleshoot a Java SSLHandshakeException caused by an untrusted third‑party HTTPS endpoint when fetching PDF files, covering certificate installation, trustStore configuration, and a custom TrustManager solution to bypass verification.
This article introduces the concept of managed Kubernetes clusters, compares them with traditional setups, details the architecture and implementation process, discusses challenges such as cross‑cluster webhook routing, certificate issuance, container runtime integration, and outlines the diverse features of the dedicated cluster solution.
The article walks through diagnosing a Java SSLHandshakeException caused by an untrusted HTTPS certificate when fetching a PDF, and presents three solutions: using InstallCert to add the certificate, configuring trustStore properties, and finally bypassing verification with a custom TrustManager and HostnameVerifier.
This tutorial explains the differences between PEM and DER certificate formats, lists common file extensions, and provides step‑by‑step OpenSSL commands for generating a CA key, creating CSRs, signing certificates, converting formats, and verifying the results.
The article explains that the kube‑apiserver’s built‑in LoopbackClient certificate expires after one year, causing API server failures in long‑running clusters, and examines the community’s support policies, recent Alibaba Cloud changes, and ongoing discussions about introducing a true Kubernetes LTS.
The IPAddresses field in a server certificate restricts its validity to specific IPs, adding an extra verification layer to TLS connections, which enhances security but requires careful management of IP changes, especially in dynamic or large‑scale cloud environments.
This article explains why long‑running Kubernetes clusters can suffer memory‑leak errors and certificate expiration, and provides detailed, command‑line solutions including disabling kmem accounting, recompiling runc and kubelet, and extending certificate validity to ten years.
This guide walks you through obtaining a valid SSL certificate, installing Nginx on a Linux server, configuring the HTTPS server block, converting certificates to PEM format, and testing the secure connection, providing step‑by‑step commands and example configurations.
This guide explains three ways to generate SSL certificates using OpenSSL, including creating a private key, self‑signed certificate, and CSR‑based signing, and shows how to configure Nginx to enable HTTPS with the generated certificates.
This article explains why and how to upgrade an HTTP website to HTTPS, introduces the differences between the protocols, compares paid and free CA certificates, and provides a step‑by‑step tutorial for installing, issuing, installing, and automatically renewing certificates with the acme.sh script.
This comprehensive guide explains the CIAA security model for network transmission, details confidentiality, integrity, authentication, and availability, and walks through building a private CA with OpenSSL, configuring TLS 1.2/1.3, HTTPS authentication modes, SNI/ESNI extensions, and upgrading curl for HTTP/2 support.
This article explains the fundamentals of SSL certificates, details Android’s certificate verification process, walks through common pitfalls such as expired or mismatched certificates, and provides practical solutions—including custom TrustManager implementations, revocation checks, and debugging techniques—to ensure reliable secure communication in Android apps.
This guide shows how to check certificate expiration in a Kubernetes cluster, renew all certificates using kubeadm, and verify the renewal, helping you resolve the “certificate has expired or is not yet valid” error.
This article walks through the complete process of acquiring a free SSL certificate, exporting it as a PFX file, and configuring the server settings to enable HTTPS for a mini‑program, while highlighting common pitfalls and required tools.
This guide shows how to enable HTTPS on Nginx by either obtaining a free Alibaba Cloud SSL certificate—generating a CSR, submitting it, and configuring the server—or creating a self‑signed OpenSSL certificate with custom SANs, installing it, updating hosts, and verifying the secure connection.
This guide walks through creating a self‑signed SSL certificate with JDK’s keytool, configuring Spring Boot to use the PKCS12 keystore, redirecting HTTP to HTTPS, and alternatively obtaining a free FreeSSL certificate, covering necessary code, configuration files, and deployment steps for both Windows and Linux environments.
This guide walks through obtaining a free SSL certificate, exporting it as a PFX file, and configuring IIS with the appropriate server settings to enable HTTPS for a mini‑program, while highlighting common pitfalls and required client tools.
This guide walks through obtaining a free SSL certificate, exporting it from the provider, and configuring a Spring Boot application to use the certificate, including detailed steps, screenshots, and the necessary server.yml configuration.
This article explains how HTTPS combines HTTP with SSL/TLS, walks through the TLS handshake steps, describes symmetric and asymmetric encryption, the role of X.509 certificates, digital signatures, certificate chains, and provides a hands‑on OpenSSL guide for manually verifying a server certificate.
This guide details the step‑by‑step process of obtaining a free SSL certificate, exporting it, and configuring the server with the appropriate key‑store settings to enable HTTPS for a mini‑program, including tips on common pitfalls and verification methods.
This guide explains why and how to migrate an HTTP website to HTTPS, covering the differences between the protocols, options for obtaining SSL certificates, step‑by‑step installation of the acme.sh script, generating, installing, and automatically renewing certificates using both HTTP and DNS validation methods.
The article explains the iOS code‑signing verification mechanism, why enterprise IPAs built for iOS 15 fail with a signature‑version error, and provides a step‑by‑step guide to re‑sign the package using newer signature formats, along with a deep dive into certificates, provisioning profiles, entitlements and the underlying cryptographic concepts.
This guide explains how to download and run FastGithub, import its local HTTPS certificate, and resolve common Git SSL certificate verification errors by adjusting Git's SSL settings, providing step‑by‑step instructions and relevant code snippets.
This guide explains how to configure Jenkins to connect to both same‑cluster and cross‑cluster Kubernetes environments, covering role bindings, network ports, certificate generation, Kubernetes cloud settings, pod template configuration, and testing via freestyle and pipeline jobs.
This article explains the fundamentals of TLS as a transport‑layer security protocol, demonstrates how to create a TLS‑encrypted socket server and client in Go, and shows how to generate and verify certificate chains using tools like mkcert.
This article explains why plain HTTP is insecure, illustrates man‑in‑the‑middle attacks, discusses symmetric and asymmetric encryption attempts, and details how HTTPS (SSL/TLS) with CA certificate verification protects data integrity and confidentiality.
This article explains the insecurity of plain HTTP, demonstrates how man‑in‑the‑middle attacks can intercept and modify traffic, and details how HTTPS using SSL/TLS, asymmetric key exchange, and CA‑based certificate verification secures web communications.
The article explains the vulnerabilities of plain HTTP, illustrates man‑in‑the‑middle attacks, shows why simple symmetric encryption is insufficient, and then details how HTTPS—built on SSL/TLS, asymmetric key exchange, and CA certificate validation—prevents these attacks, providing a comprehensive overview of secure web communication.
This tutorial walks through configuring three servers, generating CA and component certificates with cfssl, deploying an etcd cluster, installing Docker, creating Kubernetes API server, controller‑manager and scheduler configurations, setting up systemd services, and verifying the health of the high‑availability Kubernetes cluster.
This article explains the fundamentals of the HTTP protocol, its security weaknesses, illustrates man‑in‑the‑middle attacks, and shows how symmetric and asymmetric encryption together with TLS/SSL and a CA‑based certificate chain secure communications in HTTPS.
This guide explains why you should switch from HTTP to HTTPS, compares the two protocols, shows how to obtain free or paid SSL certificates, and provides step‑by‑step instructions for installing and automating certificate issuance using the acme.sh script on Apache, Nginx or standalone servers.
This article explains how to generate PKCS#12 (p12) certificates using BouncyCastle in .NET Core, extract keys with OpenSSL, install the certificates on Windows, and demonstrates encryption and decryption with the generated keys, providing complete code samples and step‑by‑step instructions.
This article explains etcd’s Raft‑based consensus, why odd‑numbered nodes are recommended, details the leader election process with log excerpts, discusses split‑brain and consistency guarantees, and provides step‑by‑step instructions for generating certificates, deploying an etcd cluster, and using etcdctl commands.
This guide explains why and how to migrate an HTTP site to HTTPS by obtaining free Let’s Encrypt certificates using the acme.sh script, covering installation, HTTP/DNS/standalone validation methods, certificate installation, automatic renewal, and troubleshooting steps.
This guide walks through the complete iOS certificate setup, covering Apple developer registration, creation of development and distribution certificates, app ID configuration, adding test devices, and provisioning profile generation, with practical notes and code snippets for each step.
This article explains how an expired AddTrust External CA Root caused HTTPS requests to Sentry to fail, shows how to reproduce the error with curl and OpenSSL, and provides step‑by‑step fixes for Ubuntu, Docker‑Alpine, and macOS environments.
This article explains why HTTPS is considered secure, details its underlying cryptographic processes—including certificate verification, asymmetric and symmetric encryption, and the role of Certificate Authorities—while also addressing common misconceptions such as man‑in‑the‑middle attacks and packet capture.
This guide shows how to check the default 1‑year and 10‑year Kubernetes certificates using OpenSSL, then extend all relevant kubeadm‑issued certificates to a ten‑year lifespan by deploying and running the update‑kubeadm‑cert.sh script on each master node, and finally verify the new validity periods.
In March 2020, Apple devices displayed security warnings because the HTTPS certificate for appleimap.163.com had expired due to NetEase Mail’s failure to renew it, highlighting how overlooked certificate management can disrupt services and underscoring the need for automated monitoring tools in large organizations.
This article explains how HTTPS protects data through encryption and identity authentication, describes symmetric and asymmetric algorithms, outlines PKI and certificate issuance processes, demonstrates Nginx certificate deployment, and shows how trust chains and cross‑certificates ensure reliable secure connections.
This article explains why HTTPS is considered secure, details its underlying TLS handshake and data transmission process, clarifies the roles of asymmetric and symmetric encryption, the necessity of CA‑issued certificates, and discusses common misconceptions such as man‑in‑the‑middle attacks and packet capture.
This article explains the fundamentals of Public Key Infrastructure (PKI), compares symmetric and asymmetric encryption, details digital signatures and certificates, and illustrates how SSH leverages these technologies for secure remote login, while also exploring their applications in IoT and code signing.
This article uses a playful story of Alice, Bob, Eve, Mallory, and Trent to explain the fundamentals of symmetric and asymmetric encryption, message authentication codes, digital signatures, and public‑key certificates, showing how each technique protects confidentiality, integrity, and authenticity in communications.
This article provides a comprehensive overview of Apple Pay integration on iOS, covering the end‑to‑end payment flow, Apple’s security mechanisms, certificate preparation, differences between domestic and international implementations, and practical tips for developers to avoid common pitfalls.
This guide explains how to package a JavaWeb application into a WAR file, describes Tomcat’s architecture and connectors, introduces symmetric and asymmetric encryption concepts, and shows how to generate a self‑signed certificate and configure an HTTPS connector in Tomcat.
This article demystifies HTTPS by explaining its underlying encryption, signing, and certificate mechanisms, illustrating how zero‑knowledge proof concepts secure identity verification, and providing practical guidance on upgrading from HTTP, configuring certificates, capturing traffic with Fiddler, and understanding session recovery and performance considerations.
This article explains the fundamentals of symmetric and asymmetric encryption, the key distribution challenges they face, how hybrid cryptosystems combine their strengths, and introduces essential cryptographic tools such as hash functions, message authentication codes, digital signatures, and public‑key certificates, comparing their capabilities.
This article explains symmetric and asymmetric encryption, the key‑distribution problem, hybrid cryptosystems, one‑way hash functions, message authentication codes, digital signatures, public‑key certificates, and compares these cryptographic methods in detail.
This article explains hiproxy's core proxy mechanisms, including HTTP and HTTPS request handling, automatic certificate generation, plugin architecture, and browser proxy configuration, providing developers with a comprehensive overview of its implementation and extensibility.
This article explains why HTTPS is considered secure, how it prevents man‑in‑the‑middle attacks through certificate verification, details the TLS handshake captured with Wireshark, and shows the cryptographic primitives behind RSA, ECDHE and AES, including practical code snippets and the cost of using HTTPS.
This article explains the TLS handshake process, covering server certificate transmission, server key exchange details, certificate request handling, server hello done, client certificate usage, client key exchange mechanisms, RSA premaster secret encryption, Diffie‑Hellman and ECDH key exchanges, and the certificate verify step.
This guide explains the five most common reasons an SSL certificate appears untrusted—such as using a self‑signed certificate, misconfigured trust chain, missing domain coverage, expiration, or lack of SNI support—and provides practical steps to resolve each issue.
Traffic hijacking, a form of man‑in‑the‑middle attack that injects unwanted ads or modifies web content, can be mitigated by HTTPS, which uses SSL/TLS for server authentication, encryption, and integrity, and the article explains the attack methods, HTTPS fundamentals, and practical deployment steps including Alibaba Cloud support.
This article explains the HTTPS protocol, covering its combination of HTTP and TLS, the roles of symmetric and asymmetric encryption, key exchange methods like RSA and ECDHE, certificate-based authentication, data integrity checks, and practical considerations such as performance impact and deployment costs.
