Replication 3 service-ldap-usage Simple LDAP user and group management 3 service-ldap-with-tls SSL/TLS 3 service-ldap-backup-restore Backup and restore 2 Kerberos 3 kerberos-introduction Introduction openssh-crypto-configuration OpenSSH crypto configuration 3 Level Path Navlink 3 troubleshooting-tls-ssl Troubleshooting TLS/SSL 2 Virtualisation and containers 3 Virtual machines 4 vm-tools-in-the-ubuntu-space VM tools OpenLDAP Introduction Installation Access control Replication Simple LDAP user and group management SSL/TLS Backup and restore Kerberos Introduction Kerberos server Service principals Kerberos encryption

绑定指定地址与端口 配置文件 配置片段 缓存指南 内容协商 动态共享对象(DSO) 环境变量 日志文件 从 URL 映射到文件系 统 性能调谐 安全技巧 服务器全局配置 SSL/TLS 加密 执行 CGI 前的用户切 换(suEXEC) URL 改写与 mod_rewrite 虚拟主机 指引/教程 认证，授权与访问控制 访问控制 CGI 与动态内容 .htaccess setting. The previous setting can be restored by configuring the proxy-scgi- pathinfo variable. mod_ssl: CRL based revocation checking now needs to be explicitly configured through SSLCARevocationCheck. will now extract titles and display descriptions for .xhtml files, which were previously ignored. mod_ssl: The default format of the *_DN variables has changed. The old format can still be used with the new

. . . . . . . . 143 5 Apache SSL/TLS Encryption 145 5.1 Apache SSL/TLS Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 5.2 SSL/TLS Strong Encryption: An Introduction . . . . . . . . . . . . . . . . . 147 5.3 SSL/TLS Strong Encryption: Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 5.4 SSL/TLS Strong Encryption: How-To . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 5.5 SSL/TLS Strong Encryption: FAQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 6 Guides, Tutorials, and HowTos 179 6

绑定指定地址与端口 配置文件 配置片段 缓存指南 内容协商 动态共享对象(DSO) 环境变量 日志文件 从 URL 映射到文件系 统 性能调谐 安全技巧 服务器全局配置 SSL/TLS 加密 执行 CGI 前的用户切 换(suEXEC) URL 改写指南 虚拟主机 指引/教程 认证，授权与访问控制 CGI 与动态内容 .htaccess 文件 服务器端插入(SSI) To enable SSL support, you should edit httpd.conf to include the relevant mod_ssl directives and then use apachectl start to start the server. An example configuration to activate mod_ssl has been included included in conf/extra/httpd-ssl.conf. The default setting of UseCanonicalName is now Off. If you did not have this directive in your config file, you can add UseCanonicalName On to retain the old behavior

绑定指定地址与端口 配置文件 配置片段 缓存指南 内容协商 动态共享对象(DSO) 环境变量 日志文件 从 URL 映射到文件系 统 性能调谐 安全技巧 服务器全局配置 SSL/TLS 加密 执行 CGI 前的用户切 换(suEXEC) URL 改写指南 虚拟主机 指引/教程 认证，授权与访问控制 CGI 与动态内容 .htaccess 文件 服务器端插入(SSI) To enable SSL support, you should edit httpd.conf to include the relevant mod_ssl directives and then use apachectl start to start the server. An example configuration to activate mod_ssl has been included included in conf/extra/httpd-ssl.conf. The default setting of UseCanonicalName is now Off. If you did not have this directive in your config file, you can add UseCanonicalName On to retain the old behavior

绑定指定地址与端口 配置文件 配置片段 缓存指南 内容协商 动态共享对象(DSO) 环境变量 日志文件 从 URL 映射到文件系 统 性能调谐 安全技巧 服务器全局配置 SSL/TLS 加密 执行 CGI 前的用户切 换(suEXEC) URL 改写指南 虚拟主机 指引/教程 认证，授权与访问控制 CGI 与动态内容 .htaccess 文件 服务器端插入(SSI) To enable SSL support, you should edit httpd.conf to include the relevant mod_ssl directives and then use apachectl start to start the server. An example configuration to activate mod_ssl has been included included in conf/extra/httpd-ssl.conf. The default setting of UseCanonicalName is now Off. If you did not have this directive in your config file, you can add UseCanonicalName On to retain the old behavior

绑定指定地址与端口 配置文件 配置片段 缓存指南 内容协商 动态共享对象(DSO) 环境变量 日志文件 从 URL 映射到文件系 统 性能调谐 安全技巧 服务器全局配置 SSL/TLS 加密 执行 CGI 前的用户切 换(suEXEC) URL 改写指南 虚拟主机 指引/教程 认证，授权与访问控制 CGI 与动态内容 .htaccess 文件 服务器端插入(SSI) To enable SSL support, you should edit httpd.conf to include the relevant mod_ssl directives and then use apachectl start to start the server. An example configuration to activate mod_ssl has been included included in conf/extra/httpd-ssl.conf. The default setting of UseCanonicalName is now Off. If you did not have this directive in your config file, you can add UseCanonicalName On to retain the old behavior

cert - connect using TLS and a certificate; --tls-ca-file Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification. --tls-crl-file Full agent certificate issuer. --tls-agent-cert-subject Allowed agent certificate subject. --tls-cert-file Full pathname of a file containing the certificate or certificate chain dropped to the specified user. Revoke write access to SSL configuration file in Windows Zabbix Windows agent compiled with OpenSSL will try to reach the SSL configuration file in c:\openssl-64bit. The ”openssl-64bit”

modified. The Configure DB connection step of Zabbix web interface now features a new checkbox Verify certificate with additional options appearing upon marking it. Parameters that are unavailable in the particular various items and hosts, SNMPv3 authentication and privacy passphrases, passwords for media types; SSL key password and HTTP proxy fields used in web scenarios and HTTP items; usernames, passwords and 2 plugin WebCertificate is now available allowing to monitor validity and expiration dates of TLS/SSL website certificates. • Plugins MySQL and PostgreSQL now support encrypted TLS connection between

username, and password; • TLS encryption parameters: location of the top-level CA(s) certificate, MQTT certificate or certificate chain, private key. All of the new parameters are optional. Supported platforms dropped to the specified user. Revoke write access to SSL configuration file in Windows Zabbix Windows agent compiled with OpenSSL will try to reach the SSL configuration file in c:\openssl-64bit. The ”openssl-64bit” Setting up SSL for Zabbix frontend On RHEL-based systems, install the mod_ssl package: dnf install mod_ssl Create a directory for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private