What happens if the root certificate ca is compromised?
如果危及根证书CA怎么办?
Figure 1 The root ca root certificate in certificate Manager.
图1的根ca根证书,在证书管理器中。
You still control the certificates, but you do not control the root certificate.
您仍然可以控制证书,但是不能控制根证书。
You can have a look at your root certificate just to make sure everything's right by using.
可以用以下命令检查根证书,确保一切正常。
A certificate chain for the signature certificate, but not the trusted root certificate.
用于签名证书而不是可信根证书的证书链。
Stores root certificates along with single service certificate and associated private key.
存储根证书和单个服务证书以及相关私有密钥。
A certificate chain for the signature certificate, including the trusted root certificate.
用于签名证书(包含可信根证书)的证书链。
A certificate chain for the signature certificate, including the trusted root certificate.
用于签名证书而不是可信根证书的证书链。
The Consuming Application's keystore will have the root certificate of the Service Provider's certificate.
消费应用程序(Consuming Application)的keystore将包含服务提供者(Service Provider)的证书的根证书。
Import the ca root certificate, if it does not already exist in the trust store of the client or the server.
如果客户端或服务器的信任存储区中尚没有ca根证书,则导入该证书。
On the public Internet, VeriSign's root certificate is implicitly trusted by Firefox long before you go to any website.
在公共网络中,在你还未上任何网站之前,Firefox就已经隐含地信任了VeriSign的根证书。
You manage the certificate structure, naming, validation, and expiration, but as we mentioned, you cannot control the root certificate.
您管理证书的结构、命名、验证和到期时间,但是如前所述您不能控制根证书。
Expand Certificates, Trusted Root certificate Authority and repeat Step 4 above to import the certificate into the trust ca store as well.
展开Certificates,TrustedRoot CertificateAuthority,并重复上面的步骤4,将证书导入到信任ca存储。
Select the trusted root certificate or any other certificate category accordingly and import the server certificate that you had created into it.
选择可信的根证书或任何其他证书类别,把刚才创建的服务器证书导入到其中。
Selecting a longer Validity period here means granting yourself a longer period of time before needing to update your ca's root certificate.
选择此处更长的有效期内表示授予您自己更长一段时间之前需要更新您的ca根证书。
Assuming you installed this server as a domain Administrator, it will automatically begin populating its root certificate onto every computer in your domain.
假设您安装此服务器作为域管理员,它将自动开始填充它拖到您的域中的每台计算机上的根证书。
These certificates, along with root certificates to validate the other party's certificate, are stored in a key database that is installed with Connection Manager.
这些凭证,以及用于验证其他方凭证的root凭证,存储在一个密钥数据库中,这个密钥数据库是随Connection Manager一起安装的。
If you've done everything correctly, you should soon find the AD CS server's root certificate in the Trusted root Certification Authorities store on a computer.
如果您已经一切正常,您应很快发现一台计算机上的受信任的根证书颁发机构存储中的ADCS服务器的根证书。
One disadvantage of using an open public system is that you cannot own the root of the certificate.
使用开放式公共系统的一个不利之处是您不能拥有证书的根。
When the ca USES a self-signed certificate, called a Root ca, the ca usually publishes its self-signed certificate details publicly so that users can establish the authenticity of the ca.
当CA使用自签名证书时(称为根ca),该ca通常公开发布其自签名证书详细信息,因此用户可以确定该CA的真实性。
If the trusted root ca has a CRL provided check that the certificate is not listed there as being revoked.
如果可信根ca提供CRL,要确认撤消的证书列表中不包含这个证书。
For the certificate label, enter something meaningful, such as VeriSign Test ca Root.
对于证书标签,请输入有意义的文字,例如:verisignTestCA Root。
If for some reason they are not placed in there trust cannot be established although Windows may show the certificate as a trusted root ca.
如果由于某种原因它们没有放在那里,即使Windows把证书显示为可信根ca,也无法建立信任。
Generate the certificate for root (valid for approximately 10 years) by self-signing it.
为根生成自签名的证书(有效期大约10年)。
Again this requires Windows to trust the certificate which implies to have the correct trusted root ca imported.
这要求Windows信任此证书,意味着必须导入正确的可信根ca。
The screenshot shows all trusted root CA certificates in a default Windows 2003 Server plus two additional certificate which have been added so far (CS Germany CA and Applix).
这个屏幕图显示在默认的Windows 2003Server中所有可信的根CA证书,还有目前已经添加的两个证书(CS Germany CA和 Applix)。
Create a root-level private key and root-level certificate request (holding the public key).
创建一个根(root)级私有密钥和根级证书请求(包含公共密钥)。
Generate an SSL certificate and private key by typing the following (as a single line) as root.
以root用户的身份键入以下内容(作为一行),生成一个SSL证书和私匙。
Because this root ca certificate is located in your Trusted root Certification Authorities store, this computer will now trust any certificates issued by your AD CS server.
因为此根ca证书的位置在受信任的根证书颁发机构存储中,此计算机现在将信任由ADCS服务器颁发的所有证书。
You need one certificate to act as your root authority, and one to act as the actual certificate to be used for the SSL, which needs to be signed by your root authority.
你需要一个证书作为您的根的权力,并作为一个实际的证明书,用于SSL,需要由您的根权力机构签署的使用。
应用推荐