Using your own self-signed certificates.
使用自己的自签名证书。
These are known as self-signed certificates.
这些被称为自签署(self - signed)证书。
You should now have your first of three self-signed certificates.
您现在应该拥有了三个自签名证书中的第一个。
Implementing SSL with self-signed certificates requires the administrator to.
实现带有自签名证书的SSL需要管理员执行以下操作。
For testing or internal use, you can instead generate your own self-signed certificates.
如果用于测试或内部用途,可以生成您自己的自签名证书。
For these reasons, I prefer self-signed certificates and these are what will be discussed here.
基于上述原因,我倾向于使用自签名证书,这也是本文将讨论的证书。
Repeat the steps for CommandQmgr and CoordinationQmgr to create all three self-signed certificates.
对Command Qmgr和Coordination Qm gr重复以上步骤,创建所有的三个自签名证书。
The example code for this article USES two such self-signed certificates, one for the client and one for the server.
本文的示例代码使用了两个这种自签名证书,一个用于客户机,一个用于服务器。
I should mention at this point that self-signed certificates work in exactly the same way as ca signed certificates.
这里必须指出的是,自签名证书与CA签名证书的工作方式完全相同。
If the key database contains only self-signed certificates, there is no chance of matching multiple unintended certificates.
如果该密钥数据库仅包含自签名证书,就不可能匹配多个非预期证书。
Note that while both tools allow the user to generate self-signed certificates, neither tool allows the user to sign a certificate.
请注意,虽然两个工具都允许用户生成自签署的证书,但是它们都不允许用户签署证书。
In the extreme with self-signed certificates, we can create a situation where there is only one signer: the self-signed certificate.
在自签署证书的极端情况下,我们可以创建只有一个签署者的情形:只有一份的自签署证书。
If access is based entirely on self-signed certificates, deleting the public key of a certificate from the trust store revokes its access.
如果访问完全基于自签名证书,则从信任存储区中删除证书的公钥将撤销其访问权。
Since we are using only self-signed certificates, all of these root certificates represent inappropriate access grants to our queue managers.
因为我们现在只使用自签名证书,所有这些根证书代表对我们的队列管理器的不恰当的访问授权。
Mind that self-signed certificates are considered bad practice for production servers and certificates signed by a CA should be used instead.
要记住,对于生产服务器,使用自签署的证书是不好的做法,应该使用由CA签署的证书。
Self-signed certificates can be useful for test environments because you can generate them locally and you do not have to pay fees to a CA.
自签署的证书会对测试环境有帮助,因为您可以从本地生成这些证书,且无需向 CA付费。
For convenience, we have chosen to use self-signed certificates for WebSphere Application Server and CA-issued certificates for WebSphere MQ.
为简便起见,我们选择对WebSphereApplicationServer使用自签署证书,而对 WebSphere MQ 则使用 CA 签发的证书。
It is a very simple tool that creates key stores, generates self-signed certificates, imports and exports keys, and generates certificate requests for a ca.
这是一个非常简单的工具,用于创建密钥存储库、生成自签署证书、导入和导出密钥,以及为ca生成证书请求。
In the best case, the trust store will consist entirely of self-signed certificates, or it will contain a single entry for a trusted ca and nothing else.
最好的情况是信任存储区包含全部自签名证书,或者除包含受信任CA的单一入口之外没有其他任何项。
Now that we know how all the pieces fit together, let's take a look at how they can fall apart, starting with the basic case of using self-signed certificates.
现在我们已经知道所有构件是如何组合在一起的,下面让我们以使用自签名证书的基本用例为起点,看一下如何拆分它们。
You can generate your own private keys and self-signed certificates and substitute your generated key-certificate pairs for those provided in the download.
您可以生成自己的私有密匙和自签名证书,并使用自己生成的密匙-证书对替换下载中的相应内容。
If the trust store contains only self-signed certificates, this functionality eliminates the need in most cases for SSLPEER filtering or processing of DNs with exits.
如果信任存储区仅包含自签名证书,多数情况下此功能将不需要SSLPEER过滤或处理带有出口的DN。
As a practical matter, except for special case situations using self-signed certificates and server to server communication, this makes certificate authentication infeasible.
从实践的角度来看,这就使得证书身份验证不可行,使用自签署证书和服务器来进行服务器通信的特殊情况除外。
In this installment of Mission: Messaging, I will walk you through the tasks to configure basic SSL channels with self-signed certificates, building two scripts as we go.
在《任务:消息传递》系列的这个部分,我将和您一起完成使用自签名证书配置基本ssl通道的任务,我们将构建两个脚本。
Mistakes can be costly, so understand how SSLPEER works, and test your filtering using self-signed certificates before purchasing permanent certificates from a commercial ca.
如果发生错误,代价会非常高,因此,要了解SSLPEER的工作原理,先使用自签名证书测试您的过滤,然后再从商业CA那里购买永久证书。
See the Axis2 article for a more-detailed discussion of signing and encrypting in general and for details of generating and using self-signed certificates for WS-Security.
在Axis2文章中可以找到对签名和加密的详细讨论,以及为WS - Security生成和使用自签名证书的详细信息。
In most clusters with a mix of platforms, the choices are to use self-signed certificates, write a CHAD exit, or live without the ability to revoke access per distinguished name.
在大多数使用混合平台的集群中,较好的选择是使用自签名证书,编写CHAD出口,或者不提供按专有名称撤销访问权的功能。
This certificate will either be the queue managers certificate if you are using self-signed certificates for testing, or the certificate of the ca that issued your queue managers certificate.
这个证书可以是队列管理器证书(如果您正在使用自签名证书进行测试),也可以是签发您的队列管理器证书的CA的证书。
Self signed certificates, if you have a small number of certificates, you can simply issue self signed certificates.
如果证书数量很少,那么只需颁发自签名证书。
For this reason, valid public certificates are recommended. To generate and use a self-signed certificate, follow these steps.
由于这个原因,建议使用有效的公共凭证。
应用推荐