Signing certificates for the server certificates.
服务器证书的签名证书。
The last file, root.crl, is optional and is used to revoke server certificates.
最后一个文件root . crl是可选的,用于撤销服务器证书。
For this trust, a client must trust the ca which signed the server certificates.
对于这种信任,客户机必须信任签署服务器证书的CA。
You now have three options for generating your client and server certificates. You can.
您现在可以使用三种方法生成客户机和服务器证书。
You seem to be talking about client certificates, but you probably already know about server certificates, which are far more common.
你似乎在谈论客户端证书,但是您可能已经知道服务器证书,更常见。
Novell USES 4 different server certificates of which two use Novell Network names for certificate subject which is incompatible with IBM Cognos BI.
Novell使用四种不同的服务器证书,其中两种使用Novell网络名称作为证书主题,这与IBMCognos BI不兼容。
As with the server's root.crt, the client's file, root.crt, contains a list of server certificates that have been signed by a reputable third-party ca.
和服务器的root .crt一样,客户机的root . crt文件包含了由一个可信的第三方CA签名的服务器证书的列表。
Do this in the IIS Manager console by selecting the server name, double-clicking server Certificates, and then clicking the link titled Create Domain Certificate in the Actions pane.
执行此操作通过在IIS管理器控制台中选择服务器名称,双击服务器证书,然后单击标题创建域证书为在操作窗格中的链接。
All the certificates are now in the right places for your application server key and trust files.
现在,您的应用服务器密钥和信任文件的所有证书都已处于正确的位置。
The best SSL can do on this front is to require client certificates as proof of identity when establishing the connection between the client and server.
SSL在这方面做的出色的地方就是在客户机与服务器之间建立连接时要求客户机证书作为身份证明。
Second, if client certificates are to be used, the DN in the client certificate may have to map to a real user in a user registry used by the server.
第二个问题是,如果使用客户机证书,客户机证书中的DN可能必须映射到服务器使用的用户注册表中的一个真正的用户。
Certificates are part of digital identities that are linked to a specific user or server.
证书是和特定用户或者服务器联系的数字身份的一部分。
This is no less secure, but if you have many clients, it is much harder to manage distributing all of those signing certificates (one for each server) to all clients.
这并非不安全,但如果您有许多客户机,要将所有这些签名证书(每个服务器对应一个)分发到所有客户机将会变得非常难以管理。
And, as you might recall from the digital certificates discussion in Part 2 of this series, the server must also provide the security certificate used during the handshake.
并且,正如我们可以从本系列的第2部分有关数字证书的讨论中看到的一样,服务器还必须要在握手过程中提供安全证书。
During the handshake, the server sends a certificate to the client, which the client then verifies against a set of trust certificates.
在握手过程中,服务器向客户机发送一个证书,然后,客户机根据一组可信任证书来核实该证书。
Unverifiable server side certificates will be rejected by clients during the SSL handshake.
在SSL握手期间,客户端将拒绝无法验证的服务器端证书。
The example code for this article USES two such self-signed certificates, one for the client and one for the server.
本文的示例代码使用了两个这种自签名证书,一个用于客户机,一个用于服务器。
Notice that in the previous scenario involving client authentication, the client presents a certificate that is validated by the server against the set of trusted certificates.
请注意,在前面涉及客户端身份验证的场景中,客户端提供一个证书,然后服务器针对受信任的证书集对其进行检验。
Also, no cross certificates are issued for this server.
另外该服务器也不发出交叉证书。
To verify that the server issuing the certificate is an approved LDAP server, the client is configured only to accept certificates that are signed by a local certificate Authority (ca).
要验证发行这个证书的服务器是一个已经批准过的LDAP服务器,客户机被配置为只接受本地证书机构(CA)所签署的证书。
Therefore you also need to renew the X.509 certificates for the primary server, the failover servers, and the agents.
因此,您还需要延长主服务器、故障转移服务器和代理的 X.509证书的有效期。
Select the personnel certificate, add signer certificates (Figure 4), and then add the server certificate from the copied location.
选择这个个人证书,添加被签证的证书(图4),然后从拷贝的位置添加这个服务器证书。
SSL authentication is when the client and server exchange certificates that have been signed by a third party who has unquestioned credentials.
SSL身份验证是指客户机和服务器交换由具有可靠凭证的第三方签发的证书。
As a practical matter, except for special case situations using self-signed certificates and server to server communication, this makes certificate authentication infeasible.
从实践的角度来看,这就使得证书身份验证不可行,使用自签署证书和服务器来进行服务器通信的特殊情况除外。
SSL USES digital certificates to exchange keys for encryption, server authentication, and optionally, client authentication.
SSL使用数字证书为加密、服务器验证以及客户机验证(可选)提供密钥交换服务。
The digital certificate server can be set up to circulate digital certificates to users.
数字认证服务器可以设置为用户的循环数字认证。
The ca's certificates are created on the primary server.
CA的证书是在主服务器上创建的。
Clients support prompting (like SSH) for adding certificates to the client trust store when contacting a server not previously accessed (this can be disabled if desired).
客户机支持在连接之前未曾访问的服务器时提示(像ssh一样)将证书添加到客户机信任存储区(如果需要,可以将其禁用)。
The expiration period of X.509 certificates for the CA and the primary server is 10 years.
针对CA和主服务器的 X.509证书有效期为10年。
It assumes that the connection from WebSEAL to Application Server is completely trusted; therefore, client-side certificates for authentication are required.
它假设从WebSEAL到ApplicationServer的连接是完全信任的,因此,需要用于认证的客户端证书。
应用推荐