不谨慎的供应商可能会颁发带有与您的内部证书匹配的DN的证书，并连接到您的面向内部的通道，这是因为SSLPEER只看dn而不管是谁颁发的。

An unscrupulous vendor could issue certificates with DNs that match your internal certificates and connect to your internal-facing channels because SSLPEER only looks at the DN and not who issued it.

youdao

您可以将通道配置为 SSLPEER，以便面向内部的通道与内部证书匹配，面向外部的通道与供应商证书匹配。

You configure your channels with SSLPEER so that the internal-facing ones match your internal certificates and the external-facing ones match the vendor certificates.

youdao