不谨慎的供应商可能会颁发带有与您的内部证书匹配的DN的证书,并连接到您的面向内部的通道,这是因为SSLPEER只看dn而不管是谁颁发的。
An unscrupulous vendor could issue certificates with DNs that match your internal certificates and connect to your internal-facing channels because SSLPEER only looks at the DN and not who issued it.
您可以将通道配置为 SSLPEER,以便面向内部的通道与内部证书匹配,面向外部的通道与供应商证书匹配。
You configure your channels with SSLPEER so that the internal-facing ones match your internal certificates and the external-facing ones match the vendor certificates.
应用推荐