当创建该数据库时,该信任存储区由商业证书颁发机构提供的一套缺省密钥填充。
When the database is created, the trust store is populated with a default set of keys from commercial certificate authorities.
信任存储区和密钥存储区的管理现在作为第一类构造进行处理。
The management of trust stores and key stores is now handled as a first class construct.
最好的情况是信任存储区包含全部自签名证书,或者除包含受信任CA的单一入口之外没有其他任何项。
In the best case, the trust store will consist entirely of self-signed certificates, or it will contain a single entry for a trusted ca and nothing else.
如果访问完全基于自签名证书,则从信任存储区中删除证书的公钥将撤销其访问权。
If access is based entirely on self-signed certificates, deleting the public key of a certificate from the trust store revokes its access.
使用除包含单个受信任存储CA之外没有其他任何内容的信任存储区,CRL提供一个等效的每DN撤销功能,撤销证书将有效撤销访问权。
With a trust store consisting of a single trusted ca and nothing more, the CRL approaches an equivalent per-DN revocation capability in which revocation of the certificate effectively revokes access.
作为该配置的一部分,应该从两方的信任存储区中删除所有的签名者,不过另一方的签名者除外,这些签名者不应该来自众所周知的证书颁发机构(certificate authority,ca)。
As part of this configuration, all signers should be removed from the trust stores on both sides, except for the other end's signers, which should not be from well-known certificate authorities (ca).
如果在WebSphereApplicationServerND单元中启用了全局安全性,则将在缺省的 SSL指令表配置中设置缺省的密钥和信任存储区。
When global security is enabled in a WebSphere Application Server ND cell, the default key and trust stores are set in the default SSL repertoire configuration.
注意,该服务器不需要让客户端的密钥在其信任存储区中(反之亦然),因为该CA是受信任的。
Notice that the server does not need to have the client's key in its trust store (and vice versa) because the ca is trusted.
但仍需要基本检查,这意味着证书签名者必须存在于信任存储区中。
There is still the basic check, meaning that the certificate signer must be present in the trust store.
在不同的密钥和信任存储区中分享签名证书。
Share the signing certificates among the various key and trust stores.
从信任存储区中删除其他所有ca签名者。
信任存储区的作用相当于一个枚举允许连接的所有标识的列表。
The trust store effectively becomes an enumeration of all the identities allowed to connect.
密钥数据库中的另一部分是信任存储区,它包含由该队列管理器信任的数据的所有公钥。
Another section in the key database is the trust store and it contains all of the public keys of things that are trusted by the queue manager.
撤销访问权限和撤销证书在功能上相当;从信任存储区中删除证书可同时完成这两项任务。
Revoking access privileges and revoking a certificate are functionally equivalent; removing the certificate from the trust store accomplishes both tasks.
自签名证书的信任存储区项与一个且仅与一个证书匹配。
The trust store entry for a self-signed certificate matches one and only one certificate.
继续讨论在单一通道上匹配多个证书,信任存储区中有多个CA的情况会更糟。
Continuing the discussion of matching multiple certificates on a single channel, the situation gets worse with multiple CAs in the trust store.
单元中的所有其他信任存储区中都必须包含对应的签名者。
All other trust stores in the cell must contain the corresponding signer.
密钥存储区和信任存储区设置直接取自代理上指定的全局安全属性。
The keystore and truststore settings are taken direct from the global security properties specified on your broker.
如果信任存储区仅包含自签名证书,多数情况下此功能将不需要SSLPEER过滤或处理带有出口的DN。
If the trust store contains only self-signed certificates, this functionality eliminates the need in most cases for SSLPEER filtering or processing of DNs with exits.
他建议斯洛伐克停止对欧元区领导者们的“麻木信任”并寻找一个“B计划”来取代。
He proposed that Slovakia stops "blindly trusting" the euro zone's leaders and seeks a "plan b" instead.
如果客户端或服务器的信任存储区中尚没有ca根证书,则导入该证书。
Import the ca root certificate, if it does not already exist in the trust store of the client or the server.
任何给定DN的潜在SSLPEER匹配项至少要与信任存储区中CA的数量一样多,如果将证书重新颁发计入在内数量会更大。
The set of potential SSLPEER matches for any given DN is at least as large as the number of CAs in the trust store, larger if certificate reissuance is taken into account.
如果信任存储区中包括一个证书颁发机构,则使用SSLPEER或出口(或同时使用二者)过滤出不需要的连接。
If the trust store contains a certificate authority, filter unwanted connections using SSLPEER or an exit, or both.
在一个通道需要允许多个证书的情况下,信任存储区、sslpeer值和CRL之间的交互变得非常重要。
The interaction between the trust store, the SSLPEER value and the CRL becomes very important in those cases where a channel needs to allow multiple certificates.
将客户机证书导入到服务器信任存储区中。
从信任存储区中删除所有未使用的证书颁发机构。
Delete all unused certificate authorities from the trust store.
接下来,检查签名CA的证书是否存在于本地信任存储区中。
Next, a check is made to see if a certificate for the signing ca exists in the local trust store.
欧元区和申根区依赖于信任:每个成员国有健康的公共财政,控制它的边境。
The euro zone and the Schengen area depend on trust: that each member will run sound public finances, and that each will control its borders.
如果是自签名证书,则该证书本身的公钥必须存在于信任存储区中。
In the case of a self-signed certificate, it is the certificate's own public key that must exist in the trust store.
客户机支持在连接之前未曾访问的服务器时提示(像ssh一样)将证书添加到客户机信任存储区(如果需要,可以将其禁用)。
Clients support prompting (like SSH) for adding certificates to the client trust store when contacting a server not previously accessed (this can be disabled if desired).
应用推荐