引入可信证书验证代理负责服务器证书的在线验证,并生成证书状态凭据。
Moreover, TCVP is introduced to verify the online status of server certificate and seals it in a security ticket.
为什么是必需的,因为使用SSL握手服务器将发送其SSL证书,客户端将从其密钥库中存在的可信证书列表中验证此证书。
Why it is required because using SSL handshake server will send its SSL certificate and client will validate this certificate from its trusted list of certificates present in his keystore.
浏览器显示一个警告,表明安全证书没有经过可信权威认证,与实际网站不匹配。
The browser shows a warning that the security certificate was not certified by a trusted authority and not matching the actual website.
这里要用到三个参数:上下文指针、可信任库文件的路径和文件名,以及证书所在目录的路径。
This takes three parameters: the context pointer, the path and the filename of the trust store file, and a path to a directory of certificates.
在分析证书的有效性时,同时还会检查可信签名。
When the certificates are analyzed for validity, trust signatures are checked as well.
此外,如果维护了可信的接受方名称列表,那么可以比较已签名证书的接受方,看看它是否匹配可信列表中的接受方。
Furthermore, if a list of trusted subject names is maintained, the subject of signing certificate can be compared to see if it matches any subject in the trusted list.
使用发自可信的证书授权中心的数字证书(数字id),连同ssl加密,可为交易中的各方提供很高等级的安全保障。
Using a Digital certificate (Digital id) from a trusted certificate authority in conjunction with SSL encryption provides a very high grade of security for all parties involved in a transaction.
在一张数字证书的生命期中,正在签发的CA可能会决定该证书不再可信。
During the lifetime of a digital certificate, the issuing ca might determine that the certificate is no longer to be trusted.
对于这种策略配置,客户机证书需要受此STS信任,且此STS证书必须存在于此客户机的可信存储内。
With this policy configuration, the client certificate needs to be trusted by the STS, and the STS certificate must be present in the trust store of the client.
这些凭据是否可信取决于客户机是否信任对证书进行数字签名的证书颁发机构。
Whether or not these credentials can be trusted will depend on whether or not the client can trust the certificate authority that digitally signed the certificate.
可信的证书权威机构发布数字证书,它们被用来鉴别用户和组织访问Web站点,e - mail服务器和其他安全系统的权限。
Trusted certificate authorities issue digital certificates, which are then used to authenticate users and organizations for access to Web sites, E-mail servers, and other secure systems.
证书用来通过可信的第三方(这里是VeriSign)建立信任关系。
Certificates are used to establish trust by using a trusted third-party (in this case, VeriSign).
这要求Windows信任此证书,意味着必须导入正确的可信根ca。
Again this requires Windows to trust the certificate which implies to have the correct trusted root ca imported.
如果由于某种原因它们没有放在那里,即使Windows把证书显示为可信根ca,也无法建立信任。
If for some reason they are not placed in there trust cannot be established although Windows may show the certificate as a trusted root ca.
这个屏幕图显示在默认的Windows 2003Server中所有可信的根CA证书,还有目前已经添加的两个证书(CS Germany CA 和Applix)。
The screenshot shows all trusted root CA certificates in a default Windows 2003 Server plus two additional certificate which have been added so far (CS Germany CA and Applix).
数字证书一般是由名为认证中心(Certification Authority,ca)的可信的第三方签发的。
The digital certificate is typically issued by a trusted third party called a Certification Authority (ca). For a fee, the ca will generate a digital certificate that contains.
OpenSSL附带了一组可信任证书。
和服务器的root .crt一样,客户机的root . crt文件包含了由一个可信的第三方CA签名的服务器证书的列表。
As with the server's root.crt, the client's file, root.crt, contains a list of server certificates that have been signed by a reputable third-party ca.
可信的第三方通过使用其自己的签名发出证书,为公开密匙和识别信息做证明。
The trusted third party vouches for the public key and identifying information by issuing the certificate with its signature.
在握手过程中,服务器向客户机发送一个证书,然后,客户机根据一组可信任证书来核实该证书。
During the handshake, the server sends a certificate to the client, which the client then verifies against a set of trust certificates.
要检验证书是可信任的,需要在连接建立之前提前加载一个可信任证书库。
Verifying that the certificate is trusted requires that a trust certificate store be loaded prior to establishing the connection.
如果证书未经可信任的证书颁发机构签名,并且您信任此机构,您可以增加证书签名。
If the certificate was not signed by a trusted certification authority, you can add the certification authority if you trust the authority.
在创建上下文结构之后,必须加载一个可信任证书库。
After the context structure is created, a trust certificate store must be loaded.
选择可信的根证书或任何其他证书类别,把刚才创建的服务器证书导入到其中。
Select the trusted root certificate or any other certificate category accordingly and import the server certificate that you had created into it.
处理:确保您在使用由可信任的根证书颁发机构颁发的有效的、非过期的安全证书。
Workaround: Ensure that you are using valid, non-expired security certificates issued by a trusted root certification authority.
例如,失败的信任验证可能只是意味着没有可信任的证书。
For example, a failed trust verification could simply mean that the trust certificate is not available.
如果可信根ca提供CRL,要确认撤消的证书列表中不包含这个证书。
If the trusted root ca has a CRL provided check that the certificate is not listed there as being revoked.
必须指定可信任库文件或证书的目录。
One of either the trust store file or directory of certificates must be specified.
另外,这个证书是可信的。
如果不能确认证书是可信任的,那么openssl会将证书标记为无效(但连接仍可以继续)。
If the certificate cannot be verified for trust, OpenSSL flags the certificate as invalid (but the connection can still continue).
应用推荐