您可以利用带客户证书的SSL设置加密连接,并指定证书标签。
You set up an encrypted junction using SSL with client certificates, and you specify the certificate label.
用于ApplicationServer的Web服务器必须有用于WebSEAL 服务器的客户证书的签名证书。
The Web server for Application Server must have the signing certificates for the WebSEAL server's client certificate.
从WebSEAL到ApplicationServer的链接必须使用客户证书认证,同样的,从Web服务器到应用程序服务器的链接也必须使用客户证书认证。
The link from WebSEAL to the Web server must use client certificate authentication, and the same must be true for the link from the Web server to the application server.
启用绑定安全性后,我们会收到来自伙伴系统的客户端证书。
When bind security is enabled, we receive the client certificate from the partner system.
第二个问题是,如果使用客户机证书,客户机证书中的DN可能必须映射到服务器使用的用户注册表中的一个真正的用户。
Second, if client certificates are to be used, the DN in the client certificate may have to map to a real user in a user registry used by the server.
SSL在这方面做的出色的地方就是在客户机与服务器之间建立连接时要求客户机证书作为身份证明。
The best SSL can do on this front is to require client certificates as proof of identity when establishing the connection between the client and server.
在握手过程中,服务器向客户机发送一个证书,然后,客户机根据一组可信任证书来核实该证书。
During the handshake, the server sends a certificate to the client, which the client then verifies against a set of trust certificates.
属于客户端的任何客户端证书的签名证书,CICS可使用客户端身份验证与该证书通信。
Signing certificates for any client certificates owned by clients with which you expect CICS to communicate using client authentication.
其包括一台没有公钥证书的客户机,该客户机通过公钥证书访问服务器。
It consists of a client with no public key certificate, accessing a server with a public key certificate.
因为我们的客户机证书将是自签署的,所以我们需要将客户机的公钥证书配置为服务器受信任的签署者。
Because our client certificate will be self-signed, we'll need to configure the client's public key certificate as a trusted signer for the server.
在这里,再次需要客户端证书和客户认证的SSL。
Here again, client side certificates and client authenticated SSL are required.
客户端不持有证书,因此对SSL是匿名的。
The client does not have a certificate and is, therefore, anonymous to SSL.
或是在单个运行的JVM中使用不止一个客户端证书?
Ever wanted to use more than one client certificte in a single running JVM?
CICSB区域将IPCONN定义中提到的证书作为客户端证书发送出去。
The CICSB region sends the certificate mentioned in IPCONN definition as the client certificate.
对于这种策略配置,客户机证书需要受此STS信任,且此STS证书必须存在于此客户机的可信存储内。
With this policy configuration, the client certificate needs to be trusted by the STS, and the STS certificate must be present in the trust store of the client.
JMS客户机的证书是必需的,只是因为我们想要服务器认证客户机。
The certificate for the JMS Client was required only because we wanted to the server to authenticate the client.
特别地,客户端证书对请求提供了较严格的客户端身份验证和较严格的签名保证。
In particular, client certificates provide strong client identity verification and strong signature guarantees on requests.
验证客户端证书是否已安装到浏览器。
也必须更改其信任存储库,使之只包含WebSEAL正在使用的客户端证书。
You also must alter its trust store to include only the client certificate that WebSEAL is using.
访问CA的公共密匙并测试客户端证书。
必须配置应用服务器Web容器以执行客户机证书身份验证。还必须更改其信任存储库,使之只包含WebSEAL 正在使用的客户机证书。
The application server Web container must be configured to perform client certificate authentication, and its trust store must be altered to include only the client certificate that WebSEAL is using.
通过键入下面的命令,导出客户机公钥证书以将其导入到受信任的客户机证书的服务器存储中。
Export the client public key certificate so it can be imported into the service's store of trusted client certificates by typing the following command.
这将有效地禁止生成j2ee安全上下文,从而使我们不必在客户机证书中使用有效的用户名。
This effectively disables J2EE security context generation, which frees us from having to use a valid user name in the client certificate.
要验证客户端证书,提供者一方的处理程序必须访问发行者的公共密匙。
To verify a client certificate, the provider-side handler must have access to the issuers' public key.
现在您可以导入用于JMS客户机的公共证书。
You can now import the public certificate for the JMS Client.
因此,如果您的客户端证书被破坏,则不能对其进行吊销。
Therefore, if your client certificates are compromised, they cannot be revoked.
这个值是WSS4J能够识别的特殊名称,这表示应该使用请求签名所用的客户机证书对响应进行加密。
This value is a special name recognized by WSS4J to mean that the client certificate used to sign the request should be used to encrypt the response.
IPIC通过SSL客户端证书的交换来支持绑定安全性。
IPIC supports bind security by the exchange of SSL client certificates.
将服务器上的SSLPEER设置为匹配该客户端证书的字符串。
Set SSLPEER on the server to a string that matches the client certificate.
OPTIONAL——如果对等ssl客户端发送一个证书,则该证书被正常处理;如果该客户端不发送任何证书,验证并不失败。
OPTIONAL - if the peer SSL client sends a certificate, the certificate is processed as normal but authentication does not fail if no certificate is sent.
应用推荐