在这之后,只要用户希望访问任何DCE服务,它就会向安全服务器获取一个安全证书。
Thereafter, whenever the user wants to access any DCE service, it asks the security server for a security certificate.
因此,您还需要延长主服务器、故障转移服务器和代理的 X.509证书的有效期。
Therefore you also need to renew the X.509 certificates for the primary server, the failover servers, and the agents.
该服务器接收调用并检查证书,然后判断用户是否被授权使用此服务。
The server takes the call and examines the certificate and decides whether the user is authorized to enjoy this service.
通过把服务器证书导入到存储库中,安全FTP服务就可以使用它了。
Importing the server certificate into this repository makes it usable for the secure FTP service.
SSL使用数字证书为加密、服务器验证以及客户机验证(可选)提供密钥交换服务。
SSL USES digital certificates to exchange keys for encryption, server authentication, and optionally, client authentication.
另外,由于数据集成是在服务器和客户端同时发生的,因此从用户到mashup服务进行的身份和证书委托也可能会成为一个需求。
Additionally, with data integration happening both on the server and client-side, identity and credential delegation from the user to the mashup service might become a requirement.
发送服务器仅将用户标识(X.509证书、主体名、或基于初始登录所使用的凭据的专用名称 (DN))发送到目标服务器。
The sending server only sends the user identity (X.509 certificate, principal name, or distinguished name (DN) based on the credentials used for the initial login) to the target server.
只有在服务器发出请求时,客户机才会向服务器发送一个证书。
The client will send a certificate to the server only if the server requests one.
在这个例子中,我们将自己的LDAP服务器设置为证书机构,并创建一个自签署的证书供LDAP客户机和服务器在加密信息中使用。
In this example, you will set up your LDAP server as a certificate Authority and create a self-signed certificate to be used by LDAP clients and servers in encrypting information.
接收进入服务器密钥数据库的服务器证书。
Receive the server certificate into the server's key database.
要验证发行这个证书的服务器是一个已经批准过的LDAP服务器,客户机被配置为只接受本地证书机构(CA)所签署的证书。
To verify that the server issuing the certificate is an approved LDAP server, the client is configured only to accept certificates that are signed by a local certificate Authority (ca).
借助服务器的数字证书,客户机还可以验证服务器的身份。
With the server's digital certificate, the client can also verify the server's identity.
在握手时所提供的服务器的证书应该有一个名字与该服务器的主机名匹配。
The server's certificate provided in the handshake should have a name on it that matches the server's host name.
在创建客户机信任存储之前,必须已经使用上面服务器部分中的命令创建服务器密钥存储并导出服务器公钥证书。
You must have already created the server key store and exported the server's public key certificate using the commands in the server section above before creating the client trust store.
在LDAP客户机使用证书进行加密之前,它会验证自己正在与之进行交谈的服务器拥有这个证书,这是通过加密一个挑战并验证服务器可以对其进行解密实现的。
Before the LDAP client USES a certificate for encryption, it verifies that the server it is talking with owns the certificate by encrypting a challenge and verifying that the server can decrypt it.
这个秘密值会对服务器的数字证书进行加密,并发送给服务器用于验证客户机的身份。
This secret value is encrypted to the server's digital certificate and sent to the server for verification that everything is as it should be.
在我们的示例中,由于服务器的证书是自签署的,我们需要将服务器的公钥证书配置为客户机受信任的签署者。
In our case, because the server's certificate will be self-signed, we need to configure the server's public key certificate as a trusted signer for the client.
从实践的角度来看,这就使得证书身份验证不可行,使用自签署证书和服务器来进行服务器通信的特殊情况除外。
As a practical matter, except for special case situations using self-signed certificates and server to server communication, this makes certificate authentication infeasible.
因此,我们需要决定客户机将使用哪一个URL 与服务器取得联系并使用其CN设置为服务器创建证书。
We will, therefore, need to decide what URL the client will use to contact the server and create a certificate for the server with its CN set accordingly.
如果不希望计算单元a信任计算单元b,则请在服务器身份验证步骤中为服务器使用证书身份验证,而不是采用基本身份验证。
If you do not want cell a to trust cell b, use certificate authentication for the server to server authentication step, not basic auth.
服务器端需要考虑的事项:我们要将服务器配置为需要受信任的CA颁发的客户机证书。
Server-side considerations: We'll be configuring the server to expect a client certificate issued by a trusted CA.
秘钥使用从服务器的数字证书处获取的SSL 服务器的公钥对自己进行加密。
The secret key is itself encrypted using the SSL Server's public key obtained from the Server's digital certificate.
由于客户机需要具有服务器证书,并不表示要将服务器证书发送给客户机。
Because the client needs to have the server certificate anyway, there's never a reason to send the server certificate to the client.
配置ssl端点时,管理客户机可以查询服务器,并自动导入服务器的签名证书(当然是在得到管理许可后)。
When configuring an SSL endpoint, the admin client can query the server and automatically import the server's signing certificate (with administrative approval, of course).
为了创建证书数据库,需要对LDAP服务器证书进行签名的ca证书或服务器的证书。
To create the certificate database, either the ca certificate which signed the LDAP server's certificate or the server's certificate is required.
在使用加密时,客户机在发送初始请求时需要用到服务器证书(因为要使用证书中的服务器公开密匙进行加密)。
When using encryption, the client needs to have the server certificate available when sending the initial request (because the server public key from the certificate is used for the encryption).
在此情况下,CAHelper应用服务器用做CA的网站,用户可以从该服务器下载个人证书。
In this case, the ca Helper application serves as the ca's Web site from which users can download their personal certificates.
为了确认,您的应用服务器密钥文件中应包含jmsclient证书,同时应用服务器信任文件中应包含两个签名者证书,如图13所示。
To verify, your application server key file should contain the jmsclient certificate, and the application server trust file should contain two signer certificates, as shown in Figure 13.
从WebSEAL到ApplicationServer的链接必须使用客户证书认证,同样的,从Web服务器到应用程序服务器的链接也必须使用客户证书认证。
The link from WebSEAL to the Web server must use client certificate authentication, and the same must be true for the link from the Web server to the application server.
从WebSEAL到ApplicationServer的链接必须使用客户证书认证,同样的,从Web服务器到应用程序服务器的链接也必须使用客户证书认证。
The link from WebSEAL to the Web server must use client certificate authentication, and the same must be true for the link from the Web server to the application server.
应用推荐