请注意,在前面涉及客户端身份验证的场景中,客户端提供一个证书,然后服务器针对受信任的证书集对其进行检验。
Notice that in the previous scenario involving client authentication, the client presents a certificate that is validated by the server against the set of trusted certificates.
图1中显示了使用CA创建证书和分发的基本流程,对于本例,用于通过SSL执行服务器身份验证。
Figure 1 shows the basic process of creating a certificate using a ca and distributing it, in this case, to perform server authentication with SSL.
SSL身份验证是指客户机和服务器交换由具有可靠凭证的第三方签发的证书。
SSL authentication is when the client and server exchange certificates that have been signed by a third party who has unquestioned credentials.
在对Web客户端使用客户端证书身份验证时,要意识到Web服务器现在是信任域的一部分。
When using client certificate authentication for Web clients, realize that the Web server is now part of your trust domain.
要从服务器对客户端进行身份验证,需要创建一个keyring和证书。
To authenticate servers to clients, you need to create a keyring and certificates.
您必须配置该应用服务器Web容器以执行客户端证书身份验证。
You must configure the application server Web container to perform client certificate authentication.
从实践的角度来看,这就使得证书身份验证不可行,使用自签署证书和服务器来进行服务器通信的特殊情况除外。
As a practical matter, except for special case situations using self-signed certificates and server to server communication, this makes certificate authentication infeasible.
在使用证书身份验证(客户端或服务器)时,您需要理解信任存储库中的每个签署者都代表一个身份信息(证书)的受信任提供者。
When using certificate authentication (client or server), you need to understand that each signer in the trust store represents a trusted provider of identity information (a certificate).
如果不希望计算单元a信任计算单元b,则请在服务器身份验证步骤中为服务器使用证书身份验证,而不是采用基本身份验证。
If you do not want cell a to trust cell b, use certificate authentication for the server to server authentication step, not basic auth.
对于SPKM安全机制,DB2UDB客户机和 DB2 UDB服务器是基于其所持有的 X.509证书来完成身份验证的。
With the SPKM security mechanism, the DB2 UDB client and the DB2 UDB server are authenticated on the basis of the X.509 certificate they possess.
必须配置应用服务器Web容器以执行客户机证书身份验证。还必须更改其信任存储库,使之只包含WebSEAL 正在使用的客户机证书。
The application server Web container must be configured to perform client certificate authentication, and its trust store must be altered to include only the client certificate that WebSEAL is using.
应用服务器必须信任Web服务器已经正确地完成证书身份验证。
The application server must trust that the Web server has done proper certificate authentication.
学习了如何颁发证书和使用证书进行服务器身份验证,还配置了CommunityEdition并使用证书进行客户端身份验证。
You learned how to issue a certificate to be used for server authentication and configured Community Edition for client authentication using certificates.
还从头到尾地了解了如何完成该过程:从用户提交CSR到接收证书,并使用该证书对CommunityEdition服务器进行身份验证。
You also saw how the process was completed end to end, from a user submitting a CSR to receiving a certificate and using that certificate to authenticate to the Community Edition server.
公钥证书用于消息的身份验证,也就是向“消息队列”服务器验证消息的发送方(客户端)。
Public key certificates are used for message authentication, which verifies the sender of a message (the client) to a message Queuing server.
该行为指定将使用服务器证书进行服务身份验证。
The behavior specifies that the server certificate is to be used for service authentication.
由服务器调用以开始一个异步操作,该操作使用指定的证书、要求和安全协议对服务器和客户端(可选)进行身份验证。
Called by servers to begin an asynchronous operation to authenticate the server and optionally the client using the specified certificates, requirements and security protocol.
创建一个非对称安全绑定元素,该元素配置为需要基于证书的客户端身份验证以及基于证书的服务器身份验证。
Creates an asymmetric security binding element that is configured to require certificate-based client authentication as well as certificate-based server authentication.
创建一个非对称安全绑定元素,该元素配置为需要基于证书的客户端身份验证以及基于证书的服务器身份验证。
Creates an asymmetric security binding element that is configured to require certificate-based client authentication as well as certificate-based server authentication.
应用推荐