在SSL握手期间,客户端将拒绝无法验证的服务器端证书。
Unverifiable server side certificates will be rejected by clients during the SSL handshake.
要从服务器对客户端进行身份验证,需要创建一个keyring和证书。
To authenticate servers to clients, you need to create a keyring and certificates.
如果服务器证书中的通用名是与证书的其余部分一起验证的,那么这种攻击就不攻自破了,对么?
If the common name on the server certificate is verified along with the rest of the certificate, the attack is defeated, right?
借助服务器的数字证书,客户机还可以验证服务器的身份。
With the server's digital certificate, the client can also verify the server's identity.
要验证发行这个证书的服务器是一个已经批准过的LDAP服务器,客户机被配置为只接受本地证书机构(CA)所签署的证书。
To verify that the server issuing the certificate is an approved LDAP server, the client is configured only to accept certificates that are signed by a local certificate Authority (ca).
请注意,在前面涉及客户端身份验证的场景中,客户端提供一个证书,然后服务器针对受信任的证书集对其进行检验。
Notice that in the previous scenario involving client authentication, the client presents a certificate that is validated by the server against the set of trusted certificates.
SSL使用加密技术、数字签名和数字证书,在客户端和服务器之间提供消息隐私、消息完整性和相互验证。
SSL USES encryption techniques, digital signatures and digital certificates to provide message privacy, message integrity and mutual authentication between clients and servers.
在LDAP客户机使用证书进行加密之前,它会验证自己正在与之进行交谈的服务器拥有这个证书,这是通过加密一个挑战并验证服务器可以对其进行解密实现的。
Before the LDAP client USES a certificate for encryption, it verifies that the server it is talking with owns the certificate by encrypting a challenge and verifying that the server can decrypt it.
这个秘密值会对服务器的数字证书进行加密,并发送给服务器用于验证客户机的身份。
This secret value is encrypted to the server's digital certificate and sent to the server for verification that everything is as it should be.
图1中显示了使用CA创建证书和分发的基本流程,对于本例,用于通过SSL执行服务器身份验证。
Figure 1 shows the basic process of creating a certificate using a ca and distributing it, in this case, to perform server authentication with SSL.
从实践的角度来看,这就使得证书身份验证不可行,使用自签署证书和服务器来进行服务器通信的特殊情况除外。
As a practical matter, except for special case situations using self-signed certificates and server to server communication, this makes certificate authentication infeasible.
SSL身份验证是指客户机和服务器交换由具有可靠凭证的第三方签发的证书。
SSL authentication is when the client and server exchange certificates that have been signed by a third party who has unquestioned credentials.
SSL使用数字证书为加密、服务器验证以及客户机验证(可选)提供密钥交换服务。
SSL USES digital certificates to exchange keys for encryption, server authentication, and optionally, client authentication.
如果不希望计算单元a信任计算单元b,则请在服务器身份验证步骤中为服务器使用证书身份验证,而不是采用基本身份验证。
If you do not want cell a to trust cell b, use certificate authentication for the server to server authentication step, not basic auth.
对于SPKM安全机制,DB2UDB客户机和 DB2 UDB服务器是基于其所持有的 X.509证书来完成身份验证的。
With the SPKM security mechanism, the DB2 UDB client and the DB2 UDB server are authenticated on the basis of the X.509 certificate they possess.
在使用证书身份验证(客户端或服务器)时,您需要理解信任存储库中的每个签署者都代表一个身份信息(证书)的受信任提供者。
When using certificate authentication (client or server), you need to understand that each signer in the trust store represents a trusted provider of identity information (a certificate).
当客户机接收到服务器端的hello消息之后,数字证书就要进行验证了。
Once the server's hello message is received, the digital certificate is verified.
像前一小节讨论的一样,使用客户机证书向Web服务器验证身份。
You are using client certificate authentication to the Web server as discussed in the previous section.
在对Web客户端使用客户端证书身份验证时,要意识到Web服务器现在是信任域的一部分。
When using client certificate authentication for Web clients, realize that the Web server is now part of your trust domain.
必须配置应用服务器Web容器以执行客户机证书身份验证。还必须更改其信任存储库,使之只包含WebSEAL 正在使用的客户机证书。
The application server Web container must be configured to perform client certificate authentication, and its trust store must be altered to include only the client certificate that WebSEAL is using.
您必须配置该应用服务器Web容器以执行客户端证书身份验证。
You must configure the application server Web container to perform client certificate authentication.
学习了如何颁发证书和使用证书进行服务器身份验证,还配置了CommunityEdition并使用证书进行客户端身份验证。
You learned how to issue a certificate to be used for server authentication and configured Community Edition for client authentication using certificates.
当Web客户机向Web服务器验证身份时,Web服务器检验证书。
When a Web client authenticates to the Web server, the Web server validates the certificate.
应用服务器必须信任Web服务器已经正确地完成证书身份验证。
The application server must trust that the Web server has done proper certificate authentication.
还从头到尾地了解了如何完成该过程:从用户提交CSR到接收证书,并使用该证书对CommunityEdition服务器进行身份验证。
You also saw how the process was completed end to end, from a user submitting a CSR to receiving a certificate and using that certificate to authenticate to the Community Edition server.
该模型的实现方法是采用一个域间证书验证代理服务器,由服务器代替客户端完成证书路径的构建和验证。
The way to implement this model is using a delegated certificate validation server to fulfill the task of certificate path construction and validation on behalf of PKI clients.
该模型的实现方法是采用一个域间证书验证代理服务器,由服务器代替客户端完成证书路径的构建和验证。
The way to implement this model is using a delegated certificate validation server to fulfill the task of certificate path construction and validation on behalf of PKI clients.
应用推荐