证书存储区是保存证书的系统区域。
Certificate stores are system areas where certificates are kept.
因此,您必须在您信任的证书存储区中具有服务器的SSL证书。
So, you must have server's SSL certificate inside your trusted store of certificates.
通过指定主题可分辨名称、证书存储区名称和存储区位置来指定用于表示服务的证书。
Specifies the certificate to use for representing the service by specifying the subject distinguished name, the certificate store name and store location.
“输入密码以打开文件”对话框提示您输入密码以将一个现有的证书导入到个人证书存储区中。
Enter password to open file dialog box prompts you to enter a password to import an existing certificate into the personal certificate store.
这包括管理密钥存储区中的证书和密钥,以及管理整个计算单元内这些密钥的复制。
This includes managing the certificates and keys in the key stores, as well as managing the replication of those keys, throughout a cell.
最好的情况是信任存储区包含全部自签名证书,或者除包含受信任CA的单一入口之外没有其他任何项。
In the best case, the trust store will consist entirely of self-signed certificates, or it will contain a single entry for a trusted ca and nothing else.
但仍需要基本检查,这意味着证书签名者必须存在于信任存储区中。
There is still the basic check, meaning that the certificate signer must be present in the trust store.
在不同的密钥和信任存储区中分享签名证书。
Share the signing certificates among the various key and trust stores.
当创建该数据库时,该信任存储区由商业证书颁发机构提供的一套缺省密钥填充。
When the database is created, the trust store is populated with a default set of keys from commercial certificate authorities.
如果访问完全基于自签名证书,则从信任存储区中删除证书的公钥将撤销其访问权。
If access is based entirely on self-signed certificates, deleting the public key of a certificate from the trust store revokes its access.
该数据库有一部分称为密钥存储区,它包含用于对要发送的数据进行签名的所有证书。
The database has one section called the key store that contains all of the certificates that could be used to sign something to be sent out.
继续讨论在单一通道上匹配多个证书,信任存储区中有多个CA的情况会更糟。
Continuing the discussion of matching multiple certificates on a single channel, the situation gets worse with multiple CAs in the trust store.
如果信任存储区仅包含自签名证书,多数情况下此功能将不需要SSLPEER过滤或处理带有出口的DN。
If the trust store contains only self-signed certificates, this functionality eliminates the need in most cases for SSLPEER filtering or processing of DNs with exits.
如果信任存储区中包括一个证书颁发机构,则使用SSLPEER或出口(或同时使用二者)过滤出不需要的连接。
If the trust store contains a certificate authority, filter unwanted connections using SSLPEER or an exit, or both.
在一个通道需要允许多个证书的情况下,信任存储区、sslpeer值和CRL之间的交互变得非常重要。
The interaction between the trust store, the SSLPEER value and the CRL becomes very important in those cases where a channel needs to allow multiple certificates.
从信任存储区中删除所有未使用的证书颁发机构。
Delete all unused certificate authorities from the trust store.
接下来,检查签名CA的证书是否存在于本地信任存储区中。
Next, a check is made to see if a certificate for the signing ca exists in the local trust store.
客户机支持在连接之前未曾访问的服务器时提示(像ssh一样)将证书添加到客户机信任存储区(如果需要,可以将其禁用)。
Clients support prompting (like SSH) for adding certificates to the client trust store when contacting a server not previously accessed (this can be disabled if desired).
作为该配置的一部分,应该从两方的信任存储区中删除所有的签名者,不过另一方的签名者除外,这些签名者不应该来自众所周知的证书颁发机构(certificate authority,ca)。
As part of this configuration, all signers should be removed from the trust stores on both sides, except for the other end's signers, which should not be from well-known certificate authorities (ca).
如果希望使用缺省ssl设置,请将WebSphereApplicationServer的公用证书添加到缺省信任存储区,如图27中所示。
If you want to use default SSL Settings, add the public certificate of WebSphere Application Server to the default trust store as shown in Figure 27.
撤销访问权限和撤销证书在功能上相当;从信任存储区中删除证书可同时完成这两项任务。
Revoking access privileges and revoking a certificate are functionally equivalent; removing the certificate from the trust store accomplishes both tasks.
自签名证书的信任存储区项与一个且仅与一个证书匹配。
The trust store entry for a self-signed certificate matches one and only one certificate.
使用除包含单个受信任存储CA之外没有其他任何内容的信任存储区,CRL提供一个等效的每DN撤销功能,撤销证书将有效撤销访问权。
With a trust store consisting of a single trusted ca and nothing more, the CRL approaches an equivalent per-DN revocation capability in which revocation of the certificate effectively revokes access.
我们需要防止队列管理器接受来自只拥有队列管理器密钥存储区中的某个 CA 所签发证书的任何客户端的证书。
We need to prevent the queue manager from accepting a certificate from simply any client that has a certificate issued by one of the CA's in the queue manager's keystore.
如果客户端或服务器的信任存储区中尚没有ca根证书,则导入该证书。
Import the ca root certificate, if it does not already exist in the trust store of the client or the server.
任何给定DN的潜在SSLPEER匹配项至少要与信任存储区中CA的数量一样多,如果将证书重新颁发计入在内数量会更大。
The set of potential SSLPEER matches for any given DN is at least as large as the number of CAs in the trust store, larger if certificate reissuance is taken into account.
将客户机证书导入到服务器信任存储区中。
如果是自签名证书,则该证书本身的公钥必须存在于信任存储区中。
In the case of a self-signed certificate, it is the certificate's own public key that must exist in the trust store.
为了执行此操作,信任关系管理器将用于部署签名的证书与客户端受信任的发行者存储区中存储的证书进行比较。
The trust manager makes this choice by comparing the certificate used to sign the deployment with the certificates stored in the client's trusted publisher store.
与证书匹配的私钥是出现在本地计算机的存储区,并与证书正确关联。
A private key that matches the certificate is present in the Local Computer's store and is correctly associated with the certificate.
应用推荐