源代码为数字证书的处理定义了几个结构。
The source code defines several structures for handling digital certificates.
假如我们针对关于你的记录是正确的,你也可以加速你证书的处理时间。
You can also be proactive and speed up the processing time even if the address we have on record is correct.
由于本文重点要介绍在握手过程中服务器数字证书的处理,因此让我们来深入介绍一下握手是如何工作的。
Since this article focuses on handling the server's digital certificate during the handshake, let's go into depth as to how the handshake works.
因为这是使用非对象加密技术,而每一端有自己的证书和私有密钥,比起清单5对称加密技术示例,它处理起来更为简单。
Because this is using asymmetric encryption, where each side has its own certificate and private key, it should be somewhat simpler to handle than the Listing 5 symmetric-encryption example.
虽然仍需要强制使用CRL来处理被破坏的证书,但是在用于从匹配池中删除DN 时会受到很大限制。
Use of a CRL is still mandatory to handle compromised certificates, but it is of very limited use in removing a DN from the match pool.
如果信任存储区仅包含自签名证书,多数情况下此功能将不需要SSLPEER过滤或处理带有出口的DN。
If the trust store contains only self-signed certificates, this functionality eliminates the need in most cases for SSLPEER filtering or processing of DNs with exits.
在这些结构之上,有一些用来处理数字证书的函数。
On top of the structures are various functions used to handle and process digital certificates.
要验证客户端证书,提供者一方的处理程序必须访问发行者的公共密匙。
To verify a client certificate, the provider-side handler must have access to the issuers' public key.
代理管理器跟踪安装的代理,并在后台处理数字证书,以保证代理、代理管理器和工作台间安全的通信。
The agent manager keeps track of the agents you install, and works under the covers to handle digital certificates to secure communications between the agents, agent manager, and the workbench.
该实例使用滞后初始化的方案并缓存CA证书中的公共密匙的引用来避免每次处理程序调用时都要重新加载它。
The example uses a lazy initialization approach and caches a reference to the Public Key from the CA Certificate to avoid the need to reload it each time the handler is invoked.
证书将使用CRL处理,权限由基于专有名称运行的机制授予或撤销。
Certificates are handled with the CRL, and privileges are granted or revoked by mechanisms that operate on the distinguished name.
焦点是由多个管辖机构发布的、符合联邦信息处理标准(FIPS) 201电子认证的、可互操作的全权证书。
The focus was on electronically validating Federal Information Processing Standard (FIPS) 201 interoperable credentials issued from multiple jurisdictions.
thumbprint reference 要比完整的证书更加简洁,因此使用引用可以减小消息的大小和处理开销。
The thumbprint reference is much more compact than a full certificate, so using the reference reduces the message size and processing overhead.
可以通过在Web浏览器(或处理证书的任何其他软件)中安装该CA的证书来完成此任务。
You do this by installing the ca's certificate into your Web browser — or any other software that deals with certificates. To install the ca's certificate in your browser.
http包含处理ssl证书的类。
Android.net.http Contains classes for manipulating SSL certificates.
处理:如果这个特性在您的环境出导致性能问题,可以关闭证书撤回的选项。
Workaround: if this feature causes performance problems in your environment, the certificate revocation check can be disabled.
使用这个设置让服务器代码可以处理多个客户机,每个客户机有自己的证书。
Using this setting allows the server code to work with multiple clients, each having its own certificate.
为了使用凭据库的其他安全领域(例如,使用数字证书的安全领域),您需要实现所需的回调处理程序。
For using other security realms with the credential store, for example ones that use digital certificates, you need to implement the required callback handlers.
该场景中的大多数工作是由提供者一方的处理程序完成的,它必须从消息头中恢复证书、检验它并使之生效。
The majority of the work for this scenario is in the provider-side handler, which must recover the certificate from the header, verify it, and validate it.
处理:如果站点的证书已过期,则没有处理方法。联系站点的所有者,并要求他们更新证书。
Workaround: There is no workaround if the site's certificate is expired; contact the site owner and request that they update the certificate.
因此,必须向处理程序提供文件系统的位置以便恢复证书并且利用公共密匙。
Therefore, the handler must be provided with that file system location in order to recover the certificate and make use of the public key.
处理:确保您在使用由可信任的根证书颁发机构颁发的有效的、非过期的安全证书。
Workaround: Ensure that you are using valid, non-expired security certificates issued by a trusted root certification authority.
能够使用非对称加密处理同类型的事情就太好了,其中客户端有自己的证书(特别是当您想要签署发送者证书消息时)。
It'd be great to be able to do the same type of thing using asymmetric encryption, where the client has its own certificate (especially when you want to sign messages for sender verification).
标准的X509证书处理流程。
服务合成(service composition)是相当复杂的,而且常常涉及到事务、工作单元边界、错误处理、安全性与证书分发、以及业务逻辑聚合等方面的问题。
Service composition is highly complex and often includes transactions, unit-of-work boundaries, error handling, security and propagation of credentials, and aggregation of business logic.
实现请求者方的X509证书处理程序。
实现提供者一方的X509证书处理程序。
在处理之后,就可以使用外部ca颁发的证书,而不使用CommunityEdition CA的自签名证书。
Once processed, you can use the certificate issued by the external ca instead of the Community Edition ca's self-signed certificate.
在处理之后,就可以使用外部ca颁发的证书,而不使用CommunityEdition CA的自签名证书。
Once processed, you can use the certificate issued by the external ca instead of the Community Edition ca's self-signed certificate.
应用推荐