This will display the Certificate Manager dialog (Figure 15).
这将显示Certificate Manager对话框(图15)。
Figure 1 The root ca root certificate in certificate Manager.
图1的根ca根证书,在证书管理器中。
You have successfully completed the Certificate Manager Import Wizard.
您已成功完成证书管理器导入向导。
You should now have your first of three queue manager certificate stores.
您现在应该拥有了三个队列管理器证书存储中的第一个。
What this means in terms of WMQFTE is that when a connection is made to a queue manager, it sends its certificate to WMQFTE as part of the initial SSL handshake.
用WMQFTE的专业术语来讲,这意味着当一个连接试图连接一个队列管理器时,该连接将其证书发送到WMQFTE,作为初始ssl握手的一部分。
If a single certificate is compromised, the MQ administrator cannot do anything at the queue manager to block it without affecting all the other legitimate users.
如果单个证书被破坏,则MQ管理员就无法采取任何措施在队列管理器中阻止它,且不影响所有其他合法用户。
We need to prevent the queue manager from accepting a certificate from simply any client that has a certificate issued by one of the CA's in the queue manager's keystore.
我们需要防止队列管理器接受来自只拥有队列管理器密钥存储区中的某个 CA 所签发证书的任何客户端的证书。
Since your queue manager trusts the vendor's ca, the forged certificate and the legitimate one with the same DN are identical as far as the queue manager is concerned.
由于您的队列管理器信任该提供商的CA,就所涉及的队列管理器来说,具有相同dn的伪造证书和合法证书完全相同。
The queue manager has now been assigned a personal certificate with which it can be authenticated, and it has access to the public certificate required to authenticate the JMS Client (see Figure 11).
现在已经给队列管理器分配了一张用来认证它的证书,该队列管理器拥有对公共证书的访问权,这个公共证书是认证JMS客户机所必需的(请参见图11)。
The one thing that can help, the certificate revocation list, is also external to the queue manager.
唯一一种有效的方法证书撤销列表也位于队列管理器之外。
The next step is to generate the new certificate for the local queue manager.
下一步是为本地队列管理器生成新的证书。
The commands include the actual values for things like the queue manager name, channel names, and certificate details, and are intended to be run as-is.
命令包括队列管理器名称、通道名称和证书细节等数据的实际值,旨在按原样运行。
If you already have a certificate for your queue manager, you can use that instead and skip to the next section.
如果您已具有队列管理器证书,可继续使用并跳至下一部分。
The lower-case version of the queue manager name is required for the certificate label.
证书标签需要队列管理器名称的小写版本。
Obtaining a digital certificate for the SSL server (queue manager) and the SSL client (JMS client).
获取SSL服务器(队列管理器)和SSL客户机(JMS客户机)的数字证书。
In Figure 2, the name SSL QMGR is used to identify the queue manager certificate.
在图2中,名字sslQMGR用于标识队列管理器证书。
The administrator can force the client to present a certificate (keeping in mind that "client" in this case can be another queue manager) by setting the channel's SSLCAUTH attribute to REQUIRED.
通过将通道的SSLCAUT h属性设置为REQUIRED,管理员可以强迫客户端提供一个证书(请记住,本例中的“客户端”可以是另一个队列管理器)。
These certificates, along with root certificates to validate the other party's certificate, are stored in a key database that is installed with Connection Manager.
这些凭证,以及用于验证其他方凭证的root凭证,存储在一个密钥数据库中,这个密钥数据库是随Connection Manager一起安装的。
This is what the queue manager looks for so it can locate the certificate it will present during an SSL negotiation.
队列管理器将搜寻这个小写版本,以便它能够找到在SSL协议期间将显示的证书。
Repeat the steps for CommandQmgr and CoordinationQmgr to create all three queue manager certificate stores.
对Command Qmgr和Coordination Qm gr重复上述步骤,为三个队列管理器创建证书存储。
Here, we will obtain a certificate for the MQ queue manager.
我们可以从该处获取mq队列管理器的证书。
The certificate label name must follow this convention if using WebSphere MQ V6, otherwise the queue manager will not know which server certificate to use.
如果您使用的是WebSphereMQV6,则证书标签名称必须遵守此约定,否则队列管理器将不知道您使用哪一种服务器证书。
The queue manager maintains a certificate store (key repository), which is stored as a file (extension .sto) under the queue manager directory structure.
队列管理器维护一个证书库(密钥资源库),证书库被作为文件(扩展名 .sto )存储在队列管理器目录结构下。
You now have assigned the VeriSign private certificate for your MQ 5.3 queue manager.
现在您已经为您的MQ 5.3队列管理器指定了VeriSign私人证书。
Assign the VeriSign certificate to the queue manager.
将VeriSign证书指定给队列管理器。
The SSLPEER attribute is used to check the Distinguished Name (DN) of the certificate from the peer queue manager or client at the other end of a WebSphere MQ channel.
SSLPEER属性用于检查来自对等队列管理器或客户端(位于WebSphereMQ通道的另一端)的证书的DistinguishedName (DN)。
An interesting side effect of using a certificate authority is that it externalizes the configuration required to connect to a queue manager.
使用证书颁发机构的一个值得注意的副作用是,它外化了连接到队列管理器所需的配置。
We populated the queue manager's key repository, with appropriate certificates, and assigned the queue manager a certificate to use in the exchange.
我们将适当的证书植入队列管理器的密钥资源库,并给队列管理器分配了一张要在交换中使用的证书。
At this point, transferring that issued certificate back to IIS requires an export and import process from the ca to the IIS Manager.
针对这一点,传输的颁发证书回到IIS需要导出和导入过程从ca到iis管理器中。
When requesting new certificates send updated ICIR together with your certificate request Form (CRF) as electronic file to the attention of your project manager within ECOCERT.
如果申请新的证书,请与证书申请表格一起一并更新进口证书发行登记,并将电子文件提交你们ECOCERT的项目经理。
应用推荐