您可以利用带客户证书的SSL设置加密连接,并指定证书标签。
You set up an encrypted junction using SSL with client certificates, and you specify the certificate label.
用于ApplicationServer的Web服务器必须有用于WebSEAL 服务器的客户证书的签名证书。
The Web server for Application Server must have the signing certificates for the WebSEAL server's client certificate.
从WebSEAL到ApplicationServer的链接必须使用客户证书认证,同样的,从Web服务器到应用程序服务器的链接也必须使用客户证书认证。
The link from WebSEAL to the Web server must use client certificate authentication, and the same must be true for the link from the Web server to the application server.
第二个问题是,如果使用客户机证书,客户机证书中的DN可能必须映射到服务器使用的用户注册表中的一个真正的用户。
Second, if client certificates are to be used, the DN in the client certificate may have to map to a real user in a user registry used by the server.
SSL在这方面做的出色的地方就是在客户机与服务器之间建立连接时要求客户机证书作为身份证明。
The best SSL can do on this front is to require client certificates as proof of identity when establishing the connection between the client and server.
在握手过程中,服务器向客户机发送一个证书,然后,客户机根据一组可信任证书来核实该证书。
During the handshake, the server sends a certificate to the client, which the client then verifies against a set of trust certificates.
属于客户端的任何客户端证书的签名证书,CICS可使用客户端身份验证与该证书通信。
Signing certificates for any client certificates owned by clients with which you expect CICS to communicate using client authentication.
其包括一台没有公钥证书的客户机,该客户机通过公钥证书访问服务器。
It consists of a client with no public key certificate, accessing a server with a public key certificate.
因为我们的客户机证书将是自签署的,所以我们需要将客户机的公钥证书配置为服务器受信任的签署者。
Because our client certificate will be self-signed, we'll need to configure the client's public key certificate as a trusted signer for the server.
在这里,再次需要客户端证书和客户认证的SSL。
Here again, client side certificates and client authenticated SSL are required.
客户端不持有证书,因此对SSL是匿名的。
The client does not have a certificate and is, therefore, anonymous to SSL.
CICSB区域将IPCONN定义中提到的证书作为客户端证书发送出去。
The CICSB region sends the certificate mentioned in IPCONN definition as the client certificate.
对于这种策略配置,客户机证书需要受此STS信任,且此STS证书必须存在于此客户机的可信存储内。
With this policy configuration, the client certificate needs to be trusted by the STS, and the STS certificate must be present in the trust store of the client.
我们需要防止队列管理器接受来自只拥有队列管理器密钥存储区中的某个 CA 所签发证书的任何客户端的证书。
We need to prevent the queue manager from accepting a certificate from simply any client that has a certificate issued by one of the CA's in the queue manager's keystore.
要确认客户端证书身份验证(特定证书被接受),可以在ssl选项卡中将通道DN更改成不同于您的证书上的DN的值。
To verify the client certificate authorization (which specific certificates are accepted), change the DN for the channel on the SSL TAB to something other than what is on your certificate.
JMS客户机的证书是必需的,只是因为我们想要服务器认证客户机。
The certificate for the JMS Client was required only because we wanted to the server to authenticate the client.
特别地,客户端证书对请求提供了较严格的客户端身份验证和较严格的签名保证。
In particular, client certificates provide strong client identity verification and strong signature guarantees on requests.
验证客户端证书是否已安装到浏览器。
也必须更改其信任存储库,使之只包含WebSEAL正在使用的客户端证书。
You also must alter its trust store to include only the client certificate that WebSEAL is using.
必须配置应用服务器Web容器以执行客户机证书身份验证。还必须更改其信任存储库,使之只包含WebSEAL 正在使用的客户机证书。
The application server Web container must be configured to perform client certificate authentication, and its trust store must be altered to include only the client certificate that WebSEAL is using.
通过键入下面的命令,导出客户机公钥证书以将其导入到受信任的客户机证书的服务器存储中。
Export the client public key certificate so it can be imported into the service's store of trusted client certificates by typing the following command.
这将有效地禁止生成j2ee安全上下文,从而使我们不必在客户机证书中使用有效的用户名。
This effectively disables J2EE security context generation, which frees us from having to use a valid user name in the client certificate.
要验证客户端证书,提供者一方的处理程序必须访问发行者的公共密匙。
To verify a client certificate, the provider-side handler must have access to the issuers' public key.
因此,如果您的客户端证书被破坏,则不能对其进行吊销。
Therefore, if your client certificates are compromised, they cannot be revoked.
这个值是WSS4J能够识别的特殊名称,这表示应该使用请求签名所用的客户机证书对响应进行加密。
This value is a special name recognized by WSS4J to mean that the client certificate used to sign the request should be used to encrypt the response.
IPIC通过SSL客户端证书的交换来支持绑定安全性。
IPIC supports bind security by the exchange of SSL client certificates.
将服务器上的SSLPEER设置为匹配该客户端证书的字符串。
Set SSLPEER on the server to a string that matches the client certificate.
OPTIONAL——如果对等ssl客户端发送一个证书,则该证书被正常处理;如果该客户端不发送任何证书,验证并不失败。
OPTIONAL - if the peer SSL client sends a certificate, the certificate is processed as normal but authentication does not fail if no certificate is sent.
基于证书的认证方法避免了密码管理问题,但是也带来了管理客户端证书问题。
The certificate-based authentication approach avoids the password management issue, but exchanges it for the issue of managing client-side certificates.
您已经从本文中了解了对称加密是如何在不需要客户端证书的情况下使用客户端生成的保密密钥来保证消息交换的安全。
You've seen in this article how symmetric encryption, using client-generated secret keys, can be used to secure message exchanges without the need for client certificates.
应用推荐