If you do become your own ca, work with your software vendor to determine methods to protect the ca certificate.
如果您确实要做自己的CA,就和您的软件供应商商议决定保护ca证书的方法。
However, we'll need to configure the client to trust the certificate authority (ca) that signed the server's public key certificate.
然而,我们需要将客户机配置为信任签署服务器的公钥证书的认证中心(CA)。
Since the client trusts any signing certificate it has (which in this case includes the ca certificate), it trusts certificates that the ca has signed.
由于客户机信任它拥有的任何证书(在本例中包括ca证书),所以它信任CA签署的证书。
During the lifetime of a digital certificate, the issuing ca might determine that the certificate is no longer to be trusted.
在一张数字证书的生命期中,正在签发的CA可能会决定该证书不再可信。
Send the newly created file to certificate authority (ca).
将新创建的文件发送给认证机构(CA)。
When a ca revokes a certificate, the action is published to a CRL.
当一个ca撤销一个证书时,撤销操作被发布给CRL。
Since the client trusts any certificate it has (which in this case includes the ca certificate), it trusts certificates that the ca has signed.
由于客户端信任它拥有的任何证书(在本例中包含ca证书),所以它信任CA签署的证书。
It's much easier to distribute just one ca certificate that signs many certificates.
只分发一个签署了许多证书的ca证书容易得多。
Import the ca root certificate, if it does not already exist in the trust store of the client or the server.
如果客户端或服务器的信任存储区中尚没有ca根证书,则导入该证书。
What happens if the root certificate ca is compromised?
如果危及根证书CA怎么办?
All certificates issued by a ca are digitally signed by the ca, and can be verified using the ca certificate (which contains the ca's public key).
CA签发的所有证书都是由ca数字签署的,可以使用ca证书(它包含CA的公钥)对其进行验证。
In case of a ca signed certificate, the ca certificate of the ca which signed the server certificate is required.
对于CA签署的证书,需要签署服务器证书的CA的ca证书。
Sign the certificate using the ca certificate you created in the first step.
使用在第一个步骤中创建的ca证书对这个证书进行签署。
To establish trust, the ca certificate which signed the LDAP server certificate or the server certificate itself (in case it's self signed) must be imported into the tm1store.
为了建立信任,必须把签署LDAP服务器证书的ca证书或服务器证书本身(对于自签署证书)导入tm 1store中。
Install ca certificate into Web browser.
将ca证书安装到Web浏览器。
Because the value TrustStore is set in the Certificates column of the bindings, shown in Figure 17, the certificate in the message is checked against the ca certificate.
由于在绑定的certificates列中设置了值TrustStore,如图17所示,因此将根据ca证书来检查消息中的证书。
Select Download ca's certificate (see Figure 7) to display a page with the ca certificate details.
选择Downloadca ' sCertificate(请参见图7)以显示ca证书详细信息页。
Also, in some environments, you can request a ca to generate a ca certificate for a self-signed certificate, which validates and resigns the previously generated certificate.
而且,在某些环境中,您可以请求CA为自签署的证书生成一张ca证书,这就确认并再签署了以前生成的证书。
After the external ca issues a certificate, it sends a reply that will typically be a PKCS7 encoded certificate.
在外部CA颁发证书之后,它将发送一个回复,该回复通常是一个PKCS7编码的证书。
And if the ca certificate (s) fall into the wrong hands, outsiders can create certificates that can impersonate a valid member of your organization.
一旦ca证书落到不正当的人手中,外部的人就可以创建证书伪装成您公司的一个合法成员。
The first in this array is the certificate of the client itself; the last is normally the ca certificate.
数组中的第一个是客户机本身的证书;最后一个通常是ca证书。
To create the certificate database, either the ca certificate which signed the LDAP server's certificate or the server's certificate is required.
为了创建证书数据库,需要对LDAP服务器证书进行签名的ca证书或服务器的证书。
You would recognize a self signed certificate by the fact that subject and issuer fields contain the same string while there is no certificate attribute set indicating this is a ca certificate.
自签署证书的特征是,主题和颁发者字段包含相同的字符串,而且没有设置表示这是ca证书的证书属性。
When the ca USES a self-signed certificate, called a Root ca, the ca usually publishes its self-signed certificate details publicly so that users can establish the authenticity of the ca.
当CA使用自签名证书时(称为根ca),该ca通常公开发布其自签名证书详细信息,因此用户可以确定该CA的真实性。
The example uses a lazy initialization approach and caches a reference to the Public Key from the CA Certificate to avoid the need to reload it each time the handler is invoked.
该实例使用滞后初始化的方案并缓存CA证书中的公共密匙的引用来避免每次处理程序调用时都要重新加载它。
When unlocked, you will be able to generate a CSR (Certificate Signing reply) or import a ca (Certificate Authority) reply.
取消锁定后,将能够生成CSR(证书签名应答),或导入CA(证书颁发机构)应答。
Well-known signers are called Certificate Authorities (ca).
众所周知的签署者被称为证书授权方(CA)。
To publish the ca's certificate, access the ca portlet and select publish ca certificate (Figure 5).
要发布ca的证书,请访问caPortlet并选择Publish ca Certificate(图5)。
Listing 10: Retrieve the ca certificate from the file system and extract the public key.
清单10:从文件系统中检索ca证书并提取公共密匙。
You can use iKeyman to create a new self-signed certificate as we've just shown, or add a CA certificate to your own truststore.
您可以使用iKeyman 来创建新的自签名证书,如我们刚才所示,或是向您的信任库中添加CA 证书。
应用推荐