CA 和 Self-signed Certificate 客户端 如何验证其合法性?
来源:互联网 发布:阿里云邮箱收发服务器 编辑:程序博客网 时间:2024/05/22 05:19
- CA
了解 CA 签发的的过程,以及他的合法性
http://www.texnet.com.cn/help/cklc/618.html
CA 是如何 工作的?
http://technet.microsoft.com/en-us/library/cc737264.aspx
- Self-Signed
必须将 Self-Signed 的证书 加载 到 Trust Store 里面去
http://publib.boulder.ibm.com/infocenter/itshelp/v2r0/index.jsp?topic=/com.ibm.its.help.doc/t_adding_certificate_to_cacerts.html
How the Self-Signed Cert be verified?
1. When you connect to a SSL server, java application asks the server to send its certificate
2. Client checks if the certificate is valid (like signature, validity date etc)
3. If step 2 validates successfully, java client validate if the issuerof the certificate can be trusted. This is where the trust store comesinto picture. Java, by default, goes to<jre>/lib/security/cacerts file to see if the issuer can beaccepted. If the (last) issuer is not found in that trust store, itthrows exception.
As I did the step as the bold words said with FTPS and it's really not throw out the exception if I didn't import the certificate into the truststore, And we need to create a TrustManager by the self-signed certificate then hande shake with the server to verfify if the server is legal or fake.
4. In theory, to test your ssl applicationin test mode, you can add the server certificate (given by your admin)to the default cacerts (which is very very bad approach) or create anew trust store with that certificate and use that in your application(this is preferred approach)
5. Refer to http://exampledepot.com/egs/javax.net.ssl/Client.html which explains how to use your own keystore as TrustStore.
You can use keytool -import command to create a new keystore, by importing the certificate. Check out http://exampledepot.com/egs/java.security.cert/ImportCert.html
- CA 和 Self-signed Certificate 客户端 如何验证其合法性?
- self signed certificate
- Generate certificate in Java -- Self signed certificate
- SSL certificate problem: self signed certificate
- 怎么 在客户端 验证 self-signed 证书. -- FTPS
- 怎么 在客户端 验证 self-signed 证书. -- FTPS
- Git 出现SSL certificate problem: self signed certificate的解决方法
- How to create a self-signed SSL Certificate
- Implementation of Self-signed SSL certificate for your App.
- OpenSSL 生成自签名证书(Self-signed SSL certificate)【转】
- curl_error()报错:SSL certificate problem: self signed certificate in certificate
- pyspider HTTP 599: SSL certificate problem: self signed certificate in certificate chain解决方法
- git clone出现fatal: unable to access 'https://': SSL certificate problem: self signed certificate in c
- git clone出现fatal: unable to access 'https://': SSL certificate problem: self signed certificate in
- 执行git命令时出现.git/': SSL certificate problem: self signed certificate的解决办法
- Android 使用httpclient对self-signed certificate网站进行SSL连线
- How to generate self-signed certificate using keytool command of JDK?
- Android 使用httpclient对self-signed certificate网站进行SSL连线
- 项目失控之路
- PreTranslateMessage 与 WindowProc 的关系,
- VC++实现的类似Delphi的TStringList对象列表类
- 正式开始BLOG
- 理解ORACLE数据库字符集
- CA 和 Self-signed Certificate 客户端 如何验证其合法性?
- 关于UNIX 网络编程中存在的疑惑。先写下来,等待解决
- chkconfig命令
- oracle 建立同义synonym
- 适应IE和Firefox
- 大端(Big Endian)与小端(Little Endian)详解
- core foundation create and get Rule
- 链接错误LNK2001
- Java单实例对象或单例模式下的同步问题