有些事我不明白,当我根本没有放置证书时,SSL连接成功建立,我想知道服务器如何在没有客户端证书的情况下解密消息。
什么是客户端证书?
谢谢
There is something I don't understand, When I don't put certificate at all, the SSL connection is established successfully, I wonder how the server decrypt the message without client certificate.
What is client side certificate is for?
Thanks
最满意答案
考虑证书不是在加密 - 解密方面,而是在认证方面。 加密可以在没有证书的情况下完成 - 只需知道打开密钥即可。 但证书包含不同的字段,其中包括证书所有者的个性。 对于Web,此值是您要连接的服务器的域名。 由于有办法检查服务器的IP地址是否始终等于证书中指定的名称(向前和向后DNS请求),您可以确定您正在与您希望的那个对话。
在这个术语中,客户端证书问题应该更容易理解。 客户端证书允许服务器验证客户端,因此验证将是相互的。 例如,服务器可以检查客户端证书是否有效(未过期,未列入黑名单等)。
Think about certificate not in terms of encrypting-decrypting, but in terms of authentication. Encryption can be done without certificates at all - just knowing open key is enough. But certificate contains different fields, among them is personality of certificate owner. For web this value is the domain name of the server you wish to connect to. As there are means to check that IP address of the server is always equal to name stated in certificate (forward and backward DNS requests), you can be sure that you're talking to the one you wish to.
In this terms, client certificate issue should be much simpler to understand. Client certificate allows server to authenticate client, so the authentication will be mutual. Server could check, for example, that the client certificate is valid (not expired, not black-listed, etc.).
更多推荐
发布评论