Is there a way to test 2 way ssl through browser?(有没有办法通过浏览器测试 2 路 ssl?)
问题描述
如果是这样,你如何设置认证证书,你需要什么文件?是 .pfx 吗?您将如何在浏览器中安装它?一直试图通过浏览器测试 2 路 ssl.我有一个网络服务,但尝试连接总是返回认证身份验证失败.
If so, How do you set certificate for authentication, what files do you need? is it .pfx? How would you install that in browser? Been stuck trying to test 2 way ssl through browser. I have a webservice, and trying to connect always returns certification authentication failed.
推荐答案
扩展 nickrak 的答案.2-way SSL 表示客户端信任 Web 服务,并且 Web 服务信任/验证客户端.
Expanding on nickrak's answer. 2-way SSL means that the client trusts the webservice, and that the webservice trusts/authenticates the client.
在网络服务方面:
将客户端的 CA 证书添加到 Web 服务的可信证书中.CN"webservice 服务器证书中的必须与 webservice 的 URL 匹配.Web 服务服务器证书不得过期.Web 服务可以选择基于客户端证书进行进一步的认证……例如,客户端证书是否在白名单"中?的授权客户.也许 web 服务有多个级别的访问权限,因此检查客户端证书以确定授予客户端多少访问权限.
Add the client's CA cert into the webservice's trusted certificates. The "CN" in the webservice server certificate must match the URL of the webservice. The webservice server certificate must not be expired. The webservice may choose to do further authentication based on the client certificate...for example, is the client certificate in a "whitelist" of authorized clients. Perhaps the webservice has multiple levels of access, so the client certificate is checked to determine how much access to give the client.
在客户端:
需要将签署 Web 服务服务器证书的 CA 添加到客户端的受信任证书列表中.在浏览器中,这将位于受信任的根证书颁发机构"中.部分(IE、Chrome)或权威";部分(火狐).这些证书的扩展名通常是 .der、.cer、.crt 或 .pem.此外,还需要将客户端自己的私钥/证书组合添加到客户端浏览器中.这将在个人"中.部分(IE、Chrome)或您的证书"(火狐).这些密钥库的扩展名通常是 .p12 或 .pfx.
The CA that signed the webservice server certificate will need to be added to the client's trusted certificate list. In a browser, this will be in the "Trusted Root Certification Authorities" section (IE, Chrome) or "Authorities" section (Firefox). The extensions for these certificates are usually .der, .cer, .crt, or .pem. Also, the client's own private key/certificate combination need to be added to the client browser. This will be in the "Personal" section (IE, Chrome) or "Your Certificates" (Firefox). The extensions for these keystores are usually .p12 or .pfx.
这篇关于有没有办法通过浏览器测试 2 路 ssl?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:有没有办法通过浏览器测试 2 路 ssl?
基础教程推荐
- 如何对 HashSet 进行排序? 2022-01-01
- 在螺旋中写一个字符串 2022-01-01
- 如何强制对超级方法进行多态调用? 2022-01-01
- Java 中保存最后 N 个元素的大小受限队列 2022-01-01
- 由于对所需库 rt.jar 的限制,对类的访问限制? 2022-01-01
- 如何使用 Stream 在集合中拆分奇数和偶数以及两者的总和 2022-01-01
- 如何在不安装整个 WTP 包的情况下将 Tomcat 8 添加到 Eclipse Kepler 2022-01-01
- Spring Boot Freemarker从2.2.0升级失败 2022-01-01
- 如何使用 Eclipse 检查调试符号状态? 2022-01-01
- 首次使用 Hadoop,MapReduce Job 不运行 Reduce Phase 2022-01-01
