任何人都可以推荐客户端 ssl 证书服务吗? [英] Can anyone recommend a client ssl-certificates service?

问题描述

我正在查看各种 SSL 提供商，但它们似乎都提供电子邮件证书"，可以兼作可以安装到浏览器中的客户端证书.

I'm looking through a variety of SSL providers, but they all seem to provide "email certificates" which can double as client-certs that can be installed into a browser.

是否真的有公司出售客户证书并知道他们在说什么?

Does any company actually sell client-certificates and know what they're talking about?

推荐答案

X509v3 证书可以限制为特定用途.一些 S/MIME 证书受到限制，因此它们不能用于网站，但大多数不是.

X509v3 certificates can be restricted to specific uses. Some S/MIME certificates are restricted so that they can't be used for websites, but most are not.

Thawte 不再颁发客户端证书.我 2003 年的证书的证书类型为SSL 客户端，S/MIME"，表明它们可用于电子邮件和客户端证书.我 2009 年 4 月 27 日的证书只有一个限制，即不能用作证书颁发机构.

Thawte no longer issues client certificates. My certificate from 2003 had a Cert Type" of "SSL CLient, S/MIME" indicating that they could be used for both email and for client certificates. My certificate from April 27, 2009 had only a single constraint, that it could not be used as a Certificate Authority.

Apple 的 iChat 加密证书只能用于 SSL 客户端.如果您是 me.com 客户并启用安全的 iChat，您将自动获得此信息.

Apple's iChat encryption certificate can only be used for SSL Client. You get this automatically if you are a me.com customer and enable secure iChat.

您可能会发现颁发自己的证书最容易.很多人都这样做，而且效果很好.您需要让用户加载您自己的密钥作为 CA.

You may find that it is easiest to issue your own certificates. Many people do this and it works quite well. You will need to have the user load your own key as a CA.

这篇关于任何人都可以推荐客户端 ssl 证书服务吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！