有没有一种方式，通过浏览器来测试2路SSL？ [英] Is there a way to test 2 way ssl through browser?

问题描述

如果是这样，你如何设置认证证书，你需要什么文件？它是.PFX？你将如何安装浏览器？一直停留试图通过浏览器来测试2路SSL。我有一个Web服务，并尝试始终连接返回认证认证失败。

If so, How do you set certificate for authentication, what files do you need? is it .pfx? How would you install that in browser? Been stuck trying to test 2 way ssl through browser. I have a webservice, and trying to connect always returns certification authentication failed.

推荐答案

拓展上nickrak的回答。 2路SSL意味着客户信任的web服务，以及web服务信托/认证客户端。

Expanding on nickrak's answer. 2-way SSL means that the client trusts the webservice, and that the webservice trusts/authenticates the client.

在web服务端：

添加客户端的CA证书到Web服务的受信任的证书。在CNWebService的服务器证书必须在web服务的URL匹配。 WebService的服务器证书不能过期。 web服务可以选择做例如基于客户端证书...进一步的认证，是在一个授权客户的白名单客户端证书。也许web服务具有多级访问，所以客户端证书进行检查，以确定有多少访问给客户端。

Add the client's CA cert into the webservice's trusted certificates. The "CN" in the webservice server certificate must match the URL of the webservice. The webservice server certificate must not be expired. The webservice may choose to do further authentication based on the client certificate...for example, is the client certificate in a "whitelist" of authorized clients. Perhaps the webservice has multiple levels of access, so the client certificate is checked to determine how much access to give the client.

在客户端：

这签署的web服务的服务器证书需要被添加到客户端的受信任的证书列表中的CA。在浏览器中，这将是受信任的根证书颁发机构部分（IE，Chrome浏览器）或机构部分（火狐）英寸这些证书的扩展名通常是.der，.CER，.crt或质子交换膜。此外，客户端自己的私有密钥/证书组合需要被添加到客户端浏览器。这将是个人部分（IE，Chrome浏览器），或者您的证书（火狐）英寸这些密钥库的扩展名通常的.p12或.PFX。

The CA that signed the webservice server certificate will need to be added to the client's trusted certificate list. In a browser, this will be in the "Trusted Root Certification Authorities" section (IE, Chrome) or "Authorities" section (Firefox). The extensions for these certificates are usually .der, .cer, .crt, or .pem. Also, the client's own private key/certificate combination need to be added to the client browser. This will be in the "Personal" section (IE, Chrome) or "Your Certificates" (Firefox). The extensions for these keystores are usually .p12 or .pfx.

这篇关于有没有一种方式，通过浏览器来测试2路SSL？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！