SSL工作没有客户端证书 [英] SSL works without Client certificate

问题描述

有件事我不明白，如果我不把证书在所有的SSL连接建立成功，我不知道如何在服务器解密该消息没有客户端证书。

There is something I don't understand, When I don't put certificate at all, the SSL connection is established successfully, I wonder how the server decrypt the message without client certificate.

什么是客户端证书是？

感谢

推荐答案

想想证书不加密，解密的条件，但在认证方面。加密可以在没有所有证书来完成 - 只要知道开关键就足够了。但是，证书中包含不同的领域，其中之一是证书所有者的个性。对于网络这个值是要连接到服务器的域名。由于有手段来检查服务器的那个IP地址总是等于证书（向前和向后DNS请求）规定的名称，你可以肯定，你说你想要的人。

Think about certificate not in terms of encrypting-decrypting, but in terms of authentication. Encryption can be done without certificates at all - just knowing open key is enough. But certificate contains different fields, among them is personality of certificate owner. For web this value is the domain name of the server you wish to connect to. As there are means to check that IP address of the server is always equal to name stated in certificate (forward and backward DNS requests), you can be sure that you're talking to the one you wish to.

在此方面，客户证书问题应该更简单易懂。客户端证书允许服务器进行身份验证客户端，因此认证将是相互的。服务器可以检查，例如，该客户证书是有效的（未过期，不列入黑名单，等等）。

In this terms, client certificate issue should be much simpler to understand. Client certificate allows server to authenticate client, so the authentication will be mutual. Server could check, for example, that the client certificate is valid (not expired, not black-listed, etc.).

这篇关于SSL工作没有客户端证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！