SSL - CN验证自签名证书 [英] SSL - CN Validation with self signed certificates

问题描述

我需要验证CN提醒专家与自签名的证书。下面是这种情况。

I need expert advise on CN validation with the self signed certificates. Here is the scenario.

• 服务器安装了自签名证书


• 客户端具有相同的自安装（不是浏览器）叹了口气证书服务器身份验证过程中服务器的信任验证的目的。客户有任何其他证书信任验证的访问权限。

在这种情况下，什么都没有尽CN验证的含义是什么？可能是什么安全问题？ [假设 - 在服务器上的私钥是安全的]

In this scenario, what are the implications of NOT doing CN validation? What are the possible security concerns? [Assume - Private key on the server is safe]

推荐答案

如果你有一个pre-共享的公共密钥，你不需要CA验证的关键;你可以直接进行比较。它实际上是容易做到。
这是不使用，因为它不适合所有，这意味着，如果私有密钥的确实的被偷然后还有什么可以做这件事（除去每一个客户和改变什么按键，它相信，这使我们直接回到不缩放）。

If you have a pre-shared public key, you do not need a CA to validate the key; you can just directly compare it. It's actually trivial to do. This isn't used because it doesn't scale at all, and it means that if the private key does get stolen then there's nothing you can do about it (other than going to every client and changing what keys it trusts, which brings us straight back to "doesn't scale").

这篇关于SSL - CN验证自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！