首页 > 其他分享 >certificate chain

certificate chain

时间:2023-06-06 13:22:47浏览次数:59  
标签:chain certificate Server verifier verification issuer

http://docs.oracle.com/cd/E19424-01/820-4811/gdzen/index.html

A颁发给B,B颁发给C,...

通常起码root证书要是受信任的

Verifying a Certificate Chain

Certificate chain verification is the process of making sure a given certificate chain is well-formed, valid, properly signed, and trustworthy. Directory Server software uses the following steps to form and verify a certificate chain, starting with the certificate being presented for authentication:

  1. The certificate validity period is checked against the current time provided by the verifier’s system clock.

  2. The issuer’s certificate is located. The source can be either the verifier’s local certificate database (on that client or server) or the certificate chain provided by the subject (for example, over an SSL connection).

  3. The certificate signature is verified using the public key in the issuer certificate.

  4. If the issuer’s certificate is trusted by the verifier in the verifier’s certificate database, verification stops successfully here. Otherwise, the issuer’s certificate is checked to make sure it contains the appropriate subordinate CA indication in the Directory Server certificate type extension, and chain verification returns to step 1 to start again, but with this new certificate.

 

1 有效

2 链 

3 遇到第一个受信任的证书即终止

 

 

标签:chain,certificate,Server,verifier,verification,issuer
From: https://www.cnblogs.com/zno2/p/6511445.html

相关文章

  • 解决cURL error 60: SSL certificate problem: unable to get local issuer certifica
    转载:报错原因:因为没有配置信任的服务器HTTPS验证。默认情况下,cURL被设为不信任任何CAs,因此浏览器无法通过HTTPs访问你服务器。一、解决方式下载证书1、放到这里来2、修改php.ini文件,去掉前面“;”路径带上""3、openssl这个扩展开启4、记得重启,不然不生效......
  • Git 的SSL certificate problem: unable to get local issuer certificate问题
    D:\temp>gitclonehttps://github.com/xxxxxx/yyyyyy.gitCloninginto'yyyyyy'...fatal:unabletoaccess'https://github.com/xxxxxx/yyyyyy.git/':SSLcertificateproblem:unabletogetlocalissuercertificate处理方法:D:\temp>gitco......
  • Charles:安装Client Certificates
    背景公司内部网页开启了证书验证,浏览器需要安装个人证书后才能访问该网页。此时抓包则需要在charles配置客户端证书。操作1、打开导入证书页面2、导入证书文件3、选择文件并输入密码4、导入成功5、测试访问网址,成功抓取到数据......
  • ZetaChain撸毛教程,连接所有的区块链!
    Web3.0,轻松玩赚时代ZetaChain奖励ZetaChain目前尚未公布其融资信息,但据观察,DelphiDigital、TheSpartanGroup、AmberGroup和一些大型VC都关注订阅了ZetaChain的官方社交媒体,推测这些风投很可能投资了ZetaChain。近日官方称,团队将奖励那些积极为该测试网做出贡献的经批准的......
  • 关于使用openssl命令-同时生成私钥与CSR-Certificate Signing Request的方法记录
    这里笔者主要讲述如何生成一个CSR证书签名请求文件,方法过程可能有多种笔者这里将使用一种最为简单简洁的方式进行讲解,使用到的环境与软件如下:操作系统:RedHatEnterpriseLinuxrelease8.7(Ootpa)openssl软件包版本:openssl-1.1.1k-9.el8_7.x86_64 1、创建私钥的同时,也就同......
  • LangChain教程 – 如何构建自定义知识聊天机器人
    您可能已经了解到过去几个月发布的大量AI应用程序。您甚至可能已经开始使用其中的一些。ChatPDF和CustomGPTAI等AI工具已经对人们变得非常有用——这是有充分理由的。您需要滚动浏览50页文档才能找到简单答案的日子已经一去不复返了。相反,您可以依靠AI来完成繁重的工作......
  • anaconda运行install命令报错:Caused by SSLError(SSLCertVerificationError(1, '[SSL:
      运行命令:condainstallmpi4py 报错:Retrievingnotices:...working...ERRORconda.notices.fetch:get_channel_notice_response(63):Requesterror<HTTPSConnectionPool(host='mirrors.tuna.tsinghua.edu.cn',port=443):Maxretriesexceededwithurl......
  • LangChain入门(三)-对超长文本进行总结
    GitHub-liaokongVFX/LangChain-Chinese-Getting-Started-Guide:LangChain的中文入门教程LangChain的中文入门教程.ContributetoliaokongVFX/LangChain-Chinese-Getting-Started-GuidedevelopmentbycreatinganaccountonGitHub.https://github.com/liaokongVFX/LangCh......
  • LangChain入门(一)访问LLM模型
    GitHub-liaokongVFX/LangChain-Chinese-Getting-Started-Guide:LangChain的中文入门教程LangChain的中文入门教程.ContributetoliaokongVFX/LangChain-Chinese-Getting-Started-GuidedevelopmentbycreatinganaccountonGitHub.https://github.com/liaokongVFX/LangCh......
  • LangChain入门(二)-通过 Google 搜索并返回答案
    GitHub-liaokongVFX/LangChain-Chinese-Getting-Started-Guide:LangChain的中文入门教程LangChain的中文入门教程.ContributetoliaokongVFX/LangChain-Chinese-Getting-Started-GuidedevelopmentbycreatinganaccountonGitHub.https://github.com/liaokongVFX/LangCh......