4,450
社区成员
发帖
与我相关
我的任务
分享关于服务器端认证客户端的问题
请教大家一个问题,在ssl通信中,如果需要服务器端认证客户端,我想知道,服务器端从客户端的证书提取的是什么信息,我从一篇文章看到,说数字证书丢了不要紧,那么不是谁都可以冒充那个客户么?麻烦那位大哥给我解释一下。多谢了
...全文
请发表友善的回复…
发表回复
gaooo 2005-02-25
- 打赏
- 举报
GZ
bzCpp 2005-02-25
- 打赏
- 举报
私钥泄漏了就要到发行机构吊销你的证书了,不过好像很多的SSL实现没有检查证书吊销列表。
证书本来就是公开的,没有丢不丢的问题。
证书本来就是公开的,没有丢不丢的问题。
zblaoshu1979 2005-02-23
- 打赏
- 举报
1.转
如果想看的详细一点可以看一看SSL的协议
(1))大体过程
Client Server
ClientHello -------->
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data
(2)CertificateVerify所做事情
Certificate verify
When this message will be sent:
This message is used to provide explicit verification of a client
certificate. This message is only sent following a client
certificate that has signing capability (i.e. all certificates
except those containing fixed Diffie-Hellman parameters). When
sent, it will immediately follow the client key exchange message.
Structure of this message:
struct {
Signature signature;
} CertificateVerify;
The Signature type is defined in 7.4.3.
CertificateVerify.signature.md5_hash
MD5(handshake_messages);
Certificate.signature.sha_hash
SHA(handshake_messages);
Here handshake_messages refers to all handshake messages sent or
received starting at client hello up to but not including this
message, including the type and length fields of the handshake
messages. This is the concatenation of all the Handshake structures
as defined in 7.4 exchanged thus far.
2.证书没有了无所谓,只有私钥没丢就行
如果想看的详细一点可以看一看SSL的协议
(1))大体过程
Client Server
ClientHello -------->
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data
(2)CertificateVerify所做事情
Certificate verify
When this message will be sent:
This message is used to provide explicit verification of a client
certificate. This message is only sent following a client
certificate that has signing capability (i.e. all certificates
except those containing fixed Diffie-Hellman parameters). When
sent, it will immediately follow the client key exchange message.
Structure of this message:
struct {
Signature signature;
} CertificateVerify;
The Signature type is defined in 7.4.3.
CertificateVerify.signature.md5_hash
MD5(handshake_messages);
Certificate.signature.sha_hash
SHA(handshake_messages);
Here handshake_messages refers to all handshake messages sent or
received starting at client hello up to but not including this
message, including the type and length fields of the handshake
messages. This is the concatenation of all the Handshake structures
as defined in 7.4 exchanged thus far.
2.证书没有了无所谓,只有私钥没丢就行
ypos 2005-02-22
- 打赏
- 举报
公钥
fengge8ylf 2005-02-21
- 打赏
- 举报
关注
