简体繁体 English

cacerts文件在两个Web应用程序之间进行通信的作用

[英]Role of cacerts file communication between two web applications

原文 2015-08-14 17:41:52 9 1 java/ pki

While studying upon PKI, I came across with cacerts file in java which I am not familiar with. 在研究PKI时，我遇到了我不熟悉的java中的cacerts文件。 I read information related to it via googling for a while but not fully understood what role it plays in following picture. 我花了一段时间搜索相关信息，但是并没有完全理解它在下图中扮演的角色。

java web app "foo"is built Java Web应用程序“ foo”已构建
"foo" is deployed to web server "A" “ foo”部署到Web服务器“ A”
there is a service provider "bar" is deployed to web server "B" 服务提供商“栏”已部署到Web服务器“ B”
"foo" needs to communicate with "bar" securely “ foo”需要与“ bar”安全地通信
when "foo" initiates talks to "bar", a certificate from web server "B" is presented to web server "A" 当“ foo”发起与“ bar”的对话时，来自Web服务器“ B”的证书将提供给Web服务器“ A”
web server "A" verifies signer of the cert came from web server "B" Web服务器“ A”验证证书的签名者来自Web服务器“ B”
if it is ok then "foo" can talk to "bar" 如果可以的话，那么“ foo”可以和“ bar”对话

In this scenario (if I described correctly), at step 6 web server "A" uses cacerts file to verify a signer? 在这种情况下（如果我没有正确描述），在第6步中，Web服务器“ A”使用cacerts文件来验证签名者吗？

1 个解决方案

cacerts contains the Certificate Authorities (CA) that are trusted. cacerts包含受信任的证书颁发机构（CA）。 The cacerts file is a collection of trusted CA public keys (in the form of certificates). cacerts文件是受信任的CA公共密钥（以证书的形式）的集合。

A and B's certificates are signed using a CA's private key. A和B的证书使用CA的私钥签名。

The certificate of B will specify which CA they were issued by and the public key of the CA can be used by A to verify that the CA did in fact issue that certificate (ie verifying the signature on B's certificate). B的证书将指定它们由哪个CA颁发，并且A可以使用CA的公钥来验证CA实际上确实签发了该证书（即验证B的证书上的签名）。

A certificate chain will be built by doing the above recursively until it gets to a self-signed root CA certificate, and this self-signed cert has to be in the cacerts file for the verification to be successful. 通过递归执行上述操作，直到获得自签名根CA证书为止，将构建证书链，并且该自签名证书必须位于cacerts文件中才能成功进行验证。