[英]Role of cacerts file communication between two web applications
While studying upon PKI, I came across with cacerts file in java which I am not familiar with. 在研究PKI时,我遇到了我不熟悉的java中的cacerts文件。 I read information related to it via googling for a while but not fully understood what role it plays in following picture.
我花了一段时间搜索相关信息,但是并没有完全理解它在下图中扮演的角色。
In this scenario (if I described correctly), at step 6 web server "A" uses cacerts file to verify a signer? 在这种情况下(如果我没有正确描述),在第6步中,Web服务器“ A”使用cacerts文件来验证签名者吗?
cacerts contains the Certificate Authorities (CA) that are trusted. cacerts包含受信任的证书颁发机构(CA)。 The cacerts file is a collection of trusted CA public keys (in the form of certificates).
cacerts文件是受信任的CA公共密钥(以证书的形式)的集合。
A and B's certificates are signed using a CA's private key. A和B的证书使用CA的私钥签名。
The certificate of B will specify which CA they were issued by and the public key of the CA can be used by A to verify that the CA did in fact issue that certificate (ie verifying the signature on B's certificate). B的证书将指定它们由哪个CA颁发,并且A可以使用CA的公钥来验证CA实际上确实签发了该证书(即验证B的证书上的签名)。
A certificate chain will be built by doing the above recursively until it gets to a self-signed root CA certificate, and this self-signed cert has to be in the cacerts file for the verification to be successful. 通过递归执行上述操作,直到获得自签名根CA证书为止,将构建证书链,并且该自签名证书必须位于cacerts文件中才能成功进行验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.