堆栈内存溢出
  简体   繁体   English

如果客户端未通过证书,https 连接的安全性如何

[英]How secure is the https connection if the client not passes certificate

 原文  2016-04-26 10:58:37       ssl/ https/ openssl

问题描述

We have a web server running on linux machine where we configured 'SSLVerifyClient' as 'require' in ssl.conf file.我们有一个在 linux 机器上运行的 Web 服务器,我们在 ssl.conf 文件中将“SSLVerifyClient”配置为“require”。

Does this needs client who is utilizing the service from web browser(like firefox or chrome) needs a certificate.这是否需要使用 Web 浏览器(如 firefox 或 chrome)服务的客户端需要证书。

If yes, then it is not possible to distribute client certificate to every user as there can be some thousands of users, how to overcome this problem.如果是,那么不可能将客户端证书分发给每个用户,因为可能有数千个用户,如何克服这个问题。

If no, then how the data passed over network is secure?如果不是,那么通过网络传递的数据如何安全? I know that certificate helps in encrypting data so that no one who don't have certificate can read data.我知道证书有助于加密数据,以便没有证书的人无法读取数据。

Please help me in clarifying my doubts请帮助我澄清我的疑惑

2 个解决方案

解决方案1
 0 已采纳  2016-04-26 11:15:30

If you don't use client certificate, the https connection is still safe:如果不使用客户端证书,https 连接仍然是安全的:

  • Only the client and the server can read/write the content只有客户端和服务器可以读/写内容
  • The identity of the server is assured by a certificate authority服务器的身份由证书颁发机构保证

Client certificate only give you client authentication in the beginning of the connection.客户端证书仅在连接开始时为您提供客户端身份验证 To encrypt the data, the public key of the server is used in the beginning (See public key encryption).为了加密数据,一开始使用服务器的公钥(参见公钥加密)。

If you identify the client with cookies set after login/password submit, it is still safe: you have identify the client.如果您在登录/密码提交后使用设置的 cookie 识别客户端,它仍然是安全的:您已经识别了客户端。

解决方案2
 -1  2016-04-26 11:06:24

When SSLVerifyClient is set to require, the client MUST pass a client certificate.当 SSLVerifyClient 设置为 require 时,客户端必须通过客户端证书。 You would generate these via OpenSSL, and sign them with a certificate authority that you install via SSLCACertificateFile.您将通过 OpenSSL 生成这些,并使用您通过 SSLCACertificateFile 安装的证书颁发机构对它们进行签名。

How you distribute those certificates is an issue you'll have to solve yourself.如何分发这些证书是您必须自己解决的问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 与Android应用程序中的客户端证书的HTTPS连接 - HTTPS connection with client certificate in an android app 如何使用PHP检测安全连接(https)? - How to detect secure connection (https) using PHP? 从客户端到Node.js服务器的安全HTTPS连接 - Secure HTTPS connection to Node.js server from client 如何使用基本身份验证和tls pfx证书的https客户端修复服务器连接? - How to fix server connection using https client with basic auth and tls pfx certificate? 建立与https的安全连接 - Creating secure connection to https 这个HTTPS连接安全吗? - Is this HTTPS connection secure? 客户端是否需要根证书 CA 才能与服务器建立 HTTPS 连接? - Is a root certificate CA required on the client side to establish an HTTPS connection with server? 如何在节点中使用客户端证书进行 HTTPS GET - How to do HTTPS GET with client certificate in node 默认情况下如何保护 docker 客户端连接? - How to secure docker client connection by default? 证书Java客户端https - Certificate java client https
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM