堆栈内存溢出
  简体   繁体   English

客户端计算机上的SSL服务器端证书?

[英]SSL Server-side certificate on client computer?

 原文  2016-06-09 21:48:11       wcf/ ssl

问题描述

There is a server with WCF client, which periodically initiates communications over internet with many WCF services installed on our clients computers. 有一个带有WCF客户端的服务器,该服务器通过客户端计算机上安装的许多WCF服务定期启动Internet上的通信。 WCF services and WCF clients are hosted in Windows Service, current binding is basicHttpBinding. WCF服务和WCF客户端托管在Windows Service中,当前绑定为basicHttpBinding。

Communication has to be over https with mutual authentication. 通信必须通过具有相互认证的https进行。 Company ordered SSL certificate but it is not clear if this certificate can be installed on clients computers (because WCF service is there) without exposing a private key. 公司订购了SSL证书,但尚不清楚是否可以在不公开私钥的情况下将该证书安装在客户端计算机上(因为存在WCF服务)。 Binding can be basicHttpBinding or wcHttpBinding with transport or message security but using certificates. 绑定可以是basicHttpBinding或wcHttpBinding,具有传输或消息安全性,但可以使用证书。

Is it possible to install service-side certificate on client computers and client-side certificate on our server? 是否可以在客户端计算机上安装服务端证书,并在我们的服务器上安装客户端证书? Should this architecture be re-worked so WCF service is on our server or it is possible to secure somehow this current solution? 应该重新构造此体系结构,以便WCF服务位于我们的服务器上,还是可以某种方式保护此当前解决方案?

1 个解决方案

解决方案1
 1 已采纳  2016-06-09 21:56:11

Each computer involved requires it's own certificate. 每台涉及的计算机都需要自己的证书。 A certificate value for authentication relies on the uniqueness of the private key. 用于身份验证的证书值取决于私钥的唯一性 The private key never leaves the host machine, and the certificate can be used to authenticate said machine (because is the only one in the world that posses that private key). 私钥永远不会离开主机,并且可以使用证书对所述机器进行身份验证(因为这是世界上唯一拥有该私钥的计算机)。 As soon as you start distributing copies of a private key, security is pretty much compromised. 一旦开始分发私钥的副本,安全性就会受到很大损害。

Normally such deployment rely on PKI infrastructure which can create certificates on-demand and sign them with a trusted key. 通常,此类部署依赖于PKI基础结构,该基础结构可以按需创建证书并使用受信任的密钥对其进行签名。

What product/protocol the certificates are used for is irrelevant. 证书使用的产品/协议无关紧要。 What kind of WCF HTTP binding you use it maters not. 您使用哪种WCF HTTP绑定就不重要了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在没有客户端证书的情况下在Tcp上使用Wcf SSl证书(仅限服务器端) - Using Wcf SSl certificate over Tcp without client certificate (Server side only) 客户端上的WCF服务-SSL证书 - WCF Service on Client Side - SSL Certificate 在客户端公开自定义服务器端实体框架属性 - Exposing custom server-side Entity Framework properties on the client side WCF回调未在客户端调用,并在服务器端挂起 - WCF callback not invoked on the client-side and hangs on the server-side 通过RIA服务将参数客户端传递到服务器端 - Pass parameter client to server-side with RIA services 通过WCF检索服务器端的客户端信息 - Retrieving Client Information on the Server-Side via WCF 客户端(jquery)和服务器端(asp.net)应用程序都可以访问的服务 - Service that can be accessed by both client-side (jquery) and server-side (asp.net) applications 服务器端和客户端WCF可以共享验证库吗? - Can Server-side and Client-side WCF Share Validation Library? 服务器端的WCF事件 - WCF events in server-side WCF 服务器端超时 - WCF server-side timeout
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM