简体繁体 English

组织内的 SSL 证书

[英]SSL certificates within an orgnanization

原文 2017-10-06 02:10:02 1 1 amazon-web-services/ ssl/ https/ ssl-certificate

I would like to know how CA signed SSL certificates are used within an organization for inter-service/apps communication (All apps internal to the org)我想知道如何在组织内使用 CA 签名的 SSL 证书进行服务/应用程序间通信（组织内部的所有应用程序）

Lets say app ABC has generated a cert and has chained it with its company's CA signed cert.假设应用程序 ABC 生成了一个证书并将其与其公司的 CA 签名证书链接起来。 Now another app XYZ would like to use ABC's restful service over HTTPS.现在另一个应用程序 XYZ 想通过 HTTPS 使用 ABC 的宁静服务。

Should XYZ import ABC's certificate into its keystore ? XYZ 是否应该将 ABC 的证书导入其密钥库？
Is there a way for XYZ to interact with ABC without importing ABC's cert ?有没有办法让 XYZ 在不导入 ABC 的证书的情况下与 ABC 交互？
How would this play out in AWS Cloud, given ABC & XYZ are in the same VPC ?鉴于 ABC 和 XYZ 在同一个 VPC 中，这将如何在 AWS 云中发挥作用？

1 个解决方案

You need to import the root certificate of your CA into the trusted root certificate store of all servers/ PCs that will use a service with such certificate.您需要将您的 CA 的根证书导入到将使用具有此类证书的服务的所有服务器/PC 的受信任根证书存储中。

You only need to register this one certificate, all certificates issued by the CA will then be trusted.您只需要注册这一个证书，CA 颁发的所有证书都将被信任。

It doesn't make a difference if apps are in the same VPC or not.应用程序是否在同一个 VPC 中没有区别。 The only way to get around this is to use normal http解决这个问题的唯一方法是使用普通的 http