有没有办法将CA颁发的证书与存储的CSR进行比较?
[英]Is there a way to compare a CA issued Certificate against the CSR stored?
问题描述
I would like to know if there is a way ( in JAVA ) to compare the CA issued certificate for a corresponding CSR against the CSR itself. 
我想知道(在JAVA中)是否有一种方法可以将CA颁发的对应CSR的证书与CSR本身进行比较。 To be more precise; 更准确地说; DN comparison or the comparing the Public Key? DN比较还是比较公钥?
I doubt if the public key entity of the CSR could be compared with that of the Certificate's public Key. 我怀疑是否可以将CSR的公钥实体与证书的公钥实体进行比较。 Is that possible? 那可能吗?
1 个解决方案
解决方案1
3 已采纳 2011-10-12 17:33:00
You could use the CA issued certificate to validate the digital signature in the CSR. 您可以使用CA颁发的证书来验证CSR中的数字签名。 Every CSR is signed by the private key corresponding to the public key in the CSR. 每个CSR均由与CSR中的公钥相对应的私钥签名。 If you can use the public key from the certificate to validate the signature, you can ensure they are related. 如果可以使用证书中的公钥来验证签名,则可以确保它们之间存在关联。
You could also compare the public key in the CSR with the public key in the certificate. 您还可以将CSR中的公钥与证书中的公钥进行比较。 I would avoid DN comparison, as some CA software allows the registration authority to modify the DN prior to issuing the certificate. 我会避免进行DN比较,因为某些CA软件允许注册机构在颁发证书之前修改DN。 So, you could conceivably end up with a cert that has a DN that differs from the one in the CSR, even though they are directly related. 因此,可以想象,最终获得的DN与CSR中的DN有所不同,即使它们是直接相关的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.