SslStream 的 SSL 证书设置

发布于 2024-08-16 06:13:46 字数 301 浏览 9 评论 0原文

我遇到一种情况,需要使用 SslStream 作为服务器为客户端生成 SSL 证书。

我知道如何做到这一点(makecert.exe),但在尝试确保连接双方都经过身份验证时遇到了问题。

基本上,如果我使用自签名证书,我需要将其添加到受信任的根以使相互身份验证正常工作。如果可以的话,我宁愿避免这种情况。我知道我可以购买 SSL 证书,但我的情况是我需要为每个客户端创建不同证书,因此为每个客户端购买证书是不可能的。

有办法避免吗?也许我可以购买一些证书来生成更多证书?正如您可能知道的那样,我对 SSL 总体来说一无所知。

I have a situation where I need to generate SSL certificates for clients using SslStream as a server.

I know how to do that (makecert.exe), but I run into a problem when trying to ensure that both sides of the connection are authenticated.

Basically, if I use self signed cert, I need to add it to the trusted roots to get mutual authentication to work. I would rather avoid that if I can. I know that I can purchase a SSL certificate, but my situation is that I need to create a different certificate for each client, so buying a certificate for each client is out of the question.

Is there a way to avoid that? Maybe some certificate that I can buy that I can use to generate more certificates? As you can probably tell, I am pretty clueless about SSL in general.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

溺ぐ爱和你が 2024-08-23 06:13:46

简短的回答是否定的,你不能这样做。这是客户端证书不受欢迎的另一个原因。您可以为用户提供一个相对轻松的安装脚本,让其在他们的计算机上运行来安装您自己开发的 CA 证书,但它仍然需要用户干预每个将连接到您的服务器的客户端。一点也不漂亮。您确定不能使用用户名和密码吗?

The short answer is no, you can't do that. That is yet another reason why client certificates are not popular. You can provide a relatively painless install script for your users to run on their machines to install your homegrown CA certificate, but it still requires user intervention on every client that will connect to your server. Not pretty at all. Are you sure you cannot use usernames and passwords?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文