X509使用序列号或公钥进行证书验证

发布于 2024-10-03 23:57:05 字数 239 浏览 9 评论 0原文

任何人都可以提供一些有关验证 X509Certificate 的建议吗?我已经在检查证书是否由受信任的根签名,但是我还想检查证书是否颁发给已知方。

为此使用的最佳属性是什么?我正在考虑序列号或公钥的思路,但不完全理解两者的含义。我想公钥的寿命超出了任何重新颁发的证书的范围,而序列号仅限于在特定日期颁发的特定证书?

有人可以提供一些明智的建议吗?

编辑:看起来证书指纹可能是实现此目的的典型方法。

Can anyone offer some advice on validating a X509Certificate. I am already checking to see if the cert is signed by a trusted root, however I also want to check that the certificate is issued to a known party.

What is the best property to use for this? I'm thinking along the lines of SerialNumber or Public Key but don't fully understand the implications of either. I guess public key lives beyond any reissued certificates, whereas SerialNumber is constrained to a particular certificate issued on a particular date?

Can anyone offer some informed advice?

Edit: It looks like the certificate thumbprint might be the typical way to achieve this.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

眼泪淡了忧伤 2024-10-10 23:57:05

我发现有一个指纹属性可以唯一标识确切的证书详细信息。

但最终我恢复为与主题中的公司名称匹配的字符串,因为这是我确定可以验证续订或重新颁发的证书的唯一方法。

I found there is a Thumbprint property which uniquely identifies the exact certificate details.

However in the end I reverted to string matching the Company Name in the Subject, as it's the only way I could know for sure that I could validate renewed or re-issued certificates.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文