为什么 APNS 需要 Entrust ssl 证书的 ssl

发布于 2024-10-14 10:54:16 字数 513 浏览 5 评论 0原文

大家好 为什么苹果给了entrust ssl的链接,有必要吗? http://developer.apple.com/库/ios/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/CommunicatingWIthAPS/CommunicatingWIthAPS.html 请参阅第一个注释:

注意:要与 APN 建立 TLS 会话,必须在提供商的服务器上安装 Entrust Secure CA 根证书。如果服务器运行 Mac OS X,则此根证书已在钥匙串中。在其他系统上,证书可能不可用。您可以从 Entrust SSL 证书网站下载此证书。

Hi all
why apple has given link of entrust ssl ,is it necessary ?
http://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/CommunicatingWIthAPS/CommunicatingWIthAPS.html
see at first note:

Note: To establish a TLS session with APNs, an Entrust Secure CA root certificate must be installed on the provider’s server. If the server is running Mac OS X, this root certificate is already in the keychain. On other systems, the certificate might not be available. You can download this certificate from the Entrust SSL Certificates website.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

披肩女神 2024-10-21 10:54:16

是的,需要证书才能与 APN 建立 TLS 会话。
但您不需要从 Entrust 购买证书。 (我猜这就是您的想法,因为 Entrust 网站上的证书盒有巨大的 $xxx)

APN 使用与使用 Entrust 证书的服务器的安全连接。当您的计算机上未安装 CA 根证书时,此连接将会失败。所有“常规”证书仅在您的计算机已知根证书时才有效。这就是他们希望您下载的文件。

但很可能 Entrust Secure CA 根证书已安装。我使用了 Ubuntu 和 Arch Linux 中的 APN,并且没有安装 Entrust 中的任何内容。这是来自我的 arch 安装,所有必需的根 ca 证书都已存在:

[root@dellbook certs]# ls /etc/ssl/certs/Entrust*
/etc/ssl/certs/Entrust.net_Global_Secure_Personal_CA.pem
/etc/ssl/certs/Entrust.net_Global_Secure_Server_CA.pem
/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
/etc/ssl/certs/Entrust.net_Secure_Personal_CA.pem
/etc/ssl/certs/Entrust.net_Secure_Server_CA.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority.pem

Yes, the certificate is necessary to establish a TLS session with APNs.
But you don't need to buy a certificate from Entrust. (I guess this was what you thought, because there are huge $xxx for a certificate boxes on the Entrust website)

The APNs uses a secure connection to a server that uses a certificate from Entrust. And this connection would fail when the CA root certificate wouldn't be installed on your computer. All "regular" certificates are only valid if the root certificate is known to your computer. And this is the file that they want you to download.

But most likely the Entrust Secure CA root cert is already installed. I used APNs from Ubuntu, and Arch Linux, and I installed nothing from Entrust. This is from my arch install, all necessary root ca certificates are already there:

[root@dellbook certs]# ls /etc/ssl/certs/Entrust*
/etc/ssl/certs/Entrust.net_Global_Secure_Personal_CA.pem
/etc/ssl/certs/Entrust.net_Global_Secure_Server_CA.pem
/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
/etc/ssl/certs/Entrust.net_Secure_Personal_CA.pem
/etc/ssl/certs/Entrust.net_Secure_Server_CA.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority.pem
胡渣熟男 2024-10-21 10:54:16

看来您不必购买 Entrust 证书之一;您只需从他们的网站下载证书颁发机构的证书(免费)。苹果应该更清楚地说明这一点。我找到了当前的链接,它可能不会永远有效,但现在是: https://www.entrustdatacard.com/pages/root-certificates-download

It appears that you don't have to buy one of the Entrust certificates; you just have to download the certificate authority certificate (which is free) from their website. Apple should have made this more clear. I found the current link to this, which may not work forever, but for now here it is: https://www.entrustdatacard.com/pages/root-certificates-download

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文