tls证书验证
A walk-through of a simplified implementation of mTLS.
mTLS简化实现的演练。
First, what is TLS?
首先,什么是TLS?
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL),[1] are cryptographic protocols designed to provide communications security over a computer network.[2] Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
传输层安全性(TLS)及其现在不推荐使用的安全套接字层(SSL)[1]是旨在在计算机网络上提供通信安全性的加密协议。[2] 协议的几种版本在Web浏览,电子邮件,即时消息传递和IP语音(VoIP)等应用程序中得到广泛使用。 网站可以使用TLS来保护其服务器与Web浏览器之间的所有通信。
— Wikipedia —
Transport Layer Security
—维基百科—
传输层安全
Yes, it is the mechanism by which our web browsers create secure connections to web servers. Just click on the lock in your browser’s address bar when visiting most any web site and you will get an informational popup.
是的,这是我们的Web浏览器创建与Web服务器的安全连接的机制。 在访问大多数网站时,只需单击浏览器地址栏中的锁,您将看到一个信息弹出窗口。
At the heart of TLS is Public Key Infrastructure (PKI) and in particular X.509 certificates.
TLS的核心是公钥基础结构(PKI),尤其是X.509证书。
In cryptography, X.509 is a standard defining the format of public key certificates.[1] X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS[2], the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
在密码术中,X.509是定义公共密钥证书格式的标准。[1] X.509证书用于许多Internet协议中,包括TLS / SSL,这是HTTPS [2](浏览网页的安全协议)的基础。 它们还用于脱机应用程序,例如电子签名。 X.509证书包含公钥和身份(主机名,组织或个人),并且由证书颁发机构签名或自行签名。 当证书由受信任的证书颁发机构签名或通过其他方式进行验证时,持有该证书的人可以依靠其包含的公钥与另一方建立安全通信,或验证由相应私钥进行数字签名的文档。
— Wikipedia —
X.509
—维基百科—
X.509
To inspect a X.509 certificate, click on the
Certificate
entry in the informational popup (shown when we clicked on the lock above).
要检查X.509证书,请在信息弹出窗口中单击“
证书”
条目(当我们单击上面的锁时显示)。
So then, what is mTLS?
那么,什么是mTLS?
By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the applicatio