5

我有一种情况,我需要为使用 SslStream 作为服务器的客户端生成 SSL 证书。

我知道该怎么做(makecert.exe),但是在尝试确保连接的双方都经过身份验证时遇到了问题。

基本上,如果我使用自签名证书,我需要将其添加到受信任的根中以使相互身份验证正常工作。如果可以的话,我宁愿避免这种情况。我知道我可以购买 SSL 证书,但我的情况是我需要为每个客户端创建不同的证书,因此为每个客户端购买证书是不可能的。

有没有办法避免这种情况?也许我可以购买一些可以用来生成更多证书的证书?正如您可能知道的那样,我对 SSL 总体上一无所知。

4

1 回答 1

3

The short answer is no, you can't do that. That is yet another reason why client certificates are not popular. You can provide a relatively painless install script for your users to run on their machines to install your homegrown CA certificate, but it still requires user intervention on every client that will connect to your server. Not pretty at all. Are you sure you cannot use usernames and passwords?

于 2010-01-03T02:01:57.383 回答