Web 浏览器是按需向 Web 服务器发送客户端证书(意味着 Web 服务器配置为进行客户端身份验证并需要客户端证书)还是只发送它拥有的所有证书?如果 Web 浏览器按需发送客户端证书,那么 Web 浏览器如何知道要将哪个客户端证书发送到该特定 Web 服务器?
最佳答案
我把我的问题放在 https://security.stackexchange.com/ 上得到了this answer来自@gowenfawr:
During the SSL handshake,
If the server requires a digital certificate for client authentication, the server sends a "client certificate request" that includes a list of the types of certificates supported and the Distinguished Names of acceptable Certification Authorities (CAs).(quote is from a reasonably lucid explanation of the SSL handshake by IBM.)
The client then compares the certificates in its store against that list to see if it has any signed by the CAs that the server listed. If it finds one, it will send it, usually after prompting the user whether they want to send it. Presumably if there were multiple matches it would ask the user which to send (if any).
关于ssl - 在 Web 浏览器中发送客户端证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20270733/