本页使用了标题或全文手工转换

自签名证书

维基百科,自由的百科全书
跳到导航 跳到搜索

密碼學電腦安全中,自簽章憑證(英語:self-signed certificate)是使用發行者自己的私鑰簽署的數位憑證,在加密功能上等同於經過可信任的证书颁发机构簽署的憑證[1]

由於自簽章憑證是無成本而無需認證的[2][3],故用戶只應在明確知道該憑證是屬於對方時才信任之。因此,未經過特別設定信任該自簽章憑證的客戶端會警示用戶[2][4],提示用戶不應該信任對方並應放棄連接[2]

部分公認被信賴的自簽章憑證,即根憑證,是信任鏈的起點[5],會預設被多數客戶端信任[3]。當對其他伺服器的連線準備建立時,如果其憑證的上游憑證被信任,那麼該伺服器的憑證就會被信任[3]

参考文献[编辑]

  1. ^ TIBCO Support Portal. support.tibco.com. [2022-05-13]. (原始内容存档于2022-05-15). 
  2. ^ 2.0 2.1 2.2 The Dangers of Self-Signed Certificates. GlobalSign GMO Internet, Inc. 2020-02-05 [2022-05-13]. (原始内容存档于2022-03-08) (英语). 
  3. ^ 3.0 3.1 3.2 What is a Root Certificate? - DNSimple Help. support.dnsimple.com. [2022-05-13]. (原始内容存档于2022-04-20). 
  4. ^ View Security Certificate Errors. www.digicert.com. [2022-05-13]. (原始内容存档于2022-05-09). 
  5. ^ RFC 4158. IETF (英语). all of the end entities and relying parties use a single "Root CA" as their trust anchor. If the hierarchy has multiple levels, the Root CA certifies the public keys of intermediate CAs (also known as subordinate CAs). These CAs then certify end entities' (subscribers') public keys or may, in a large PKI, certify other CAs.