I am working on a system where multiple servers can have trustworthy relationships with each other. With the server connection, X.509 certification is installed using authentication.
The server has its own server certificate that the client uses to validate the server (identical to the browser client and the web server).
My question: When establishing a trust relationship between two servers (A and B), server A's server certificate is naturally insecure or problematic as client identity, when anything Does Servers Communicate with Server B? In practice, this involves establishing Server A's server certificate in the server's Trust store, and vice versa.
Personally, I can not see anything wrong with it, and with this is better for some reason to make a separate client-side identity for server A and B? It really comes from a high level perspective - server A is after all customers connecting with the server.
Blockquote>
No, it is okay until the partners can prove each other .
In practice, this involves establishing Server A's server certificate in the server's Trust store, and vice versa.
In practice, the certificate will be installed from a centralized CA. Either avoid self-signed certificates for public / commercial or internal end entities, self-signed certifications raise management management overhead and do not allow inspection of cancellation (if peer certificate should be revoked).
No comments:
Post a Comment