CN103001965A - Method for updating server certificates and servers - Google Patents

Method for updating server certificates and servers Download PDF

Info

Publication number
CN103001965A
CN103001965A CN2012105301167A CN201210530116A CN103001965A CN 103001965 A CN103001965 A CN 103001965A CN 2012105301167 A CN2012105301167 A CN 2012105301167A CN 201210530116 A CN201210530116 A CN 201210530116A CN 103001965 A CN103001965 A CN 103001965A
Authority
CN
China
Prior art keywords
certificate
server
ssl
update
root
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012105301167A
Other languages
Chinese (zh)
Other versions
CN103001965B (en
Inventor
刘桂源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Star Net Ruijie Networks Co Ltd
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN201210530116.7A priority Critical patent/CN103001965B/en
Publication of CN103001965A publication Critical patent/CN103001965A/en
Application granted granted Critical
Publication of CN103001965B publication Critical patent/CN103001965B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method for updating server certificates and servers. The method comprises that if a first security socket layer (SSL) certificate which is used by a second server currently expires, the second server sends a certificate update request message to a first server which holds a root certificate, and the certificate update request message carries the first SSL certificate; the second server receives a certificate update response message which is sent by the first server, the certificate update response message carries a second SSL certificate, and the second SSL certificate is an SSL certificate which is signed and issued to the second server again according to the first root certificate which is stored locally after the first server determines that the second server is a legal server that uses the same root certificate as the first server according to the first SSL certificate; and the second server replaces the first SSL certificate with the second SSL certificate. In the technical scheme, different servers use the same root certificate, so that root certificate resources can be saved.

Description

Server certificate update method and server
Technical field
The present invention relates to the communication technology, relate in particular to a kind of server certificate update method and server.
Background technology
Security socket layer (Security Socket Layer, referred to as SSL) Virtual Private Network (VirtualPrivate Network, referred to as VPN) be a kind of VPN that makes up based on SSL, operate mainly between application layer and transmission control protocol (Transmission Control Protocol is referred to as the TCP) layer.SSL VPN supports HTML (Hypertext Markup Language) (Hypertext Transfer Protocol is referred to as HTTP), and based on this, SSL VPN client (hereinafter to be referred as client) can be carried out secure access to SSLVPN by explorer.
Open login page in client SSL vpn server (hereinafter to be referred as server) is carried out Web when access, at first to the SSL certificate of server be authenticated, only after the SSL of server certificate was by authentication, client could be set up with server the SSL passage of an encryption.
In the prior art, every station server is corresponding root certificate all, and the SSL certificate of server is to be produced by this root certificate some information in conjunction with server, and the root certificate storage that the keeper can use server in advance is in client.It mainly is that client uses the root certificate to judge whether the title of the SSL certificate of server conforms to IP address or the domain name of server that client authenticates the SSL certificate of server, and whether the SSL certificate of judging server is expired etc.In the scene of disposing multiple servers, the corresponding root certificate of every station server, this can cause the waste of root certificate resource.
Summary of the invention
The invention provides a kind of server certificate update method and server, in order to save root certificate resource.
First aspect provides a kind of server certificate update method, comprising:
If the first security socket layer SSL certificate of the current use of second server lost efficacy, described second server sends the certificate update request message to the first server of holding the root certificate, and described certificate update request message carries a described SSL certificate;
Described second server receives the certificate update response message that described first server sends, described certificate update response message carries the 2nd SSL certificate, described the 2nd SSL certificate be described first server determine according to a described SSL certificate described second server be use the legal server of same root certificates with described first server after, according to first SSL certificate that certificate is signed and issued for described second server again of this locality storage;
Described second server is with the described SSL certificate of described the 2nd SSL certificates replacement.
Second aspect provides a kind of server certificate update method, comprising:
First server receives the certificate update request message that second server sends, described certificate update request message is that described second server sent when the first security socket layer SSL certificate of current use loses efficacy, and described certificate update request message carries a described SSL certificate;
If it is the legal server of using same root certificates with described first server that described first server is determined described second server according to a described SSL certificate, described first server is signed and issued the 2nd SSL certificate for described second server again according to first certificate of this locality storage;
Described first server sends the certificate update response message to described second server, and described certificate update response message carries described the 2nd SSL certificate, so that described second server is with the described SSL certificate of described the 2nd SSL certificates replacement.
The third aspect provides a kind of server, comprising:
Sending module is used for losing efficacy at the first security socket layer SSL certificate of the current use of described server, sends the certificate update request message to the first server of holding the root certificate, and described certificate update request message carries a described SSL certificate;
Receiver module, be used for receiving the certificate update response message that described first server sends, described certificate update response message carries the 2nd SSL certificate, described the 2nd SSL certificate be described first server determine according to a described SSL certificate described server be use the legal server of same root certificates with described first server after, according to first SSL certificate that certificate is signed and issued for described server again of this locality storage;
Update module is used for the described SSL certificate of described the 2nd SSL certificates replacement.
Fourth aspect provides a kind of server, comprising:
Receiver module, be used for receiving the certificate update request message that second server sends, described certificate update request message is that described second server sent when the first security socket layer SSL certificate of current use loses efficacy, and described certificate update request message carries a described SSL certificate;
Sign and issue module, being used for determine described second server according to a described SSL certificate is when using the legal server of same root certificates with described server, again to sign and issue the 2nd SSL certificate for described second server according to first certificate of this locality storage;
Sending module is used for sending the certificate update response message to described second server, and described certificate update response message carries described the 2nd SSL certificate, so that described second server is with the described SSL certificate of described the 2nd SSL certificates replacement.
Server certificate update method provided by the invention and server, different server shares identical root certificate, when carrying out the SSL certificate update, send the certificate update request message to the server of holding the root certificate, and receive the certificate update response message of the server transmission of holding the root certificate, therefrom obtain new SSL certificate, with the original SSL certificate of new SSL certificates replacement, finish the renewal of SSL certificate, because different server shares identical root certificate, can save root certificate resource.
Description of drawings
The flow chart of a kind of server certificate update method that Fig. 1 provides for the embodiment of the invention;
The flow chart of the another kind of server certificate update method that Fig. 2 provides for the embodiment of the invention;
The flow chart of another server certificate update method that Fig. 3 provides for the embodiment of the invention;
The flow chart of another server certificate update method that Fig. 4 provides for the embodiment of the invention;
The structural representation of a kind of server that Fig. 5 provides for the embodiment of the invention;
The structural representation of the another kind of server that Fig. 6 provides for the embodiment of the invention.
Embodiment
The flow chart of a kind of server certificate update method that Fig. 1 provides for the embodiment of the invention.As shown in Figure 1, the method for present embodiment comprises:
If a SSL certificate of the current use of step 101 second server lost efficacy, second server sends the certificate update request message to the first server of holding the root certificate, and described certificate update request message carries a SSL certificate.
Step 102, second server receive the certificate update response message that first server sends, described certificate update response message carries the 2nd SSL certificate, described the 2nd SSL certificate be first server determine according to a SSL certificate second server be use the legal server of same root certificates with first server after, the SSL certificate of again signing and issuing for second server according to first certificate of this locality storage.
Step 103, second server are with the 2nd SSL certificates replacement the one SSL certificate.
In the present embodiment, second server and first server refer to the SSL vpn server.Second server can be one or more.Under second server was a plurality of situation, the process that each second server upgrades the SSL certificate was all identical, so various embodiments of the present invention describe as an example of one of them second server example.
For ease of distinguishing, present embodiment is called a SSL certificate with the SSL certificate of the current use of second server.The one SSL certificate also is to use the root certificate of local storage to sign and issue as second server by first server.In the present embodiment, first server is held the root certificate, and second server is known the information of the first server of holding the root certificate in advance, and second server uses identical root certificate with first server, can save like this root certificate resource.
Wherein, the situation of SSL certificate inefficacy comprises following arbitrary situation or its combination:
The title of the one SSL certificate does not conform to the IP address of second server;
The title of the one SSL certificate does not conform to the domain name of second server;
The one SSL certificate expired;
The one SSL certificate is soon expired.
Wherein, a SSL certificate has the term of validity, and a SSL certificate is about to the expired remaining up duration of a SSL certificate that refers to less than default up duration thresholding.The up duration thresholding can arrange flexibly according to practical application request.
In the present embodiment, second server can be monitored the operating position of a SSL certificate, finds in time whether a SSL certificate lost efficacy; If finding a SSL certificate lost efficacy, second server sends the certificate update request message to the first server of using same root certificates with second server and holding this root certificate, and second server offers first server by the certificate update request message in the lump with a SSL certificate of current use.Like this, first server can judge that whether second server uses the legal server of same root certificates with first server by a SSL certificate.If it is to use the local root certificate issuance of storing by first server that first server is judged a SSL certificate, then first server can determine that second server is the legal server of using same root certificates with first server, based on this, first server just can use the root certificate of local storage again to sign and issue a SSL certificate as second server, is called the 2nd SSL certificate; If it is not to use the local root certificate issuance of storing by first server that first server is judged a SSL certificate, then first server can determine that second server is not the legal server of using same root certificates with first server.In the present embodiment, the root certificate with current storage on the first server is called first certificate.
For first server, since with the SSL certificate of other servers of its use same root certificates be that first server is signed and issued, and first server is known the employed rule etc. of signing and issuing, therefore, first server can be judged whether a SSL certificate is used local storage by first server root certificate issuance.
First server is that second server is signed and issued after the 2nd SSL certificate again, the 2nd SSL certificate is carried in the certificate update response message sends to second server.Second server receives the certificate update response message that first server sends, and therefrom obtains the 2nd SSL certificate.Then, second server is with the 2nd SSL certificates replacement the one SSL certificate, thereby finishes the renewal process of SSL certificate.
Afterwards, when client need to be accessed second server, client can use the root certificate of local storage that the 2nd SSL certificate that second server uses is authenticated, after the 2nd SSL certificate of second server passed through authentication, client could be set up with second server the SSL passage of an encryption.
In the present embodiment, second server shares identical root certificate with first server, when carrying out the SSL certificate update, second server sends the certificate update request message to the first server of holding the root certificate, and receives the certificate update response message of the first server transmission of holding the root certificate, therefrom obtains new SSL certificate, with the original SSL certificate of new SSL certificates replacement, finish the renewal of SSL certificate, because different server shares identical root certificate, can save root certificate resource.
Further, in the scene of the multiserver of prior art, the root certificate that the keeper need to be corresponding with each server manually stores in the client, so that client is carried out the SSL certificate verification to different server, not only efficient is lower for this, and the configuration effort amount is large, and keeper's burden is heavier.In the present embodiment, because different server shares identical root certificate, so that the quantity of root certificate reduces, when saving root certificate resource, can alleviate keeper's configuration effort amount, alleviate keeper's work load, in addition, client can use same certificate that different server is carried out the SSL certificate verification, can simplify the operation of client, raising is saved the storage resources of client etc. to the authentication efficiency of SSL certificate.
The flow chart of the another kind of server certificate update method that Fig. 2 provides for the embodiment of the invention.As shown in Figure 2, the method for present embodiment comprises:
If a SSL certificate of the current use of step 201 second server lost efficacy, second server sends the certificate update request message to the first server of holding the root certificate, and described certificate update request message carries a SSL certificate.
Step 202, second server receive the certificate update response message that first server sends, described certificate update response message carries the 2nd SSL certificate, described the 2nd SSL certificate be first server determine according to a SSL certificate second server be use the legal server of same root certificates with first server after, the SSL certificate of again signing and issuing for second server according to first certificate of this locality storage.
Step 203, second server are with the 2nd SSL certificates replacement the one SSL certificate.
Wherein, step 201-step 203 can be referring to the description of above-mentioned steps 101-step 103.
Step 204, second server receive the certificate update notification message that first server sends, described certificate update notification message carries Three S's SL certificate, described Three S's SL certificate is the SSL certificate that first server is signed and issued for second server again according to second certificate of this locality storage, and described second certificate is the root certificate that first server regained after first certificate lost efficacy.
Step 205, second server are with the SSL certificate of the current use of Three S's SL certificates replacement second server.
Above-mentioned steps 204-step 205 can be decided as the case may be with the execution sequence of step 201-step 203, and the back will elaborate.
In the present embodiment, not only the SSL certificate of second server use can lose efficacy, and the root certificate of first server storage also can lose efficacy.Wherein, the situation of first certificate inefficacy comprises following arbitrary situation or its combination:
The title of first certificate does not conform to the IP address of first server;
The title of first certificate does not conform to the domain name of first server;
First certificate expired;
First certificate is soon expired.
Wherein, first certificate has the term of validity, and first certificate is about to expiredly mainly refer to first remaining up duration of certificate less than default up duration thresholding that namely first certificate is soon expired.
Whether first server can be monitored the operating position of first certificate, lost efficacy in order in time find first certificate.Lost efficacy if find first certificate, then first server is upgraded first certificate, obtains second certificate.Wherein, the mode of second certificate of first server acquisition comprises following several:
If first certificate is the local self-signed certificate that produces of first server, then after first certificate lost efficacy, first server can be signed and issued a root certificate again as second certificate.Perhaps
If first certificate is Third Party Authentication center (Certificate Authority, referred to as CA) sign and issue, then after first certificate lost efficacy, first server can send the root certificate request message to third party CA, requesting third-party CA signs and issues a root certificate again, and then first server receives second certificate that third party CA sends according to the root certificate request message.Wherein, third party CA can according to the root certificate request message of first server transmission, sign and issue a root certificate for first server again.Perhaps
No matter first certificate is that first server is local that produce or third party CA signs and issues, first certificate be because expired or be about to expired cause losing efficacy after, first server can prolong the term of validity of first certificate, thereby obtains second certificate.In this embodiment, second certificate is identical with first certificate.Concrete, if first certificate is the local self-signed certificate that produces of first server, then the first server term of validity that can directly prolong first certificate gets final product.If first certificate is that third party CA signs and issues, then first server need to link with third party CA, in order to jointly finish the extension of first certificate.
After first server is upgraded the root certificate, use the SSL certificate of the second server of same root certificates also to need again to sign and issue with first server.Based on this, first server is signed and issued Three S's SL certificate for second server again according to second certificate after obtaining second certificate, and sends the certificate update notification message to second server, carries Three S's SL certificate by the certificate update notification message.Concerning first server, store the second server of same root certificates shared with it on it for information about, such as SSL certificate of the IP address of second server, domain name, current use etc., so first server can be after upgrading the root certificate, according to the second server of storing for information about, determine which server again to sign and issue the SSL certificate also according to again signing and issuing the SSL certificate for this server for information about for.
Second server receives the certificate update notification message that first server sends, and therefrom obtains Three S's SL certificate, and with the SSL certificate of the current use of Three S's SL certificates replacement second server, thereby finish the process that the SSL certificate upgrades with the renewal of root certificate.
Optionally, a kind of situation is: the renewal of first certificate occurs in before the SSL certificate inefficacy, then second server is when receiving the certificate update notification message, the SSL certificate of current use is an above-mentioned SSL certificate, after then second server receives Three S's SL certificate, use Three S's SL certificates replacement the one SSL certificate.In this case, above-mentioned steps 204-step 205 was carried out before step 201-step 203; Accordingly, " the SSL certificate " described in the step 201-step 203 need to replace with " the SSL certificate after the renewal ".
Another kind of situation is: the renewal of first certificate occurs in a SSL certificate because of after inefficacy upgrades, i.e. the first being updated in after the 2nd SSL certificate that second server obtains of certificate more, then second server is when receiving the certificate update notification message, the SSL certificate of current use is above-mentioned the 2nd SSL certificate, after then second server receives Three S's SL certificate, use Three S's SL certificates replacement the 2nd SSL certificate.In this case, above-mentioned steps 204-step 205 is carried out after step 201-step 203.
In addition, first server is upgraded after the root certificate, and also needing provides client with second certificate after upgrading.A kind of execution mode comprises: second certificate storage after administrator hand will be upgraded is to client, so that client uses second certificate that first server or second server are carried out the SSL certificate verification.Another kind of execution mode comprises: first server sends to client with second certificate, so that client uses second certificate that first server or second server are carried out the SSL certificate verification.For example, first server can in the mode of mail, send to second certificate in the Web mailbox of client.
In this explanation, for same SSL certificate, second server upgrades the process of employed this SSL certificate according to the renewal of root certificate, the process of upgrading this SSL certificate with employed this SSL certificate inefficacy of second server discovery is two independently processes, and it is carried out sequencing and does not do restriction.Present embodiment finds that employed SSL certificate lost efficacy and the process of upgrading employed SSL certificate formerly describes as example take second server.
In the present embodiment, second server shares identical root certificate with first server, when carrying out the SSL certificate update, second server sends the certificate update request message to the first server of holding the root certificate, and receives the certificate update response message of the first server transmission of holding the root certificate, therefrom obtains new SSL certificate, with the original SSL certificate of new SSL certificates replacement, finish the renewal of SSL certificate, because different server shares identical root certificate, can save root certificate resource.In addition, in the present embodiment, after the root certificate upgraded, first server was was initiatively signed and issued new SSL certificate for second server again, and new SSL certificate is offered second server, and the SSL certificate of second server can be upgraded in time, and efficient is higher.Further, in the present embodiment, because different server shares identical root certificate, so that the quantity of root certificate reduces, when saving root certificate resource, can alleviate keeper's configuration effort amount, alleviate keeper's work load, in addition, client can use same certificate that different server is carried out the SSL certificate verification, can simplify the operation of client, improve the authentication efficiency to the SSL certificate, save the storage resources of client etc.
The flow chart of another server certificate update method that Fig. 3 provides for the embodiment of the invention.As shown in Figure 3, the method for present embodiment comprises:
Step 301, first server receive the certificate update request message that second server sends, described certificate update request message is that second server sent when a SSL certificate of current use loses efficacy, and described certificate update request message is taken a described SSL certificate.
If it is the legal server of using same root certificates with first server that step 302 first server is determined second server according to a SSL certificate, first server is signed and issued the 2nd SSL certificate for second server again according to first certificate of this locality storage.
Step 303, first server send the certificate update response message to second server, and described certificate update response message carries the 2nd SSL certificate, so that second server is with the 2nd SSL certificates replacement the one SSL certificate.
In the present embodiment, first server and second server refer to the SSL vpn server.Second server can be one or more.
For ease of distinguishing, present embodiment is called a SSL certificate with the SSL certificate of the current use of second server.The one SSL certificate also is to use the root certificate of local storage to sign and issue as second server by first server.In the present embodiment, first server is held the root certificate, and second server is known the information of the first server of holding the root certificate in advance, and second server uses identical root certificate with first server, can save like this root certificate resource.
Wherein, the situation of SSL certificate inefficacy comprises following arbitrary situation or its combination:
The title of the one SSL certificate does not conform to the IP address of second server;
The title of the one SSL certificate does not conform to the domain name of second server;
The one SSL certificate expired;
The one SSL certificate is soon expired.
Wherein, a SSL certificate has the term of validity, and a SSL certificate is about to the expired remaining up duration of a SSL certificate that refers to less than default up duration thresholding.The up duration thresholding can arrange flexibly according to practical application request.
In the present embodiment, second server can be monitored the operating position of a SSL certificate, finds in time whether a SSL certificate lost efficacy; If finding a SSL certificate lost efficacy, second server sends the certificate update request message to the first server of using same root certificates with second server and holding this root certificate, and second server offers first server by the certificate update request message in the lump with a SSL certificate of current use.
First server receives the certificate update request message that second server sends, and therefrom obtains a SSL certificate, then judges that by a SSL certificate whether second server uses the legal server of same root certificates with first server.Because using the SSL certificate of other servers of same root certificates with first server is that first server is signed and issued, and first server is known the employed rule etc. of signing and issuing, therefore, first server can be judged whether a SSL certificate is used local storage by first server root certificate issuance.
If it is to use the local root certificate issuance of storing by first server that first server is judged a SSL certificate, then first server can determine that second server is the legal server of using same root certificates with first server, based on this, first server just can use the root certificate of local storage again to sign and issue a SSL certificate as second server, is called the 2nd SSL certificate; If it is not to use the local root certificate issuance of storing by first server that first server is judged a SSL certificate, then first server can determine that second server is not the legal server of using same root certificates with first server.In the present embodiment, the root certificate with current storage on the first server is called first certificate.
After first server uses first certificate again to sign and issue the 2nd SSL certificate as second server, send the certificate update response message to second server, by the certificate update response message the 2nd SSL certificate is offered second server, so that second server can be with the 2nd SSL certificates replacement the one SSL certificate.
In the present embodiment, first server shares identical root certificate with second server, when the SSL of second server certificate lost efficacy, can be according to the certificate update request message of second server transmission, again sign and issue the SSL certificate for second server, so that second server is finished the renewal of SSL certificate, because different server shares identical root certificate, can save root certificate resource.
Further, in the scene of the multiserver of prior art, the root certificate that the keeper need to be corresponding with each server manually stores in the client, so that client is carried out the SSL certificate verification to different server, not only efficient is lower for this, and the configuration effort amount is large, and keeper's burden is heavier.In the present embodiment, because different server shares identical root certificate, so that the quantity of root certificate reduces, when saving root certificate resource, can alleviate keeper's configuration effort amount, alleviate keeper's work load, in addition, client can use same certificate that different server is carried out the SSL certificate verification, can simplify the operation of client, raising is saved the storage resources of client etc. to the authentication efficiency of SSL certificate.
The flow chart of another server certificate update method that Fig. 4 provides for the embodiment of the invention.As shown in Figure 4, the method for present embodiment comprises:
Step 401, first server receive the certificate update request message that second server sends, described certificate update request message is that second server sent when a SSL certificate of current use loses efficacy, and described certificate update request message is taken a described SSL certificate.
If it is the legal server of using same root certificates with first server that step 402 first server is determined second server according to a SSL certificate, first server is signed and issued the 2nd SSL certificate for second server again according to first certificate of this locality storage.
Step 403, first server send the certificate update response message to second server, and described certificate update response message carries the 2nd SSL certificate, so that second server is with the 2nd SSL certificates replacement the one SSL certificate.
Wherein, step 401-step 403 can be referring to the description of step 301-step 303.
If first certificate of step 404 lost efficacy, first server regains second certificate.
Step 405, first server are signed and issued Three S's SL certificate for second server again according to second certificate.
Step 406, first server send the certificate update notification message to second server, and described certificate update notification message carries Three S's SL certificate, so that second server is with the SSL certificate of the current use of Three S's SL certificates replacement second server.
Above-mentioned steps 404-step 406 can be decided as the case may be with the execution sequence of above-mentioned steps 401-step 403, and the back will elaborate.
In the present embodiment, only the SSL certificate of second server use can lose efficacy, and the root certificate of first server storage also can lose efficacy.Wherein, the situation of first certificate inefficacy comprises following arbitrary situation or its combination:
The title of first certificate does not conform to the IP address of first server;
The title of first certificate does not conform to the domain name of first server;
First certificate expired;
First certificate is soon expired.
Wherein, first certificate has the term of validity, and first certificate is about to expiredly mainly refer to first remaining up duration of certificate less than default up duration thresholding that namely first certificate is soon expired.
Whether first server can be monitored the operating position of first certificate, lost efficacy in order in time find first certificate.Lost efficacy if find first certificate, then first server is upgraded first certificate, obtains second certificate.Wherein, the mode of second certificate of first server acquisition comprises following several:
If first certificate is the local self-signed certificate that produces of first server, then after first certificate lost efficacy, first server can be signed and issued a root certificate again as second certificate.Perhaps
If first certificate is that third party CA signs and issues, then after first certificate lost efficacy, first server can send the root certificate request message to third party CA, requesting third-party CA signs and issues a root certificate again, and then first server receives second certificate that third party CA sends according to the root certificate request message.Wherein, third party CA can according to the root certificate request message of first server transmission, sign and issue a root certificate for first server again.Perhaps
No matter first certificate is that first server is local that produce or third party CA signs and issues, first certificate be because expired or be about to expired cause losing efficacy after, first server can prolong the term of validity of first certificate, thereby obtains second certificate.In this embodiment, second certificate is identical with first certificate.Concrete, if first certificate is the local self-signed certificate that produces of first server, then first server can directly prolong the term of validity of first certificate.If first certificate is that third party CA signs and issues, then first server need to link with third party CA, in order to jointly finish the extension of first certificate.
Usually, the keeper can be configured first server in advance, disposes the source-information of employed certificate.Based on this, first server can be according to configuration information, and distinguishing the root certificate is local the generation, or is signed and issued by third party CA.Further, can pass through change to the configuration information of first server by the keeper, thus the source of employed certificate of change first server.For example, if according to application demand, the source that needs change root certificate, for example using the local self-signed certificate that produces after a period of time, the root certificate that needs use third party CA to sign and issue, then can again be configured first server by the keeper, the source of root certificate is configured to third party CA.
After first server is upgraded the root certificate, use the SSL certificate of the second server of same root certificates also to need again to sign and issue with first server.Based on this, first server is signed and issued Three S's SL certificate for second server again according to second certificate after obtaining second certificate, and sends the certificate update notification message to second server, carries Three S's SL certificate by the certificate update notification message.Concerning first server, store the second server of same root certificates shared with it on it for information about, such as SSL certificate of the IP address of second server, domain name, current use etc., so first server can be after upgrading the root certificate, according to the second server of storing for information about, determine which server again to sign and issue the SSL certificate also according to again signing and issuing the SSL certificate for this server for information about for.
First server is reused new root certificate (i.e. second certificate) and is signed and issued after the Three S's SL certificate for second server, send the certificate update notification message to second server, by the certificate update notification message Three S's SL certificate is offered second server, so that second server can be with the SSL certificate of the current use of Three S's SL certificates replacement second server.
Optionally, a kind of situation is: the renewal of first certificate occurs in before the SSL certificate inefficacy, then second server is when receiving the certificate update notification message, the SSL certificate of current use is an above-mentioned SSL certificate, after then second server receives Three S's SL certificate, use Three S's SL certificates replacement the one SSL certificate.In this case, above-mentioned steps 404-step 406 was carried out before step 401-step 403; Accordingly, " the SSL certificate " described in the step 401-step 403 need to replace with " the SSL certificate after the renewal ".
Another kind of situation is: the renewal of first certificate occurs in a SSL certificate because of after inefficacy upgrades, i.e. the first being updated in after the 2nd SSL certificate that second server obtains of certificate more, then second server is when receiving the certificate update notification message, the SSL certificate of current use is above-mentioned the 2nd SSL certificate, after then second server receives Three S's SL certificate, use Three S's SL certificates replacement the 2nd SSL certificate.In this case, above-mentioned steps 404-step 406 is carried out after step 401-step 403.
In addition, first server is upgraded after the root certificate, and also needing provides client with second certificate after upgrading.A kind of execution mode comprises: second certificate storage after administrator hand will be upgraded is to client, so that client uses second certificate that first server or second server are carried out the SSL certificate verification.Another kind of execution mode comprises: first server sends to client with second certificate, so that client uses second certificate that first server or second server are carried out the SSL certificate verification.For example, first server can in the mode of mail, send to second certificate in the Web mailbox of client.
In this explanation, first server is upgraded the process of root certificate and the process of upgrading the employed SSL certificate of second server according to the renewal of root certificate, find with second server that employed SSL certificate lost efficacy and the process of upgrading employed SSL certificate is two independently processes, it is carried out sequencing and is not done restriction.Present embodiment finds that employed SSL certificate lost efficacy and the process of upgrading employed SSL certificate formerly describes as example take second server.
In the present embodiment, first server shares identical root certificate with second server, when the SSL of second server certificate lost efficacy, can be according to the certificate update request message of second server transmission, again sign and issue the SSL certificate for second server, so that second server is finished the renewal of SSL certificate, because different server shares identical root certificate, can save root certificate resource.In addition, in the present embodiment, first server can be upgraded the root certificate, and behind the root certificate update, initiatively again sign and issue new SSL certificate for second server, and new SSL certificate offered second server, so that the SSL certificate of second server can be upgraded in time, efficient is higher.Further, in the present embodiment, because different server shares identical root certificate, so that the quantity of root certificate reduces, when saving root certificate resource, can alleviate keeper's configuration effort amount, alleviate keeper's work load, in addition, client can use same certificate that different server is carried out the SSL certificate verification, can simplify the operation of client, improve the authentication efficiency to the SSL certificate, save the storage resources of client etc.
The structural representation of a kind of server that Fig. 5 provides for the embodiment of the invention.As shown in Figure 5, the server of present embodiment comprises: sending module 51, receiver module 52 and update module 53.
Sending module 51 is used for losing efficacy at a SSL certificate of the current use of present embodiment server, sends the certificate update request message to the first server of holding the root certificate, and described certificate update request message carries a described SSL certificate.
Receiver module 52, be connected with sending module 51, be used for after the certificate update request message that sending module 51 sends, receive the certificate update response message that first server sends, described certificate update response message carries the 2nd SSL certificate, described the 2nd SSL certificate be first server determine according to a SSL certificate present embodiment server be use the legal server of same root certificates with first server after, the SSL certificate of again signing and issuing for the present embodiment server according to first certificate of this locality storage.
Update module 53 is connected with receiver module 52, is used for the described SSL certificate of the 2nd SSL certificates replacement that receives with receiver module 52.
In an optional execution mode, receiver module 52 also is used for after receiving described certificate update response message, receive the certificate update notification message that first server sends, described certificate update notification message carries Three S's SL certificate, described Three S's SL certificate is the SSL certificate that first server is signed and issued for the present embodiment server again according to second certificate of this locality storage, and described second certificate is the root certificate that first server regained after first certificate lost efficacy.
Accordingly, update module 53 also is used for the SSL certificate with the current use of Three S's SL certificates replacement second server of receiver module 52 receptions.
If the renewal of first certificate occurs in before the SSL certificate inefficacy, then the SSL certificate of the current use of second server is a SSL certificate, then update module 53 concrete Three S's SL certificates replacement the one SSL certificates that are used for receiver module 52 receptions.If the renewal of first certificate occurs in the 2nd SSL certificate because of after inefficacy upgrades, then the SSL certificate of the current use of second server is the 2nd SSL certificate, then update module 53 concrete Three S's SL certificates replacement the 2nd SSL certificates that are used for receiver module 52 receptions.
Wherein, the situation of SSL certificate inefficacy comprises following arbitrary situation or its combination:
The title of the one SSL certificate does not conform to the IP address of second server;
The title of the one SSL certificate does not conform to the domain name of second server;
The one SSL certificate expired;
The one SSL certificate is soon expired.
Wherein, a SSL certificate has the term of validity, and a SSL certificate is about to the expired remaining up duration of a SSL certificate that mainly refers to less than default up duration thresholding, and namely a SSL certificate is soon expired.
Each functional module of the server that present embodiment provides can be used for carrying out the flow process of server certificate update method illustrated in figures 1 and 2, and its specific works principle repeats no more, and sees the description of embodiment of the method for details.
The server that present embodiment provides, can be used as the second server among the said method embodiment, share identical root certificate with first server, when carrying out the SSL certificate update, send the certificate update request message to the first server of holding the root certificate, and the certificate update response message of the first server transmission of root certificate is held in reception, therefrom obtain new SSL certificate, with the original SSL certificate of new SSL certificates replacement, finish the renewal of SSL certificate, owing to can share identical root certificate with different server, can save root certificate resource.In addition, the server of present embodiment can be after first server be upgraded the root certificate, receives the new SSL certificate that first server is signed and issued again, and with the SSL certificate of the new current use of SSL certificates replacement, so that the SSL certificate can be upgraded in time, efficient is higher.Further, the server of present embodiment can share identical root certificate with different server, so that the quantity of root certificate reduces, when saving root certificate resource, can alleviate keeper's configuration effort amount, alleviates keeper's work load.
The structural representation of the another kind of server that Fig. 6 provides for the embodiment of the invention.As shown in Figure 6, the server of present embodiment comprises: receiver module 61, sign and issue module 62 and sending module 63.
Receiver module 61, be used for receiving the certificate update request message that second server sends, described certificate update request message is that second server sent when a SSL certificate of current use loses efficacy, and described certificate update request message carries a described SSL certificate.
Sign and issue module 62, be connected with receiver module 61, being used for determining second server at a SSL certificate that receives according to receiver module 61 is server with present embodiment when using the legal server of same root certificates, again signs and issues the 2nd SSL certificate for second server according to first certificate of this locality storage.
Sending module 63, with sign and issue module 62 and be connected, be used for sending the certificate update response message to second server, described certificate update response message carries signs and issues the 2nd SSL certificate that module 62 is signed and issued, so that second server is with the 2nd SSL certificates replacement the one SSL certificate.
In an optional execution mode, as shown in Figure 6, the server of present embodiment also comprises: obtain module 64.
Obtain module 64, be used for when first certificate lost efficacy, regaining second certificate.
Based on obtaining module 64, sign and issue module 62 and also be connected with acquisition module 64, also be used for again signing and issuing Three S's SL certificate for second server according to second certificate that obtains module 64 acquisitions.Accordingly, sending module 63 also is used for sending the certificate update notification message to second server, described certificate update notification message carries signs and issues the Three S's SL certificate that module 62 is signed and issued, so that second server is with the SSL certificate of the current use of Three S's SL certificates replacement second server.
If the renewal of first certificate occurs in before the SSL certificate inefficacy, then the SSL certificate of the current use of second server is a SSL certificate.If the renewal of first certificate occurs in the 2nd SSL certificate because of after inefficacy upgrades, then the SSL certificate of the current use of second server is the 2nd SSL certificate.
In an optional execution mode, sending module 63 also is used for second certificate sent to client, so that client uses second certificate that described server or second server are carried out the SSL certificate verification.
In an optional execution mode, obtain module 64 and specifically can be used for again signing and issuing second certificate.Perhaps
Obtain the term of validity that module 64 specifically can be used for prolonging first certificate, to obtain second certificate.Perhaps
Obtain module 64 and specifically can be used for sending the root certificate request message to third party CA, receive second certificate that third party CA sends according to the root certificate request message.
Wherein, the situation of SSL certificate inefficacy comprises following arbitrary situation or its combination:
The title of the one SSL certificate does not conform to the IP address of second server;
The title of the one SSL certificate does not conform to the domain name of second server;
The one SSL certificate expired;
The one SSL certificate is soon expired.
Wherein, a SSL certificate has the term of validity, and a SSL certificate is about to the expired remaining up duration of a SSL certificate that mainly refers to less than default up duration thresholding, and namely a SSL certificate is soon expired.
The situation of first certificate inefficacy comprises following arbitrary situation or its combination:
The title of first certificate does not conform to the IP address of first server;
The title of first certificate does not conform to the domain name of first server;
First certificate expired;
First certificate is soon expired.
Wherein, first certificate has the term of validity, and first certificate is about to expiredly mainly refer to first remaining up duration of certificate less than default up duration thresholding that namely first certificate is soon expired.
Each functional module of the server that present embodiment provides can be used for the flow process of execution graph 3 and server certificate update method shown in Figure 4, and its specific works principle repeats no more, and sees the description of embodiment of the method for details.
The server that present embodiment provides, can be used as the first server among the said method embodiment, share identical root certificate with second server, when the SSL of second server certificate lost efficacy, can according to the certificate update request message of second server transmission, again sign and issue the SSL certificate for second server, so that second server is finished the renewal of SSL certificate, owing to can share identical root certificate with different server, can save root certificate resource.In addition, the server of present embodiment can upgrade the root certificate, and initiatively again signs and issues new SSL certificate for second server behind the root certificate update, and new SSL certificate is offered second server, so that the SSL certificate of second server can be upgraded in time, efficient is higher.Further, the server that present embodiment provides can share identical root certificate with different server, so that the quantity of root certificate reduces, when saving root certificate resource, can alleviate keeper's configuration effort amount, alleviates keeper's work load.
One of ordinary skill in the art will appreciate that: all or part of step that realizes above-mentioned each embodiment of the method can be finished by the relevant hardware of program command.Aforesaid program can be stored in the computer read/write memory medium.This program is carried out the step that comprises above-mentioned each embodiment of the method when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above each embodiment is not intended to limit only in order to technical scheme of the present invention to be described; Although with reference to aforementioned each embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps some or all of technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of various embodiments of the present invention technical scheme.

Claims (14)

1. a server certificate update method is characterized in that, comprising:
If the first security socket layer SSL certificate of the current use of second server lost efficacy, described second server sends the certificate update request message to the first server of holding the root certificate, and described certificate update request message carries a described SSL certificate;
Described second server receives the certificate update response message that described first server sends, described certificate update response message carries the 2nd SSL certificate, described the 2nd SSL certificate be described first server determine according to a described SSL certificate described second server be use the legal server of same root certificates with described first server after, according to first SSL certificate that certificate is signed and issued for described second server again of this locality storage;
Described second server is with the described SSL certificate of described the 2nd SSL certificates replacement.
2. server certificate update method according to claim 1 is characterized in that, also comprises:
Described second server receives the certificate update notification message that described first server sends, described certificate update notification message carries Three S's SL certificate, described Three S's SL certificate is second SSL certificate that certificate is signed and issued for described second server again that described first server is stored according to this locality, and described second certificate is the root certificate that described first server regained after described first certificate lost efficacy;
Described second server is with the SSL certificate of the current use of the described described second server of Three S's SL certificates replacement.
3. server certificate update method according to claim 1 and 2 is characterized in that, a described SSL certificate lost efficacy and comprises following arbitrary situation or its combination:
The title of a described SSL certificate does not conform to the IP address of described second server;
The title of a described SSL certificate does not conform to the domain name of described second server;
A described SSL certificate expired;
A described SSL certificate is soon expired.
4. a server certificate update method is characterized in that, comprising:
First server receives the certificate update request message that second server sends, described certificate update request message is that described second server sent when the first security socket layer SSL certificate of current use loses efficacy, and described certificate update request message carries a described SSL certificate;
If it is the legal server of using same root certificates with described first server that described first server is determined described second server according to a described SSL certificate, described first server is signed and issued the 2nd SSL certificate for described second server again according to first certificate of this locality storage;
Described first server sends the certificate update response message to described second server, and described certificate update response message carries described the 2nd SSL certificate, so that described second server is with the described SSL certificate of described the 2nd SSL certificates replacement.
5. server certificate update method according to claim 4 is characterized in that, also comprises:
If described first certificate lost efficacy, described first server regains second certificate;
Described first server is signed and issued Three S's SL certificate for described second server again according to described second certificate;
Described first server sends the certificate update notification message to described second server, described certificate update notification message carries described Three S's SL certificate, so that described second server is with the SSL certificate of the current use of the described described second server of Three S's SL certificates replacement.
6. server certificate update method according to claim 5 is characterized in that, described first server regains after second certificate, comprising:
Described first server sends to client with described second certificate, so that described client uses described second certificate that described first server or described second server are carried out the SSL certificate verification.
7. according to claim 5 or 6 described server certificate update methods, it is characterized in that described first server regains second certificate and comprises:
Described first server is signed and issued described second certificate again; Perhaps
Described first server prolongs the term of validity of described first certificate, to obtain described second certificate; Perhaps
Described first server sends the root certificate request message to the Third Party Authentication center CA;
Described first server receives described second certificate that described third party CA sends according to described certificate request message.
8. each described server certificate update method is characterized in that according to claim 4-6, and described first certificate lost efficacy and comprise following arbitrary situation or its combination:
The title of described first certificate does not conform to the IP address of described first server;
The title of described first certificate does not conform to the domain name of described first server;
Described first certificate expired;
Described first certificate is soon expired.
9. a server is characterized in that, comprising:
Sending module is used for losing efficacy at the first security socket layer SSL certificate of the current use of described server, sends the certificate update request message to the first server of holding the root certificate, and described certificate update request message carries a described SSL certificate;
Receiver module, be used for receiving the certificate update response message that described first server sends, described certificate update response message carries the 2nd SSL certificate, described the 2nd SSL certificate be described first server determine according to a described SSL certificate described server be use the legal server of same root certificates with described first server after, according to first SSL certificate that certificate is signed and issued for described server again of this locality storage;
Update module is used for the described SSL certificate of described the 2nd SSL certificates replacement.
10. server according to claim 9, it is characterized in that, described receiver module also is used for receiving the certificate update notification message that described first server sends, described certificate update notification message carries Three S's SL certificate, described Three S's SL certificate is second SSL certificate that certificate is signed and issued for described server again that described first server is stored according to this locality, and described second certificate is the root certificate that described first server regained after described first certificate lost efficacy;
Described update module also is used for the SSL certificate with the current use of the described described second server of Three S's SL certificates replacement.
11. a server is characterized in that, comprising:
Receiver module, be used for receiving the certificate update request message that second server sends, described certificate update request message is that described second server sent when the first security socket layer SSL certificate of current use loses efficacy, and described certificate update request message carries a described SSL certificate;
Sign and issue module, being used for determine described second server according to a described SSL certificate is when using the legal server of same root certificates with described server, again to sign and issue the 2nd SSL certificate for described second server according to first certificate of this locality storage;
Sending module is used for sending the certificate update response message to described second server, and described certificate update response message carries described the 2nd SSL certificate, so that described second server is with the described SSL certificate of described the 2nd SSL certificates replacement.
12. server according to claim 11 is characterized in that, also comprises:
Obtain module, be used for when described first certificate lost efficacy, regaining second certificate;
The described module of signing and issuing also is used for again signing and issuing Three S's SL certificate for described second server according to described second certificate;
Described sending module also is used for sending the certificate update notification message to described second server, described certificate update notification message carries described Three S's SL certificate, so that described second server is with the SSL certificate of the current use of the described described second server of Three S's SL certificates replacement.
13. server according to claim 12, it is characterized in that, described sending module also is used for described second certificate sent to client, so that described client uses described second certificate that described server or described second server are carried out the SSL certificate verification.
14. according to claim 12 or 13 described servers, it is characterized in that described acquisition module specifically is used for again signing and issuing described second certificate; Perhaps
Described acquisition module is specifically for the term of validity that prolongs described first certificate, to obtain described second certificate; Perhaps
Described acquisition module specifically is used for sending the root certificate request message to the Third Party Authentication center CA, receives described second certificate that described third party CA sends according to described certificate request message.
CN201210530116.7A 2012-12-10 2012-12-10 Server certificate update method and server Active CN103001965B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210530116.7A CN103001965B (en) 2012-12-10 2012-12-10 Server certificate update method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210530116.7A CN103001965B (en) 2012-12-10 2012-12-10 Server certificate update method and server

Publications (2)

Publication Number Publication Date
CN103001965A true CN103001965A (en) 2013-03-27
CN103001965B CN103001965B (en) 2016-01-27

Family

ID=47930109

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210530116.7A Active CN103001965B (en) 2012-12-10 2012-12-10 Server certificate update method and server

Country Status (1)

Country Link
CN (1) CN103001965B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106130740A (en) * 2016-08-31 2016-11-16 北京信安世纪科技有限公司 Digital certificate synchronous method, digital signature server and digital certificate synchronize system
CN106921499A (en) * 2016-11-01 2017-07-04 阿里巴巴集团控股有限公司 Utilization state machine carrys out the method and device of managing digital certificate
CN107294935A (en) * 2016-04-11 2017-10-24 深圳市深信服电子科技有限公司 Virtual private network access methods, devices and systems
CN108366112A (en) * 2018-02-06 2018-08-03 杭州朗和科技有限公司 Data transmission method and system, the medium and computing device of client
CN108989046A (en) * 2018-07-18 2018-12-11 成都知道创宇信息技术有限公司 A kind of SSL certificate chain method for automatically completing
CN108989039A (en) * 2017-05-31 2018-12-11 中兴通讯股份有限公司 Certificate acquisition method and device
CN109194631A (en) * 2018-08-17 2019-01-11 郑州云海信息技术有限公司 A kind of proof of identity method and relevant apparatus
CN109639661A (en) * 2018-12-04 2019-04-16 深圳前海微众银行股份有限公司 Server certificate update method, device, equipment and computer readable storage medium
CN110417597A (en) * 2019-07-29 2019-11-05 中国工商银行股份有限公司 For monitoring method and device, electronic equipment and the readable storage medium storing program for executing of certificate
CN110650015A (en) * 2019-08-16 2020-01-03 威富通科技有限公司 Method and device for acquiring certificate information, service server and storage medium
CN110825400A (en) * 2018-08-14 2020-02-21 杭州萤石软件有限公司 Certificate updating method and system for application program client
CN112073433A (en) * 2020-09-25 2020-12-11 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN112422551A (en) * 2020-11-16 2021-02-26 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
US11438179B2 (en) 2020-05-18 2022-09-06 Kyndryl, Inc. Certificate renewal process outside application server environment
CN115150162A (en) * 2022-07-01 2022-10-04 阿里云计算有限公司 Root certificate updating method and device
CN117318959A (en) * 2023-11-28 2023-12-29 苏州元脑智能科技有限公司 Expiration early warning method, device, system, equipment and medium for digital certificate

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030105876A1 (en) * 2001-11-30 2003-06-05 Angelo Michael F. Automatic generation of verifiable customer certificates
CN1476580A (en) * 2001-09-11 2004-02-18 ������������ʽ���� Content usage authority management system and management method
CN1482549A (en) * 2002-09-09 2004-03-17 中国科学院研究生院 Identity authentication device and method for network equipment
CN1539111A (en) * 2001-06-12 2004-10-20 ��Ѷ�о����޹�˾ Certificate management and transfer system and method
CN1756193A (en) * 2004-09-30 2006-04-05 国际商业机器公司 Computer system and program to update SSL certificates
CN101572707A (en) * 2009-05-31 2009-11-04 成都市华为赛门铁克科技有限公司 Method, apparatus and system for validating certificate state

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1539111A (en) * 2001-06-12 2004-10-20 ��Ѷ�о����޹�˾ Certificate management and transfer system and method
CN1476580A (en) * 2001-09-11 2004-02-18 ������������ʽ���� Content usage authority management system and management method
US20030105876A1 (en) * 2001-11-30 2003-06-05 Angelo Michael F. Automatic generation of verifiable customer certificates
CN1482549A (en) * 2002-09-09 2004-03-17 中国科学院研究生院 Identity authentication device and method for network equipment
CN1756193A (en) * 2004-09-30 2006-04-05 国际商业机器公司 Computer system and program to update SSL certificates
CN101572707A (en) * 2009-05-31 2009-11-04 成都市华为赛门铁克科技有限公司 Method, apparatus and system for validating certificate state

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294935A (en) * 2016-04-11 2017-10-24 深圳市深信服电子科技有限公司 Virtual private network access methods, devices and systems
CN107294935B (en) * 2016-04-11 2020-05-19 深信服科技股份有限公司 Virtual private network access method, device and system
CN106130740A (en) * 2016-08-31 2016-11-16 北京信安世纪科技有限公司 Digital certificate synchronous method, digital signature server and digital certificate synchronize system
CN106130740B (en) * 2016-08-31 2019-05-24 北京信安世纪科技股份有限公司 Digital certificate synchronous method, digital signature server and digital certificate synchronization system
CN106921499A (en) * 2016-11-01 2017-07-04 阿里巴巴集团控股有限公司 Utilization state machine carrys out the method and device of managing digital certificate
CN106921499B (en) * 2016-11-01 2020-02-14 阿里巴巴集团控股有限公司 Method and apparatus for managing digital certificates using state machines
CN108989039A (en) * 2017-05-31 2018-12-11 中兴通讯股份有限公司 Certificate acquisition method and device
CN108366112A (en) * 2018-02-06 2018-08-03 杭州朗和科技有限公司 Data transmission method and system, the medium and computing device of client
CN108989046A (en) * 2018-07-18 2018-12-11 成都知道创宇信息技术有限公司 A kind of SSL certificate chain method for automatically completing
CN108989046B (en) * 2018-07-18 2021-05-04 成都知道创宇信息技术有限公司 Automatic completion method for SSL certificate chain
CN110825400A (en) * 2018-08-14 2020-02-21 杭州萤石软件有限公司 Certificate updating method and system for application program client
CN110825400B (en) * 2018-08-14 2024-04-23 杭州萤石软件有限公司 Certificate updating method and system of application program client
CN109194631A (en) * 2018-08-17 2019-01-11 郑州云海信息技术有限公司 A kind of proof of identity method and relevant apparatus
CN109639661A (en) * 2018-12-04 2019-04-16 深圳前海微众银行股份有限公司 Server certificate update method, device, equipment and computer readable storage medium
CN110417597A (en) * 2019-07-29 2019-11-05 中国工商银行股份有限公司 For monitoring method and device, electronic equipment and the readable storage medium storing program for executing of certificate
CN110650015A (en) * 2019-08-16 2020-01-03 威富通科技有限公司 Method and device for acquiring certificate information, service server and storage medium
CN110650015B (en) * 2019-08-16 2022-04-05 威富通科技有限公司 Method and device for acquiring certificate information, service server and storage medium
US11438179B2 (en) 2020-05-18 2022-09-06 Kyndryl, Inc. Certificate renewal process outside application server environment
CN112073433B (en) * 2020-09-25 2022-09-20 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN112073433A (en) * 2020-09-25 2020-12-11 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN112422551A (en) * 2020-11-16 2021-02-26 微医云(杭州)控股有限公司 SSL certificate updating method and device, electronic equipment and storage medium
CN115150162A (en) * 2022-07-01 2022-10-04 阿里云计算有限公司 Root certificate updating method and device
WO2024002143A1 (en) * 2022-07-01 2024-01-04 阿里云计算有限公司 Root certificate updating method and apparatus
CN115150162B (en) * 2022-07-01 2024-06-04 阿里云计算有限公司 Root certificate updating method and device
CN117318959A (en) * 2023-11-28 2023-12-29 苏州元脑智能科技有限公司 Expiration early warning method, device, system, equipment and medium for digital certificate
CN117318959B (en) * 2023-11-28 2024-03-01 苏州元脑智能科技有限公司 Expiration early warning method, device, system, equipment and medium for digital certificate

Also Published As

Publication number Publication date
CN103001965B (en) 2016-01-27

Similar Documents

Publication Publication Date Title
CN103001965A (en) Method for updating server certificates and servers
US10630489B2 (en) Apparatus and method for managing digital certificates
US9473419B2 (en) Multi-tenant cloud storage system
US8627409B2 (en) Framework for automated dissemination of security metadata for distributed trust establishment
CN107005582B (en) Method for accessing public end point by using credentials stored in different directories
CN101253488B (en) Distributed caching of files in a network
CN108768979B (en) Method for accessing intranet, device and system for accessing intranet
JP5975594B2 (en) Communication terminal and communication system
EP3633949B1 (en) Method and system for performing ssl handshake
EP2545677A2 (en) Automated certificate management
CN103427995B (en) User authentication method, SSL (security socket layer) VPN (virtual private network) server and SSL VPN system
CN104301316A (en) Single sign-on system and implementation method thereof
JP2017507379A (en) Management and provision of cloud-connected devices
JP2017513151A (en) Private cloud connection device cluster architecture
CN103051631A (en) Unified security authentication method for PaaS (Platform as a Service) platform and SaaS (Software as a Service) application system
CN103795690A (en) Cloud access control method, proxy server, and cloud access control system
US9635024B2 (en) Methods for facilitating improved user authentication using persistent data and devices thereof
CN106535089B (en) Machine-to-machine virtual private network
CN111814131B (en) Method and device for equipment registration and configuration management
CN112994897A (en) Certificate query method, device, equipment and computer readable storage medium
CN109818774A (en) Automatic sensing asset acquisition device, method and computer readable storage medium
CN105812413B (en) Communication method and device
CN113784354B (en) Request conversion method and device based on gateway
CN110380857B (en) Digital certificate processing method and device, block chain node and storage medium
US20180109563A1 (en) Hub and Agent Communication Through a Firewall

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant