该文介绍了一种主机/代理系统和安全证书管理基础设施的改进方法,旨在实现新版本管理工具的升级,同时保持与现有代理的后向兼容,避免重新生成和分发安全证书。通过将证书管理移出管理主机过程并嵌入新的认证权威实体,新的认证权威使用旧的主机私钥生成数字签名的安全证书,确保已分发证书的持续有效。
摘要:
A host/agent system and security-certificate-management infrastructure enhanced to provide backward compatibility, despite launching of new administrative host processes employing new software versions, to avoid regenerating and redistributing security certificates to existing agents. Certificate management is removed from the administrative host process and embedded within a new certification-authority entity. The new certification-authority entity generates new digitally signed security certificates using the previously generated host private decryption key, inherited as the new CA private decryption key by the CA. The administrative host software can be upgraded to a new version that includes security-certificate-management tools provided by a new vendor, without the need for generation of a new encryption/decryption key pair for verifying and digitally signing security certificates and concomitant obsolescence of the existing, already distributed security certificates.
展开
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
