此内容没有您所选择的语言版本。
5.3. Transport Security Authentication Modes
The following authentication modes are available:
anonymous- No certificates are exchanged. Settings are not needed for the keystore and truststore properties. The client must have
org.teiid.ssl.allowAnonset to true (the default) to connect to an anonymous server. Communications are encrypted using the TLS_DH_anon_WITH_AES_128_CBC_SHA SSL cipher suite. This is suitable for most secure intranets.Important
Anonymous SSL fails to work if you are using IBM's JDK. 1-way- Athenticates the server to the client. The server presents a certificate which is signed by the private key stored in the server's keystore. The server's corresponding public key must be in the client's truststore.
2-way- Mutual client and server authentication. The server presents a certificate which is signed by the private key stored in the server's keystore. The server's corresponding public key must be in the client's truststore. Additionally, the client presents a certificate signed by its private key stored in the client's keystore. The client's corresponsing public key must be in the server's truststore.
Note
You can use keytool to generate encryption keys; however, you should first consider your local requirements for managing public key cryptography.
See Also:
