Windows 上的 X.509 證書入門 (Primer for X.509 certificates on Windows)

問題描述

Windows 上的 X.509 證書入門 (Primer for X.509 certificates on Windows)

我目前正在研究通過 WSE 3.0 或 WCF 對 SOAP 消息進行加密和簽名的主題。由於我沒有參與過涉及公共 Internet 的分佈式應用程序開發，因此我發現我對 X.509 證書及其在 Windows 證書存儲機制中的工作原理缺乏了解。這與非對稱密碼學無關；這是關於PKI生態系統的。

因此我想收集一些文章或書籍來全面解釋Windows的安全機制，如何正確使用和管理證書存儲，CA信任鏈，以及 WSE 或 WCF 等 API 如何交互和使用證書。推薦？

參考解法

方法 1:

Everyone using (or thinking of using) X.509 certificates should be forced to read this: Everything you Never Wanted to Know about PKI but were Forced to Find Out, as well as X.509 Style guide, both by Peter Gutmann.

方法 2:

I think the base starting point to understanding the Windows implementation of PKI has to come from TechNet

PKI segment http://technet.microsoft.com/en‑us/library/cc757327(WS.10).aspx

Certificates overview http://technet.microsoft.com/en‑us/library/cc784662(WS.10).aspx

Certificate services http://technet.microsoft.com/en‑us/library/cc783511(WS.10).aspx

Certificate templates http://technet.microsoft.com/en‑us/library/cc758496(WS.10).aspx

方法 3:

"Learning WCF" by Michele Bustamente has a good overview chapter on WCF security, including some basic discussion on X.509 certificates.

方法 4:

From the MSDN:

How to: Decrypt XML with x509

How to: Encrypt XML with x509

(by icelava、Teddy、icelava、ng5000、mirezus)

參考文件

1. Primer for X.509 certificates on Windows (CC BY‑SA 2.5/3.0/4.0)