CN107306182B - A kind of method, client and server generating digital certificate - Google Patents

A kind of method, client and server generating digital certificate Download PDF

Info

Publication number
CN107306182B
CN107306182B CN201610244156.3A CN201610244156A CN107306182B CN 107306182 B CN107306182 B CN 107306182B CN 201610244156 A CN201610244156 A CN 201610244156A CN 107306182 B CN107306182 B CN 107306182B
Authority
CN
China
Prior art keywords
digital certificate
characteristic information
user
server
configuration file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610244156.3A
Other languages
Chinese (zh)
Other versions
CN107306182A (en
Inventor
冀学文
陈松
武凡羽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201610244156.3A priority Critical patent/CN107306182B/en
Publication of CN107306182A publication Critical patent/CN107306182A/en
Application granted granted Critical
Publication of CN107306182B publication Critical patent/CN107306182B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention provides a kind of method, client and servers for generating digital certificate, the method comprise the steps that the configuration file is sent in server when client receives the configuration file of user's input;Show the control for input feature vector information in the client;The characteristic information that user inputs in the control is received, and the characteristic information is sent to server, the server is used to call the configuration file according to the characteristic information, generates digital certificate files corresponding with the characteristic information;Receive the digital certificate files that the server returns.The embodiment of the present invention can automatically generate digital certificate files, configuration file without the hand-made digital certificate files of user and repeatedly is inputted, greatly improves the efficiency of digital certificate generation, reduces the probability of information error, digital certificate convenient for safeguarding saves maintenance time and human resources.

Description

A kind of method, client and server generating digital certificate
Technical field
The present invention relates to communication authentication technical fields, more particularly to a kind of method for generating digital certificate, a kind of generation The client of digital certificate and a kind of server for generating digital certificate.
Background technique
With the development of information technology, the more application scenarios of the multimedia service of high speed, broadband services are indoor and heat Point area, traditional cell mobile communication systems cannot meet this kind of demand, household base station (Home eNodeB, letter well Claim H (e) NB) birth solve this problem effectively.Wherein, H (e) NB is that one kind is small-sized, may be mounted at interior , the flexible base station of configuration, inexpensive, high-speed data transmission service can be provided for user.
In the system structure of H (e) NB, the air interface energy of UE (User Equipment, user equipment) and H (e) NB (UMTS Terrestrial Radio Access Network, the land of Universal Mobile Communication System wirelessly connects enough and UTRAN Network) in air interface backward compatibility.The SeGW (security gateway, security gateway) of core-network side represents core net It is mutually authenticated with H (e) NB, since H (e) NB is likely located in insincere region, H (e) NB core network access is then possible to It is unsafe, it is therefore desirable to the communication connection channel an of safety is established between H (e) NB and SeGW.
Before H (e) NB and SeGW are authenticated, H (e) NB needs the digital certificate and certificate of one H (e) NB of initial configuration Key, at the same in H (e) NB configure a gateway trusty server digital certificate list.In the prior art, it transports It is as follows that dimension personnel make the step of digital certificate of H (e) NB:
(1) openssl (security socket layer cryptographic libraries) environmental variance is modified;
(2) data of different provinces and cities' planning are filled in, such as: country, provinces and cities, city, company, department, host etc., according to rule It draws data and generates root certificate and oneself signature;
(3) it makes server certificate and signs;
(4) configuration file is modified;
(5) when making the digital certificate of H (e) NB, the data of different provinces and cities planning are filled in, such as: country, provinces and cities, city, Company, department, host etc., and be consistent with the input value of corresponding root certificate.
However, inventor, when implementing the prior art, at least there are the following problems for the discovery prior art:
(1) manual manufacture digital certificate, poor in timeliness, a working day are only capable of 30 digital certificates of production;
(2) it needs to input layout data twice, manually needs amount of input information big, be very easy to error;
(3) it in O&M, can just find the problem after digital certificate is often submitted to base station, it is generally difficult to take into account difference Network element, maintenance need to spend more manpower.
Summary of the invention
In view of the above problems, it proposes the embodiment of the present invention and overcomes the above problem or at least partly in order to provide one kind A kind of method of the generation digital certificate to solve the above problems and a kind of corresponding client and one kind for generating digital certificate Generate the server of digital certificate.
To solve the above-mentioned problems, the embodiment of the invention discloses a kind of method for generating digital certificate, the method packets It includes:
When client receives the configuration file of user's input, the configuration file is sent in server;
Show the control for input feature vector information in the client;
The characteristic information that user inputs in the control is received, and the characteristic information is sent to server, it is described Server is used to call the configuration file according to the characteristic information, generates digital certificate corresponding with the characteristic information File;
Receive the digital certificate files that the server returns.
Preferably, the characteristic information includes at least: the Base Serial Number for the digital certificate files for needing to generate, and, it needs The quantity for the digital certificate files to be generated.
Preferably, the method also includes:
The digital certificate files are distributed in the designated entities object of corresponding number respectively.
Preferably, the designated entities object includes Home eNodeB H (e) NB;The digital certificate text that the server returns Part is compressed file, and the compressed file includes multiple digital certificate files and corresponding configuration file;
It is described to include: by the step that the digital certificate files are distributed in the designated entities object of corresponding number respectively
The compressed file is decompressed, multiple digital certificate files and corresponding configuration file, the configuration file packet are obtained Include configuration script;
The multiple digital certificate files and corresponding configuration file are uploaded to respectively in the board of corresponding H (e) NB, In the board of H (e) NB, the configuration script is executed, the digital certificate files are mounted on H (e) NB's Designated position.
Preferably, the characteristic information for receiving user and being inputted in the control, and the characteristic information is sent to The step of server includes:
Receive the characteristic information that user inputs in the control;
Verify whether the characteristic information meets preset rules;
If it is not, then generate prompt information, meet the characteristic informations of preset rules to prompt user to re-enter;
If so, the characteristic information is sent to server.
Preferably, the characteristic information inputted in the control in the reception user, and the characteristic information is sent After the step of to server, further includes:
Receive user's confirmation message that server returns;
User's confirmation message is presented to user;
When detecting the confirmation operation that user is issued based on user's confirmation message, confirmation instruction is generated, and by institute State confirmation instruction and be sent to server, the server is used to instruct according to the confirmation, calls the configuration file, generate and The corresponding digital certificate files of the characteristic information.
The embodiment of the invention also discloses a kind of methods for generating digital certificate, which comprises
Receive the configuration file that client is sent;
Receive what client was sent, the characteristic information inputted in the control that user shows in the client;
According to the characteristic information, the configuration file is called, generates digital certificate text corresponding with the characteristic information Part;
The digital certificate files are returned into client.
Preferably, the characteristic information includes at least: the Base Serial Number for the digital certificate files for needing to generate, and, it needs The quantity for the digital certificate files to be generated;
It is described to call the configuration file according to the characteristic information, generate number card corresponding with the characteristic information The step of written matter includes:
The configuration file is called, the number with the quantity corresponding number of the digital certificate files for needing to generate is generated Certificate file;
The number of the digital certificate files generated using the Base Serial Number as first;
Based on the Base Serial Number, the number for the digital certificate files for naming other to generate in a manner of numbering and be incremented by.
Preferably, the configuration file is called according to the characteristic information described, generated corresponding with the characteristic information Digital certificate files the step of before, further includes:
User's confirmation message is generated based on the characteristic information;
User's confirmation message is returned to client, the client is used to user's confirmation message being presented to use Family, and when detecting the confirmation operation that user is issued based on user's confirmation message, confirmation instruction is generated, by the confirmation Instruction is sent to server.
The embodiment of the invention also discloses a kind of client for generating digital certificate, the client includes:
Configuration file sending module, for when receiving the configuration file of user's input, the configuration file to be sent Into server;
Control exposure module, for showing the control for input feature vector information in the client;
Characteristic information sending module, the characteristic information inputted in the control for receiving user, and by the feature Information is sent to server, and the server is used to call the configuration file according to the characteristic information, generate and the spy Reference ceases corresponding digital certificate files;
Digital certificate receiving module, the digital certificate files returned for receiving the server.
Preferably, the characteristic information includes at least: the Base Serial Number for the digital certificate files for needing to generate, and, it needs The quantity for the digital certificate files to be generated.
Preferably, the client further include:
Distribution module, for the digital certificate files to be distributed in the designated entities object of corresponding number respectively.
Preferably, the designated entities object includes Home eNodeB H (e) NB;The digital certificate text that the server returns Part is compressed file, and the compressed file includes multiple digital certificate files and corresponding configuration file;
The distribution module includes:
Submodule is decompressed, for decompressing the compressed file, obtains multiple digital certificate files and corresponding configuration file, The configuration file includes configuration script;
Certificate uploads submodule, for being respectively uploaded to the multiple digital certificate files and corresponding configuration file pair In the board of H (e) NB answered, in the board of H (e) NB, the configuration script is executed, by the digital certificate files It is mounted on the designated position of H (e) NB.
Preferably, the characteristic information sending module includes:
Characteristic information receiving submodule, the characteristic information inputted in the control for receiving user;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, then calling prompt submodule Block, if so, calling characteristic information sending submodule;
Prompting submodule meets the characteristic informations of preset rules for generating prompt information to prompt user to re-enter;
Characteristic information sending submodule, for the characteristic information to be sent to server.
Preferably, further includes:
Confirmation message receiving module, for receiving user's confirmation message of server return;
Confirmation message display module, for user's confirmation message to be presented to user;
Directive generation module is confirmed, for when the confirmation operation for detecting that user is issued based on user's confirmation message When, confirmation instruction being generated, and confirmation instruction is sent to server, the server is used to instruct according to the confirmation, The configuration file is called, digital certificate files corresponding with the characteristic information are generated.
The embodiment of the invention also discloses a kind of server for generating digital certificate, the server includes:
Configuration file receiving module, for receiving the configuration file of client transmission;
Characteristic information receiving module inputs in the control that user shows in the client for receiving client transmission Characteristic information;
Digital certificate generation module generates and the feature for calling the configuration file according to the characteristic information The corresponding digital certificate files of information;
Digital certificate sending module, for the digital certificate files to be returned to client.
Preferably, the characteristic information includes at least: the Base Serial Number for the digital certificate files for needing to generate, and, it needs The quantity for the digital certificate files to be generated;
The digital certificate generation module includes:
Certificates constructing submodule generates and the digital certificate files for needing to generate for calling the configuration file Quantity corresponding number digital certificate files;
First number submodule, the number of the digital certificate files for being generated using the Base Serial Number as first;
Second number submodule names the number of other generations for being based on the Base Serial Number in a manner of numbering and be incremented by The number of word certificate file.
Preferably, the server further include:
Confirmation message generation module, for generating user's confirmation message based on the characteristic information;
Confirmation message sending module, for returning to user's confirmation message to client, the client is used for institute It states user's confirmation message and is presented to user, and when detecting the confirmation operation that user is issued based on user's confirmation message, Confirmation instruction is generated, confirmation instruction is sent to server.
The embodiment of the present invention includes following advantages:
It in embodiments of the present invention, can be with when client receives the configuration file and characteristic information of user's input The configuration file and characteristic information are sent to server, server is automatically generated according to the configuration file and characteristic information Digital certificate files corresponding with characteristic information, without the hand-made digital certificate files of user and multiple input configuration text Part greatly improves the efficiency of digital certificate generation, reduces the probability of information error, and digital certificate convenient for safeguarding saves dimension Protect time and human resources.
Detailed description of the invention
Fig. 1 is a kind of step flow chart of the embodiment of the method one of generation digital certificate of the invention;
Fig. 2 is a kind of step flow chart of the embodiment of the method two of generation digital certificate of the invention;
Fig. 3 is the Nanocell configuration diagram in a kind of embodiment of the method two of generation digital certificate of the invention;
Fig. 4 is the identifying procedure figure in a kind of embodiment of the method two of generation digital certificate of the invention;
Fig. 5 is a kind of step flow chart of the embodiment of the method three of generation digital certificate of the invention;
Fig. 6 is a kind of structural block diagram of the client embodiment of generation digital certificate of the invention;
Fig. 7 is a kind of structural block diagram of the server example of generation digital certificate of the invention.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real Applying mode, the present invention is described in further detail.
One of the core concepts of the embodiments of the present invention is, automatically generates configuration script, as receiving user's input After number and the quantity of beginning, configuration file is called automatically, and the digital certificate of batch making H (e) NB can achieve 5 minutes and make The effect for making 1000 keys releases maintenance manpower.
Referring to Fig.1, a kind of step flow chart of the embodiment of the method one of generation digital certificate of the invention is shown, specifically It may include steps of:
Step 101, when client receives the configuration file of user's input, the configuration file is sent to server In;
Step 102, show the control for input feature vector information in the client;
Step 103, the characteristic information that user inputs in the control is received, and the characteristic information is sent to service Device;
The server is used to call the configuration file according to the characteristic information, generates and the characteristic information pair The digital certificate files answered.
Step 104, the digital certificate files that the server returns are received.
It in embodiments of the present invention, can be with when client receives the configuration file and characteristic information of user's input The configuration file and characteristic information are sent to server, server is automatically generated according to the configuration file and characteristic information Digital certificate files corresponding with characteristic information, without the hand-made digital certificate files of user and multiple input configuration text Part greatly improves the efficiency of digital certificate generation, reduces the probability of information error, and digital certificate convenient for safeguarding saves dimension Protect time and human resources.
Referring to Fig. 2, a kind of step flow chart of the embodiment of the method two of generation digital certificate of the invention is shown.
In a preferred embodiment of an embodiment of the present invention, the embodiment of the present invention can be applied to as Home eNodeB (Home eNodeB, abbreviation H (e) NB;Can be described as the base station Femto again) production digital certificate files scene.Home eNodeB is one Kind is small-sized, it is indoor to may be mounted at, the flexible base station of configuration, and low cost, high speed data transfer clothes can be provided for user Business.
H (e) NB can be deployed in Nanocell system, and Nanocell is to develop angle from the following mobile broadband network to propose The novel integrated Small Cell of one kind (radio access node of low-power works in authorization, unauthorized frequency spectrum, can To cover 10 meters to 200 meters of range) and WLAN (Wireless Local Area Networks, WLAN) movement Access product form and its system schema.On product form, Nanocell be one kind be integrated with the base station Small Cell and The radio reception device of WLAN AP (Wireless Access Point, wireless access points) function.On system schema, Nanocell provides Cellular Networks service and carrier-class WLAN service by the fusion of network.Nanocell is by operator in hot spot Or need to mend blind regional deployment and maintenance, equipment, signaling and data transmission security are guaranteed by reliable security mechanism.
NanoCell is located at network end-point, can by GPON (Gigabit-Capable PON, passive multi-plexing light accessing system) or PTN (Packet Transport Network, Packet Transport Network) or PpoE (PPP over Ethernet, the point on Ethernet To an agreement) etc. routes access.Especially if accessed by public network, the authenticity of equipment is there are problem, therefore most networking rings Ipsec (Internet Protocol Security, internet protocol security) secure accessing is used under border.
With reference to shown in the Nanocell configuration diagram of Fig. 3, Nanocell system may include smart phone, computer, The terminals such as pad, the base station TD-LTE Femto (i.e. H (e) NB), security gateway (Security Gateway, abbreviation SeGW), GW (GateWay, gateway), network management system and other support equipments (SGSN (Serving GPRS Support in such as Fig. 3 Node, service universal grouping wireless serving GPRS support node)/GGSN (Gateway GPRS Support Node, gateway general point Group radio service support nodes), MSC (Mobile Switching Center, mobile switching centre), MME (Mobility Management Entity, mobile management nodes), SGW (Serving GateWay, gateway), PGW (PDN GateWay, public data network gateway), HSS (Home Subscriber Server, user ascription area server), AAA (Authentication, Authorization, Accounting, verifying, authorization and accounting server), AC (Access Controller, wireless controller), PORTAL (certificate server).Wherein, H (e) NB can support TD-LTE (Time Division Long Term Evolution, time-division long term evolution)/TD-SCDMA (Time Division-Synchronous Code Division Multiple Access, TD SDMA) tri- kinds of standards of/WLAN, by backhaul network (including PON (Passive Optical Network, passive optical-fiber network), PTN, Ethernet etc.) access GW and AC, provide 3G, 4G and WIFI (WIreless-Fidelity, Wireless Fidelity) business.
In the maintenance of current TD-LTE wireless access network, SeGW provides one between H (e) NB and AG and carrier network The channel of item safety.SeGW is responsible for establishing between H (e) NB and keeps that safe ((netkey exchanges by IPSec/IKEv2 Agreement) Standard Encryption) connection.After setting up connection, H (e) NB is needed using the public key safety certificate signed to SeGW It is authenticated, can prevent malice from accessing in this way.Meanwhile VPN network (Virtual can be established between H (e) NB and SeGW Private Network, Virtual Private Network), and communication data is encrypted, guarantee safer communication.
As shown in table 1 below, before H (e) NB and SeGW are authenticated, H (e) NB needs the number of one H (e) NB of initial configuration Word certificate and credential key, at the same in H (e) NB configure a gateway trusty server digital certificate list, it is right It should be in the digital certificate of the server for the gateway that it will be received from SeGW.The server of a gateway is also configured in SeGW Digital certificate and credential key, at the same in SeGW configure H (e) NB trusty digital certificate list, correspond to its From the digital certificate of received H (e) NB of H (e) NB.
Table 1
It should be noted that wherein the root certificate of H (e) NB, the digital certificate of H (e) NB and credential key can be by same A CA (Certificate Authority, digital certificate authentication center) server generates;The clothes of the root certificate of SeGW, gateway The digital certificate and credential key of business device can also be generated by the same CA server.
With reference to the identifying procedure figure of Fig. 4, the identifying procedure of H (e) NB and SeGW is shown, in Fig. 4, first group of interaction (IKE_SA_INIT_REQUEST and IKE_SA_INIT_RESPONSE) is mainly used for negotiating SA (wildcard), the Two groups of interactions (IKE_AUTH_REQUEST and IKE_AUTH_RESPONSE) are used for the digital certificate and authentication of switching equipment Authenticate digital certificate.Both sides generate signature with credential key, and the information such as its digital certificate and signature are carried in IKE_AUTH It is swapped in message, recipient needs to check using the reliable list of cert and signature that locally save, for sentencing Whether disconnected authentication succeeds.
The embodiment of the present invention can make the digital certificate of H (e) NB with automatic batch, in the concrete realization, in production H (e) Before the digital certificate of NB, root certificate can be made for H (e) NB first, server certificate and H are then generated by the root certificate (e) digital certificate of NB.
In one embodiment, the making principles of root certificate can be with are as follows: uses different province's titles in input parameter To distinguish root certificate, one root certificate of corresponding province generation.The parameter of root certificate can be inputted using fixed default template, To preset template according to this, root certificate and corresponding key pair (public key and private key) are generated using general method, with side The phase gives birth to the digital certificate files of H (e) NB in batches on this basis after an action of the bowels.
As an example, the parameter inputted when generating root certificate is as shown in table 2 below:
Table 2
It should be noted that planning value is to customize the value of root certificate, tool of the embodiment of the present invention to planning value in table 2 Body value is with no restriction.
After generating root certificate, a corresponding root certificate generates a server certificate and can use in the concrete realization General server certificate generation method generates server certificate and corresponding key pair.
After generating root certificate and server certificate, then the embodiment of the present invention can be executed, generate the number of H (e) NB Certificate file, wherein corresponding H (e) NB generates a digital certificate files, the digital certificate files serial number, the volume Number save it is unique in range, such as hnb1, hnb2 ....
In the concrete realization, the digital certificate files of H (e) NB may include the digital certificate of H (e) NB and be somebody's turn to do The credential key (including public key and private key) of digital certificate, the mark of the digital certificate of H (e) NB can be expressed as number Certificate name+number;The mark of the credential key of one H (e) NB can be expressed as key title+number.Wherein, digital certificate And the number of corresponding key is sequentially numbered from Base Serial Number, the coding rule of the two is unified, i.e. a digital certificate File uses a unified number, the number phase of the number of digital certificate and credential key therein with digital certificate files Together.
Specifically, the embodiment of the present invention may include steps of:
Step 201, when client receives the configuration file of user's input, the configuration file is sent to server In;
Applied to the embodiment of the present invention, user can input corresponding configuration by the information input interface that client shows File, alternatively, user can also pass through the upload interface upload configuration file of client.
As a kind of example of the embodiment of the present invention, which may include the one or more of following information: from The dynamic configuration script generated, system configuration information (including openssl.conf, ipsec.conf, strongswan.conf etc.), Root certificate, digital certificate of server etc..For example, the partial content that the configuration file based on H (e) NB includes can be such as the following table 3 It is shown:
Table 3
In the concrete realization, root certificate and server certificate can be uploaded to client by user, can also be merely entered The mark (for example, saving name) of root certificate and server certificate obtains corresponding root certificate and service from local by client Device certificate.
After client receives the configuration file of user's input, which may further be sent to server In.
Step 202, show the control for input feature vector information in the client;
After configuration file is sent to server by client, it can show in the client for input feature vector information Control, wherein the control is as providing user's interface of input feature vector information.
In one embodiment, the corresponding encoded information of the control can store in client local, when client is sent out After sending configuration file to server, client obtains the corresponding encoded information of the control from local, and renders coding letter Breath, to show corresponding control in the interface of client.
In another embodiment, the corresponding encoded information of the control also can store in the server, work as server After receiving configuration file, certificates constructing main program can be executed, it is corresponding to client return control using the main program Encoded information after client receives the encoded information, renders the encoded information, to show corresponding control to user Part.
Step 203, the characteristic information that user inputs in the control is received, and the characteristic information is sent to service Device;
As a kind of preferable example of the embodiment of the present invention, the control showed at least may include Base Serial Number input control Part, and, quantity input control, then corresponding characteristic information at least may include: rising for the digital certificate files for needing to generate Begin number, and, the quantity for the digital certificate files for needing to generate.For example, it is desired to which the starting of the digital certificate files generated is compiled It number is 99, the quantity of the digital certificate files for needing to generate is 10.
In a preferred embodiment of an embodiment of the present invention, step 203 may include following sub-step:
Sub-step S11 receives the characteristic information that user inputs in the control;
Sub-step S12, verifies whether the characteristic information meets preset rules;If it is not, then executing sub-step S13;If so, Then execute sub-step S14;
Sub-step S13 generates prompt information, meets the characteristic informations of preset rules to prompt user to re-enter;
The characteristic information is sent to server by sub-step S14.
Specifically, can be checked automatically this feature letter first after client receives user's input feature vector information Whether breath meets preset rules, and in one embodiment, which can be whole to judge whether this feature information is positive Several rules then can be determined that this feature information meets preset rules when the characteristic information of input is positive integer, and by the spy Reference breath is sent to server;If the characteristic information of input is not positive integer, it is default to can be determined that this feature information is not met Rule at this point it is possible to generate prompt information, and will be prompted to information and be presented to user, with prompt user re-enter meet it is default The characteristic information of rule, for example, prompting input error, and want if the characteristic information of user's input is 9.9 or character a, b etc. It asks and re-enters correct positive integer.
Step 204, user's confirmation message that server returns is received, user's confirmation message is presented to user;
In server side, after server receives characteristic information, user's confirmation can be generated based on this feature information Whether information, the characteristic information which is used to that user to be requested to reaffirm input are feature letter needed for oneself Breath, for example, user's confirmation message can for " Are you sure (you determine ) [y/n]: ".
After server generates user's confirmation message, user's confirmation message is returned to client.Then in client, rendering User's confirmation message, to show user's confirmation message to user.
Step 205, it when detecting the confirmation operation that user is issued based on user's confirmation message, generates confirmation and refers to It enables, and confirmation instruction is sent to server;
User can input corresponding operation for user's confirmation message, for example, the input characters such as " n " or non-" y " Negative operation or not confirmation operation, alternatively, the confirmation operation of the input characters such as " y " or " determination ".
When client detects that user is based on user's confirmation message sending confirmation operation, confirmation instruction can be generated, And confirmation instruction is sent to server.
When client detects that user is based on user's confirmation message sending negative operation, exit instruction can be generated, And the exit instruction is sent to server.
In server side, when receiving exit instruction, then current main program is exited.
It when receiving confirmation instruction, then can be instructed according to the confirmation, execute configuration file, generated and characteristic information pair The digital certificate files answered.
In a preferred embodiment of an embodiment of the present invention, server can generate digital certificate text in the following way Part: calling the configuration file, generates the digital certificate with the quantity corresponding number of the digital certificate files for needing to generate File;The number of the digital certificate files generated using the Base Serial Number as first;Based on the Base Serial Number, with number The number for the digital certificate files that incremental mode names other to generate.
Applied to the embodiment of the present invention, openssl interface and bash interface can integrate in server, which uses It is parsed in configuration file, after server receives confirmation instruction, the bash interface is called to parse configuration file, judgement With the presence or absence of necessary configuration information in the executable environment for generating digital certificate files in configuration file, if there is no necessity Configuration information, then generation error prompt.
If there is necessary configuration information, then openssl interface is called to execute corresponding configuration file, for example, executing Openssl configuration information obtains the digital certificate files with the quantity respective numbers of the digital certificate files for needing to generate, And using Base Serial Number as first generate digital certificate files number, other generate digital certificate files number with The Base Serial Number is incremented by name.
For example, it is desired to the Base Serial Number of the digital certificate files generated is 99, the number for the digital certificate files for needing to generate Amount is 10, then the number of the digital certificate files of first generation is 99, and the number of the digital certificate files of second generation is 100, the number of the digital certificate files of second generation is 101 ..., and the number of the digital certificate files of the 10th generation is 108。
After server generates required amount of digital certificate files, packing routine interface can be called, by the required number The digital certificate files and configuration file of amount are packaged into a compressed package, and the compressed package is sent to client.For example, adjusting With routine interface is packaged, by caCert.pem, hnb*Cert.pem (digital certificate of H (e) NB), hnb*Key.pem (H (e) NB Credential key), ipsec.secrets, segwCert.pem, config.sh, ipsec.conf, strongswan.conf etc. Compressing file is sent to client at a compressed package, and by the compressed package.
In the concrete realization, during server generates digital certificate files, log recording can also be generated, the log Record is for recording all operation informations in digital certificate files generating process.
Step 206, the digital certificate files that the server returns are received;
Step 207, the digital certificate files are distributed in Home eNodeB H (e) NB of corresponding number respectively.
In a preferred embodiment of an embodiment of the present invention, step 207 may include following sub-step:
Sub-step S11 decompresses the compressed file, obtains multiple digital certificate files and corresponding configuration file, described Configuration file includes configuration script;
The multiple digital certificate files and corresponding configuration file are uploaded to corresponding H (e) respectively by sub-step S12 In the board of NB, in the board of H (e) NB, the configuration script is executed, the digital certificate files are mounted on institute State the designated position of H (e) NB.
In client local, the compressed package can be decompressed, multiple digital certificate files and corresponding configuration file, example are obtained Such as, after decompression, obtain caCert.pem, hnb*Cert.pem, hnb*Key.pem, ipsec.secrets, segwCert.pem, The files such as config.sh, ipsec.conf, strongswan.conf.
After digital certificate files after being decompressed, FTP (File Transfer Protocol, file can be passed through Transport protocol) etc. file transfer conveyances the folder content after decompression is uploaded to corresponding H (e) NB board temporary folder In (such as/tmp file), at this point it is possible to the number of the digital certificate files and the corresponding relationship of H (e) NB mark are generated, with The digital certificate files are associated with H (e) NB.
Then configuration script ./config.sh is executed in temporary file, then can be installed to digital certificate files pair In the designated position of H (e) NB answered.
As an example, the digital certificate and its credential key of the configuration file in table 3 and H (e) NB of generation are in H (e) path installed in NB is as shown in table 4 below:
Table 4
In order to make those skilled in the art can better understand that the embodiment of the present invention, below by way of a specific example pair The embodiment of the present invention is subject to exemplary illustration, but it should be stated that, the embodiment of the present invention is not limited to this.
(1) client configuration file is uploaded onto the server /etc/pki/CA catalogue under;
(2) server executes digital certificate and generates main program;
(3) server, which checks, whether there is necessary configuration information in configuration file;
(4) necessary configuration information if it exists then shows control to user by client, and receives user and pass through control The characteristic information of input, this feature information include the Base Serial Number (e.g., 99) for needing the digital certificate files generated, and, it needs The quantity (e.g., 30) for the digital certificate files to be generated;
(5) server by client to user show user's confirmation message " Are you sure [y/n]: (whether you Determine ) ";
(6) it when user inputs the character of " n " or non-" y ", exits digital certificate and generates main program;If user inputs When " y " character, configuration file is called, generates 30 digital certificate files, and to 30 digital certificate files from Base Serial Number Sequentially number;
(7) 30 digital certificate files and configuration file are compressed, generate the compressed package for being named as hnb99.tar.gz, The compressed package is returned into client;
(8) after client receives compressed package, the compressed package is decompressed, 30 digital certificate files that will be obtained after decompression And corresponding configuration file is distributed in corresponding 30 H (e) NB;
(9) configuration script is executed in each H (e) NB respectively, then corresponding digital certificate files can be mounted on the H (e) under the specified directory of NB.
In embodiments of the present invention, the characteristic information that can be inputted automatically according to the configuration file of H (e) NB and user, Mass production meets the digital certificate files of characteristic information, greatly improves the efficiency of digital certificate files generation, tests number According to showing according to embodiments of the present invention, the production of thousands of certificate files can be completed within 5 minutes.
In addition, the embodiment of the present invention can automatically generate configuration script, it is not necessarily to the secondary editor's layout data of operation maintenance personnel, is subtracted The probability of few layout data error.
In addition, can then be easy to be pin-pointed to error due to Mass production digital certificate files of the embodiment of the present invention The problem of, overcome the problems, such as the defect that inefficiency is positioned manually, takes time and effort, save manpower, reduce base station maintenance cost, improves Base station maintenance quality.
Referring to Fig. 5, a kind of step flow chart of the embodiment of the method three of generation digital certificate of the invention, this hair are shown Bright embodiment is described from server side, can specifically include following steps:
Step 501, the configuration file that client is sent is received;
Step 502, receive what client was sent, the characteristic information inputted in the control that user shows in the client;
Step 503, according to the characteristic information, the configuration file is called, generates number corresponding with the characteristic information Word certificate file;
Step 504, the digital certificate files are returned into client.
In a preferred embodiment of an embodiment of the present invention, the characteristic information includes at least: the number for needing to generate The Base Serial Number of certificate file, and, the quantity for the digital certificate files for needing to generate;
The step 503 may include following sub-step:
Sub-step S21 calls the configuration file, generates corresponding with the quantity of digital certificate files for needing to generate The digital certificate files of quantity;
Sub-step S22, the number of the digital certificate files generated using the Base Serial Number as first;
Sub-step S23 is based on the Base Serial Number, the digital certificate files for naming other to generate in a manner of numbering and be incremented by Number.
In a preferred embodiment of an embodiment of the present invention, before step 503, can also include the following steps:
User's confirmation message is generated based on the characteristic information;
User's confirmation message is returned to client, the client is used to user's confirmation message being presented to use Family, and when detecting the confirmation operation that user is issued based on user's confirmation message, confirmation instruction is generated, by the confirmation Instruction is sent to server.
For the embodiment of the method for Fig. 5, since it is substantially similar to the embodiment of the method for above-mentioned Fig. 2, so description Fairly simple, the part explanation of the embodiment of the method for related place referring to fig. 2.
It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented Necessary to example.
Referring to Fig. 6, a kind of structural block diagram of the client embodiment of generation digital certificate of the invention is shown, specifically may be used To include following module:
Configuration file sending module 601, for when receiving the configuration file of user's input, the configuration file to be sent out It send into server;
Control exposure module 602, for showing the control for input feature vector information in the client;
Characteristic information sending module 603, the characteristic information inputted in the control for receiving user, and by the spy Reference breath is sent to server, and the server is used to call the configuration file according to the characteristic information, generate with it is described The corresponding digital certificate files of characteristic information;
Digital certificate receiving module 604, the digital certificate files returned for receiving the server.
In a preferred embodiment of an embodiment of the present invention, the characteristic information includes at least: the number for needing to generate The Base Serial Number of certificate file, and, the quantity for the digital certificate files for needing to generate.
In a preferred embodiment of an embodiment of the present invention, the client can also include following module:
Distribution module, for the digital certificate files to be distributed in the designated entities object of corresponding number respectively.
In a preferred embodiment of an embodiment of the present invention, the designated entities object includes Home eNodeB H (e) NB; The digital certificate files that the server returns are compressed file, and the compressed file includes multiple digital certificate files and right The configuration file answered;
The distribution module can further include following submodule:
Submodule is decompressed, for decompressing the compressed file, obtains multiple digital certificate files and corresponding configuration file, The configuration file includes configuration script;
Certificate uploads submodule, for being respectively uploaded to the multiple digital certificate files and corresponding configuration file pair In the board of H (e) NB answered, in the board of H (e) NB, the configuration script is executed, by the digital certificate files It is mounted on the designated position of H (e) NB.
In a preferred embodiment of an embodiment of the present invention, the characteristic information sending module 603 may include as follows Submodule:
Characteristic information receiving submodule, the characteristic information inputted in the control for receiving user;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, then calling prompt submodule Block, if so, calling characteristic information sending submodule;
Prompting submodule meets the characteristic informations of preset rules for generating prompt information to prompt user to re-enter;
Characteristic information sending submodule, for the characteristic information to be sent to server.
In a preferred embodiment of an embodiment of the present invention, the client can also include following module:
Confirmation message receiving module, for receiving user's confirmation message of server return;
Confirmation message display module, for user's confirmation message to be presented to user;
Directive generation module is confirmed, for when the confirmation operation for detecting that user is issued based on user's confirmation message When, confirmation instruction being generated, and confirmation instruction is sent to server, the server is used to instruct according to the confirmation, The configuration file is called, digital certificate files corresponding with the characteristic information are generated.
For client embodiment, since it is substantially similar to above-mentioned embodiment of the method, so the comparison of description Simply, the relevent part can refer to the partial explaination of embodiments of method.
Referring to Fig. 7, a kind of structural block diagram of the server example of generation digital certificate of the invention is shown, specifically may be used To include following module:
Configuration file receiving module 701, for receiving the configuration file of client transmission;
Characteristic information receiving module 702, it is defeated in the control that user shows in the client for receiving client transmission The characteristic information entered;
Digital certificate generation module 703, for according to the characteristic information, calling the configuration file, generate with it is described The corresponding digital certificate files of characteristic information;
Digital certificate sending module 704, for the digital certificate files to be returned to client.
In a preferred embodiment of an embodiment of the present invention, the characteristic information includes at least: the number for needing to generate The Base Serial Number of certificate file, and, the quantity for the digital certificate files for needing to generate;
The digital certificate generation module 703 may include following submodule:
Certificates constructing submodule generates and the digital certificate files for needing to generate for calling the configuration file Quantity corresponding number digital certificate files;
First number submodule, the number of the digital certificate files for being generated using the Base Serial Number as first;
Second number submodule names the number of other generations for being based on the Base Serial Number in a manner of numbering and be incremented by The number of word certificate file.
In a preferred embodiment of an embodiment of the present invention, the server can also include following module:
Confirmation message generation module, for generating user's confirmation message based on the characteristic information;
Confirmation message sending module, for returning to user's confirmation message to client, the client is used for institute It states user's confirmation message and is presented to user, and when detecting the confirmation operation that user is issued based on user's confirmation message, Confirmation instruction is generated, confirmation instruction is sent to server.
For server example, since it is substantially similar to above-mentioned embodiment of the method, so the comparison of description Simply, the relevent part can refer to the partial explaination of embodiments of method.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Above to it is provided by the present invention it is a kind of generate digital certificate method, client and server carried out detailed Jie It continues, used herein a specific example illustrates the principle and implementation of the invention, and the explanation of above embodiments is only It is to be used to help understand method and its core concept of the invention;At the same time, for those skilled in the art, according to this hair Bright thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not manage Solution is limitation of the present invention.

Claims (18)

1. a kind of method for generating digital certificate, which is characterized in that the described method includes:
When client receives the configuration file of user's input, the configuration file is sent in server;In client In show control for input feature vector information;The control includes Base Serial Number input control, and, quantity input control;
The characteristic information that user inputs in the control is received, and the characteristic information is sent to server, the service Device is used to call the configuration file according to the characteristic information, generates digital certificate files corresponding with the characteristic information;
Receive the digital certificate files that the server returns.
2. the method according to claim 1, wherein the characteristic information includes at least: the number for needing to generate The Base Serial Number of certificate file, and, the quantity for the digital certificate files for needing to generate.
3. according to the method described in claim 2, it is characterized by further comprising:
The digital certificate files are distributed in the designated entities object of corresponding number respectively.
4. according to the method described in claim 3, it is characterized in that, the designated entities object includes Home eNodeB H (e) NB; The digital certificate files that the server returns are compressed file, and the compressed file includes multiple digital certificate files and right The configuration file answered;
It is described to include: by the step that the digital certificate files are distributed in the designated entities object of corresponding number respectively
The compressed file is decompressed, multiple digital certificate files and corresponding configuration file are obtained, the configuration file includes matching Set script;
The multiple digital certificate files and corresponding configuration file are uploaded to respectively in the board of corresponding H (e) NB, in institute In the board for stating H (e) NB, the configuration script is executed, the digital certificate files are mounted on the specified of H (e) NB Position.
5. method according to claim 1-4, which is characterized in that the reception user inputs in the control Characteristic information, and the step of characteristic information is sent to server includes:
Receive the characteristic information that user inputs in the control;
Verify whether the characteristic information meets preset rules;
If it is not, then generate prompt information, meet the characteristic informations of preset rules to prompt user to re-enter;
If so, the characteristic information is sent to server.
6. method according to claim 1-4, which is characterized in that defeated in the control in the reception user The characteristic information entered, and after the step of characteristic information is sent to server, further includes:
Receive user's confirmation message that server returns;
User's confirmation message is presented to user;
When detecting the confirmation operation that user is issued based on user's confirmation message, confirmation instruction is generated, and will be described true Recognize instruction and be sent to server, the server is used to instruct according to the confirmation, call the configuration file, generation with it is described The corresponding digital certificate files of characteristic information.
7. a kind of method for generating digital certificate, which is characterized in that the described method includes:
Receive the configuration file that client is sent;
Receive what client was sent, the characteristic information inputted in the control that user shows in the client;The control includes Begin number input control, and, quantity input control;
According to the characteristic information, the configuration file is called, generates digital certificate files corresponding with the characteristic information;
The digital certificate files are returned into client.
8. the method according to the description of claim 7 is characterized in that the characteristic information includes at least: the number for needing to generate The Base Serial Number of certificate file, and, the quantity for the digital certificate files for needing to generate;
It is described to call the configuration file according to the characteristic information, generate digital certificate text corresponding with the characteristic information The step of part includes:
The configuration file is called, the digital certificate with the quantity corresponding number of the digital certificate files for needing to generate is generated File;
The number of the digital certificate files generated using the Base Serial Number as first;
Based on the Base Serial Number, the number for the digital certificate files for naming other to generate in a manner of numbering and be incremented by.
9. method according to claim 7 or 8, which is characterized in that described according to the characteristic information, match described in calling Before the step of setting file, generating digital certificate files corresponding with the characteristic information, further includes:
User's confirmation message is generated based on the characteristic information;
User's confirmation message is returned to client, the client is used to user's confirmation message being presented to user, And when detecting the confirmation operation that user is issued based on user's confirmation message, confirmation instruction is generated, the confirmation is referred to Order is sent to server.
10. a kind of client for generating digital certificate, which is characterized in that the client includes:
Configuration file sending module, for when receiving the configuration file of user's input, the configuration file to be sent to clothes It is engaged in device;
Control exposure module, for showing the control for input feature vector information in the client;The control includes that starting is compiled Number input control, and, quantity input control;
Characteristic information sending module, the characteristic information inputted in the control for receiving user, and by the characteristic information It is sent to server, the server is used to call the configuration file according to the characteristic information, generates and believe with the feature Cease corresponding digital certificate files;
Digital certificate receiving module, the digital certificate files returned for receiving the server.
11. client according to claim 10, which is characterized in that the characteristic information includes at least: needing to generate The Base Serial Number of digital certificate files, and, the quantity for the digital certificate files for needing to generate.
12. client according to claim 11, which is characterized in that further include:
Distribution module, for the digital certificate files to be distributed in the designated entities object of corresponding number respectively.
13. client according to claim 12, which is characterized in that the designated entities object includes Home eNodeB H (e) NB;The digital certificate files that the server returns are compressed file, the compressed file include multiple digital certificate files with And corresponding configuration file;
The distribution module includes:
Submodule is decompressed, for decompressing the compressed file, obtains multiple digital certificate files and corresponding configuration file, it is described Configuration file includes configuration script;
Certificate uploads submodule, is uploaded to the multiple digital certificate files and corresponding configuration file for respectively corresponding In the board of H (e) NB, in the board of H (e) NB, the configuration script is executed, the digital certificate files are installed In the designated position of H (e) NB.
14. the described in any item clients of 0-13 according to claim 1, which is characterized in that the characteristic information sending module packet It includes:
Characteristic information receiving submodule, the characteristic information inputted in the control for receiving user;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, prompting submodule is then called, if It is then to call characteristic information sending submodule;
Prompting submodule meets the characteristic informations of preset rules for generating prompt information to prompt user to re-enter;
Characteristic information sending submodule, for the characteristic information to be sent to server.
15. the described in any item clients of 0-13 according to claim 1, which is characterized in that further include:
Confirmation message receiving module, for receiving user's confirmation message of server return;
Confirmation message display module, for user's confirmation message to be presented to user;
Directive generation module is confirmed, for giving birth to when detecting the confirmation operation that user is issued based on user's confirmation message It is instructed at confirmation, and confirmation instruction is sent to server, the server is used to instruct according to the confirmation, calls institute Configuration file is stated, digital certificate files corresponding with the characteristic information are generated.
16. a kind of server for generating digital certificate, which is characterized in that the server includes:
Configuration file receiving module, for receiving the configuration file of client transmission;
Characteristic information receiving module, for receiving client transmission, the spy inputted in the control that user shows in the client Reference breath;The control includes Base Serial Number input control, and, quantity input control;
Digital certificate generation module generates and the characteristic information for calling the configuration file according to the characteristic information Corresponding digital certificate files;
Digital certificate sending module, for the digital certificate files to be returned to client.
17. server according to claim 16, which is characterized in that the characteristic information includes at least: needing to generate The Base Serial Number of digital certificate files, and, the quantity for the digital certificate files for needing to generate;
The digital certificate generation module includes:
Certificates constructing submodule generates the number with the digital certificate files for needing to generate for calling the configuration file Measure the digital certificate files of corresponding number;
First number submodule, the number of the digital certificate files for being generated using the Base Serial Number as first;
Second number submodule names the number card of other generations for being based on the Base Serial Number in a manner of numbering and be incremented by The number of written matter.
18. server according to claim 16 or 17, which is characterized in that further include:
Confirmation message generation module, for generating user's confirmation message based on the characteristic information;
Confirmation message sending module, for returning to user's confirmation message to client, the client is used for the use Family confirmation message is presented to user, and when detecting the confirmation operation that user is issued based on user's confirmation message, generates Confirmation instruction is sent to server by confirmation instruction.
CN201610244156.3A 2016-04-19 2016-04-19 A kind of method, client and server generating digital certificate Active CN107306182B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610244156.3A CN107306182B (en) 2016-04-19 2016-04-19 A kind of method, client and server generating digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610244156.3A CN107306182B (en) 2016-04-19 2016-04-19 A kind of method, client and server generating digital certificate

Publications (2)

Publication Number Publication Date
CN107306182A CN107306182A (en) 2017-10-31
CN107306182B true CN107306182B (en) 2019-11-22

Family

ID=60152227

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610244156.3A Active CN107306182B (en) 2016-04-19 2016-04-19 A kind of method, client and server generating digital certificate

Country Status (1)

Country Link
CN (1) CN107306182B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019339B (en) * 2019-05-31 2024-02-27 西安理邦科学仪器有限公司 Automatic distribution method and device for digital certificates
CN114615309B (en) * 2022-01-18 2024-03-15 奇安信科技集团股份有限公司 Client access control method, device, system, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388771A (en) * 2007-09-10 2009-03-18 捷德(中国)信息科技有限公司 Method and system for downloading digital certificate
CN104683107A (en) * 2015-02-28 2015-06-03 深圳市思迪信息技术有限公司 Digital certificate storage method and device, and digital signature method and device
CN105007277A (en) * 2015-07-30 2015-10-28 浪潮电子信息产业股份有限公司 Method for generating user certificate and web application

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8370626B2 (en) * 2009-08-12 2013-02-05 General Instrument Corporation Method and apparatus for a configurable online public key infrastructure (PKI) management system
US9118486B2 (en) * 2013-05-21 2015-08-25 Cisco Technology, Inc. Revocation of public key infrastructure signatures

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388771A (en) * 2007-09-10 2009-03-18 捷德(中国)信息科技有限公司 Method and system for downloading digital certificate
CN104683107A (en) * 2015-02-28 2015-06-03 深圳市思迪信息技术有限公司 Digital certificate storage method and device, and digital signature method and device
CN105007277A (en) * 2015-07-30 2015-10-28 浪潮电子信息产业股份有限公司 Method for generating user certificate and web application

Also Published As

Publication number Publication date
CN107306182A (en) 2017-10-31

Similar Documents

Publication Publication Date Title
CN109428717B (en) Managing embedded universal integrated circuit card deployments with multiple certificate issuers
CN105101194B (en) Terminal security authentication method, apparatus and system
JP6752218B2 (en) Methods and devices for managing terminal profiles in wireless communication systems
CN111726804B (en) Unified authentication for integrating small cells and Wi-Fi networks
CN101183938B (en) Wireless network security transmission method, system and equipment
CN103460736B (en) The flexible system and method for managing digital certificate in the wireless network
CN108012267A (en) A kind of method for network authorization, relevant device and system
CN108781216A (en) Method and apparatus for network insertion
CN110417797A (en) Authenticate the method and device of user
BRPI0716507B1 (en) security authentication and key management method and method for communicating between a top level key maintainer and a level one key maintainer
US10212144B2 (en) Digital credential with embedded authentication instructions
CN103688563A (en) Performing a group authentication and key agreement procedure
EP3751817A1 (en) Method of dynamically provisioning a key for authentication in relay device
US11956626B2 (en) Cryptographic key generation for mobile communications device
CN109496412A (en) Use the verifying of privacy identification code
CN106302345B (en) A kind of terminal authentication method and device
CN105493527A (en) Wireless communication equipment and wireless communication method
CN107306182B (en) A kind of method, client and server generating digital certificate
CN107735980A (en) The configuration and certification of wireless device
CN112929876A (en) Data processing method and device based on 5G core network
CN105681268B (en) Data transferring method and device
CN113841366A (en) Communication method and device
CN204929264U (en) Certification system of basic station, first network equipment and basic station
CN104168566A (en) Network accessing method and device
CN114786179B (en) Non-cellular terminal authentication method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant