CN110381077A - For the treating method and apparatus of digital certificate - Google Patents
For the treating method and apparatus of digital certificate Download PDFInfo
- Publication number
- CN110381077A CN110381077A CN201910688335.XA CN201910688335A CN110381077A CN 110381077 A CN110381077 A CN 110381077A CN 201910688335 A CN201910688335 A CN 201910688335A CN 110381077 A CN110381077 A CN 110381077A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- downloading
- client
- application server
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
Present disclose provides a kind of processing methods for digital certificate by client executing, this method comprises: sending digital certificate downloading request to application server;And in the case where application server has cached digital certificate in advance and downloaded the digital certificate for requesting downloading, application server responses are obtained in digital certificate and download request and the digital certificate of return cached in advance.The disclosure additionally provide it is a kind of by application server execute for digital certificate processing method, it is a kind of by digital certificate CA server execution for the processing method of digital certificate, a kind of client, a kind of application server, a kind of digital certificate CA server, a kind of electronic equipment and a kind of computer readable storage medium.
Description
Technical field
This disclosure relates to field of computer technology, more particularly to one kind by client, application server and digital certificate
Server execute respectively for the processing method and client of digital certificate, application server and digital certificate server.
Background technique
Digital certificate is the string number that communication parties identity information is identified in internet communication, it provides one kind mutual
Join the mode of the identity of line verification communication entity.
Currently, exist in production status much as user misoperation or network flash and caused by under digital certificate
The problem of load/update is interrupted.In the related art, once there is disruption in digital certificate downloading/update, then can not send out again
Play downloading/update request.
Summary of the invention
An aspect of this disclosure provides a kind of processing method for digital certificate by client executing, comprising:
Digital certificate downloading request is sent to application server;And digital certificate downloading request institute has been cached in advance in application server
In the case where the digital certificate for requesting downloading, application server responses are obtained in digital certificate downloads request and returns preparatory slow
The digital certificate deposited.
Optionally, the method also includes: be directed to the digital certificate, it is determined whether obtained success;And if really
It is fixed to have obtained success, then notify the application server to remove the digital certificate cached in advance.
Optionally, the method also includes the case where the application server does not cache the digital certificate in advance
Under: obtain the first digital certificate that digital certificate CA server downloads request in response to the digital certificate and generates and return.
Optionally, the method also includes: determine obtain the digital certificate it is whether out of date;If it is determined that obtain
The digital certificate is out of date, then sends updating digital certificate request to the CA server;Obtain the CA server response
In the response that the updating digital certificate is requested and is returned;Calcellation processing is executed to the digital certificate based on the response;With
And completion is executed in response to cancelling processing, it obtains the CA server and requests and regenerate in response to the updating digital certificate
And the second digital certificate returned.
An aspect of this disclosure provides a kind of processing method for digital certificate executed by application server, packet
It includes: obtaining the digital certificate downloading request from client;And request is downloaded in response to the digital certificate and executes following behaviour
Make: determining whether to have cached the digital certificate that downloading is requested in the digital certificate downloading in advance;And it is if it is determined that pre-
The digital certificate has first been cached, then has returned to the digital certificate cached in advance to the client.
Optionally, the method also includes: if it is determined that without caching the digital certificate in advance, then to digital certificate CA
Server forwards the digital certificate downloading request, so that the CA server is downloaded request in response to the digital certificate and given birth to
At and return to the digital certificate;Cache the digital certificate;And the digital certificate is transmitted to the client.
Optionally, the method also includes: when caching the digital certificate and reaching the predetermined time, remove the number card
Book;Or success has been obtained in response to digital certificate described in the client notification, remove the digital certificate.
An aspect of this disclosure provides a kind of processing method for digital certificate executed by CA server, packet
It includes: obtaining the digital certificate downloading request from client;And request is downloaded in response to the digital certificate and executes following behaviour
Make: generating the first digital certificate that downloading is requested in the digital certificate downloading;Described first is returned to the client
Digital certificate;And first digital certificate is sent to application server, so that application server caching described first
Digital certificate, so that the application server can be rung after the client obtains the first digital certificate failure
The digital certificate downloading that client described in Ying Yu issues again requests and returns to first digital certificate cached in advance.
Optionally, after the first digital certificate of downloading is requested in the generation digital certificate downloading, institute
State method further include: by the digital certificate labeled as download state.
Optionally, described by the digital certificate labeled as download state after, the method also includes: obtain and
It is requested from the updating digital certificate of the client;Following operation is executed in response to updating digital certificate request: determining institute
Whether out of date state the first digital certificate;If it is determined that first digital certificate is out of date, then answered to client return
It answers, so that the client, which is based on the response, executes calcellation processing to first digital certificate;And in response to the visitor
Family end executes completion to the calcellation processing of first digital certificate, regenerates the second digital certificate;And to the client
End returns to second digital certificate.
Another aspect of the disclosure provides a kind of client, for being handled for digital certificate, comprising: send
Module, for sending digital certificate downloading request to application server;And first obtain module, in the application service
In the case that device has cached the digital certificate that downloading is requested in the digital certificate downloading in advance, the application service is obtained
Device downloads request and the digital certificate of return cached in advance in response to the digital certificate.
Another aspect of the disclosure provides a kind of application server, for being handled for digital certificate, comprising:
Second obtains module, for obtaining the digital certificate downloading request from client;And first respond module, in response to
The digital certificate downloading request executes following operation: determining whether that having cached the digital certificate downloading in advance is requested
The digital certificate of downloading;And if it is determined that the digital certificate is cached in advance, then to the preparatory caching of client return
The digital certificate.
Another aspect of the disclosure provides a kind of CA server, for being handled for digital certificate, comprising: the
Three obtain module, for obtaining the digital certificate downloading request from client;And second respond module, in response to institute
It states digital certificate downloading request and executes following operation: generating the first number card that downloading is requested in the digital certificate downloading
Book;First digital certificate is returned to the client;And first digital certificate is sent to application server, so that
The application server caches first digital certificate, so that described in the application server obtains in the client
After the failure of first digital certificate, it is able to respond and is returned slow in advance in the digital certificate downloading request that the client issues again
First digital certificate deposited.
Another aspect of the present disclosure provides a kind of electronic equipment, comprising: one or more processors;Memory is used for
Store one or more programs, wherein when one or more of programs are executed by one or more of processors, so that
One or more of processors realize the method according to the embodiment of the present disclosure.
Another aspect of the present disclosure provides a kind of computer readable storage medium, is stored with computer executable instructions,
Described instruction is when executed for realizing according to the method for the embodiment of the present disclosure.
Another aspect of the present disclosure provides a kind of computer program, and the computer program, which includes that computer is executable, to be referred to
It enables, described instruction is when executed for realizing according to the method for the embodiment of the present disclosure.
Detailed description of the invention
In order to which the disclosure and its advantage is more fully understood, referring now to being described below in conjunction with attached drawing, in which:
Fig. 1 diagrammatically illustrates the system tray for being suitable for the processing method for digital certificate according to the embodiment of the present disclosure
Structure;
Fig. 2 diagrammatically illustrates the processing method for digital certificate by client executing according to the embodiment of the present disclosure
Flow chart;
Fig. 3 diagrammatically illustrates the processing for digital certificate executed by application server according to the embodiment of the present disclosure
The flow chart of method;
Fig. 4 diagrammatically illustrates the processing side for digital certificate executed by CA server according to the embodiment of the present disclosure
The flow chart of method;
Fig. 5 diagrammatically illustrates the block diagram of the client according to the embodiment of the present disclosure;
Fig. 6 diagrammatically illustrates the block diagram of the application server according to the embodiment of the present disclosure;
Fig. 7 diagrammatically illustrates the block diagram of the CA server according to the embodiment of the present disclosure;And
Fig. 8 diagrammatically illustrates the block diagram of the electronic equipment according to the embodiment of the present disclosure.
Specific embodiment
Hereinafter, will be described with reference to the accompanying drawings embodiment of the disclosure.However, it should be understood that these descriptions are only exemplary
, and it is not intended to limit the scope of the present disclosure.In the following detailed description, to elaborate many specific thin convenient for explaining
Section is to provide the comprehensive understanding to the embodiment of the present disclosure.It may be evident, however, that one or more embodiments are not having these specific thin
It can also be carried out in the case where section.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to avoid
Unnecessarily obscure the concept of the disclosure.
Term as used herein is not intended to limit the disclosure just for the sake of description specific embodiment.It uses herein
The terms "include", "comprise" etc. show the presence of the feature, step, operation and/or component, but it is not excluded that in the presence of
Or add other one or more features, step, operation or component.
There are all terms (including technical and scientific term) as used herein those skilled in the art to be generally understood
Meaning, unless otherwise defined.It should be noted that term used herein should be interpreted that with consistent with the context of this specification
Meaning, without that should be explained with idealization or excessively mechanical mode.
It, in general should be according to this using statement as " at least one in A, B and C etc. " is similar to
Field technical staff is generally understood the meaning of the statement to make an explanation (for example, " system at least one in A, B and C "
Should include but is not limited to individually with A, individually with B, individually with C, with A and B, with A and C, have B and C, and/or
System etc. with A, B, C).Using statement as " at least one in A, B or C etc. " is similar to, generally come
Saying be generally understood the meaning of the statement according to those skilled in the art to make an explanation (for example, " having in A, B or C at least
One system " should include but is not limited to individually with A, individually with B, individually with C, with A and B, have A and C, have
B and C, and/or the system with A, B, C etc.).
Shown in the drawings of some block diagrams and/or flow chart.It should be understood that some sides in block diagram and/or flow chart
Frame or combinations thereof can be realized by computer program instructions.These computer program instructions can be supplied to general purpose computer,
The processor of special purpose computer or other programmable data processing units, so that these instructions are when executed by this processor can be with
Creation is for realizing function/operation device illustrated in these block diagrams and/or flow chart.The technology of the disclosure can be hard
The form of part and/or software (including firmware, microcode etc.) is realized.In addition, the technology of the disclosure, which can be taken, is stored with finger
The form of computer program product on the computer readable storage medium of order, the computer program product is for instruction execution system
System uses or instruction execution system is combined to use.
Embodiment of the disclosure provides a kind of processing method for digital certificate and can apply the visitor of this method
Family end, application server and CA server.This method includes that digital certificate downloading request is sent to application server;And it is answering
In the case where having cached the digital certificate that downloading is requested in digital certificate downloading in advance with server, application server is obtained
The digital certificate cached in advance downloading request in response to digital certificate and returning.
Fig. 1 diagrammatically illustrates the system tray for being suitable for the processing method for digital certificate according to the embodiment of the present disclosure
Structure.It should be noted that being only the example that can apply the system architecture of the embodiment of the present disclosure shown in Fig. 1, to help this field
Technical staff understands the technology contents of the disclosure, but be not meant to the embodiment of the present disclosure may not be usable for other equipment, system,
Environment or scene.
As shown in Figure 1, the system architecture includes: client, application server and CA server.
It should be understood that the processing method that the disclosure provides for example can be used for the scene that digital certificate was downloaded/updated to U-shield.
The application scenarios for downloading/updating digital certificate below in conjunction with U-shield elaborate the disclosure.
Specifically, in the embodiments of the present disclosure, if a U-shield not yet downloading digital certificate, when U-shield is inserted in by user
When in client, that is, terminal device (such as personal computer, notebook), on desktop can automatic spring whether downloading digital certificate
Prompting frame.At this point, client can send digital certificate downloading request to CA server if user selects "Yes".Response
Notice while corresponding digital certificate can be generated in request CA server, and the digital certificate of generation is fed back to client
Application server does caching process.In this way, even if during downloading digital certificate (such as user misoperation for some reason
Or network flash etc.) there is disruption, then user can still initiate downloading request again by client.At this point,
The digital certificate cached in advance can be fed back to client use by application server.
The disclosure is elaborated below with reference to attached drawing and in conjunction with specific embodiments.
Fig. 2 diagrammatically illustrates the processing method for digital certificate by client executing according to the embodiment of the present disclosure
Flow chart.
As shown in Fig. 2, this method includes operation S210~S220.
In operation S210, digital certificate downloading request is sent to application server.
Specifically, if the U-shield that user not yet obtains one digital certificate is inserted on client i.e. terminal device, and
For on desktop can automatic spring whether the prompting frame of downloading digital certificate, if user select "Yes" in the case where, client
End can send digital certificate downloading request to CA server.
It should be understood that in the embodiments of the present disclosure, due to being directed to the U-shield, user is most likely not to initiate number card for the first time
Book downloading request.In order to prevent user request CA server to generate same digital certificate again and under causing digital certificate final
Failure is carried, the embodiment of the present disclosure sets client to directly to send digital certificate downloading request to application server, rather than
Directly digital certificate downloading request is sent to CA server.
Next, having cached digital certificate downloading in advance in operation S220 in application server and having requested downloading
In the case where digital certificate, application server responses are obtained in the number card cached in advance that digital certificate downloads request and returns
Book.
Request is downloaded in response to the digital certificate from client, is asked if having cached the request in application service in advance
The digital certificate of downloading is sought, then directly can return to corresponding digital certificate to the client.If without pre- in application service
The digital certificate that downloading is requested in the request is first cached, then can directly forward the request to CA server.CA server is rung
Should be in the request, it can enquiring digital certificate Download History.If the record display requested digital certificate of the request is not yet downloaded
It crosses, then CA server can generate a digital certificate for the request automatically, and the digital certificate of generation is returned to the client
End.In order to make client that can also obtain the digital certificate after downloading digital certificate failure, CA server simultaneously can also be by life
At digital certificate be sent to application server and application server notified to cache the certificate.
It should be understood that CA server will not if the record display requested digital certificate of the request had been downloaded
Corresponding digital certificate is generated for the request again.It should be noted that there is such case, it may be possible to be buffered in application service
Digital certificate in device has been deleted.This is because if application server for a long time caching for example some/certain U-shields
Digital certificate, it is likely that can to this/these U-shields cause security risk, it is therefore desirable to remove the number cached in application server
Word certificate.
Specifically, as a kind of optional embodiment, this method for example can also include following operation.It is demonstrate,proved for number
Book, it is determined whether obtained success.If it is determined that having obtained success, then application server is notified to remove the number card cached in advance
Book.
Specifically, it can notify application server that will delay if client downloads are successful for a digital certificate
The digital certificate deposited is deleted.
It should be understood that in the embodiments of the present disclosure, the number of application server end caching can also be removed by other mechanism
Word certificate.For example, the digital certificate in caching is periodically removed at application server end.For another example being opened from one digital certificate of caching
The digital certificate is removed in beginning timing if timing reaches predetermined value.
As a kind of optional embodiment, this method can also for example be included in application server without caching number in advance
It is performed the following operations in the case where certificate.Digital certificate CA server is obtained to download request in response to digital certificate and generate simultaneously
The first digital certificate returned.
In the embodiments of the present disclosure, it is asked if not caching the downloading of some digital certificate in application server in advance
The digital certificate of downloading is sought, then it is generally acknowledged that the digital certificate is requested downloading for the first time.Application server can be by the number at this time
The downloading request of word certificate is transmitted to CA server, is generated by CA server in response to the request and returns to corresponding digital certificate.
As a kind of optional embodiment, this method for example can also include following operation.Determine the digital certificate obtained
It is whether out of date.If it is determined that the digital certificate obtained is out of date, then updating digital certificate request is sent to CA server.It obtains
CA server is requested in response to updating digital certificate and the response of return.Calcellation processing is executed to digital certificate based on response.It rings
Completion should be executed in cancelling processing, obtain CA server is regenerated and returned in response to updating digital certificate request second
Digital certificate.
Specifically, in the embodiments of the present disclosure, client directly initiates updating digital certificate request to application server, so
CA server is forwarded the request to by application server afterwards.It is subsequently generated and is returned pair in response to the request by CA server
The updated digital certificate answered.In this process, CA server needs first to generate instruction instruction client to former number card
Book does calcellation processing, regenerates and returns to corresponding updated digital certificate.
Fig. 3 diagrammatically illustrates the processing for digital certificate executed by application server according to the embodiment of the present disclosure
The flow chart of method.
As shown in figure 3, this method includes operation S310~S330.
In operation S310, obtains the digital certificate from client and download request.
Specifically, if the U-shield that user not yet obtains one digital certificate is inserted on client i.e. terminal device, and
For on desktop can automatic spring whether the prompting frame of downloading digital certificate, if user select "Yes" in the case where, client
End directly can send digital certificate downloading request to application server.
It should be understood that in the embodiments of the present disclosure, due to being directed to the U-shield, user is most likely not to initiate number card for the first time
Book downloading request.In order to prevent user request CA server to generate same digital certificate again and under causing digital certificate final
Failure is carried, the embodiment of the present disclosure sets client to directly to send digital certificate downloading request to application server, rather than
Directly digital certificate downloading request is sent to CA server.
Specifically, it downloads and requests in response to digital certificate, application server can for example execute following operation operation S320
~S330.
In operation S320, it is determined whether cached the digital certificate that downloading is requested in digital certificate downloading in advance.
It should be understood that in the embodiments of the present disclosure, application server and the not responsible digital certificate for generating digital certificate, and
It is responsible for caching digital certificate.
Next, in operation S330, if it is determined that cached digital certificate in advance, then cached in advance to client return
Digital certificate.
In the embodiments of the present disclosure, it if application server has cached the requested digital certificate of client in advance, rings
It should download and request in digital certificate, application server can return to corresponding digital certificate.
As a kind of optional embodiment, this method for example can also include following operation.If it is determined that without delaying in advance
Digital certificate is deposited, then to the forwarding digital certificate downloading request of digital certificate CA server, so that CA server is demonstrate,proved in response to number
Book downloading requests and generates and return to digital certificate.Cache digital certificate.Digital certificate is transmitted to client.
Specifically, if application server does not have the requested digital certificate of cache client, application server is not
The downloading request of responding digital certificate, but digital certificate downloading request is transmitted to CA server process.
It is requested more specifically, CA server is downloaded in response to the digital certificate, first enquiring digital certificate Download History.Such as
Fruit record shows that requested digital certificate was not yet downloaded, then CA server generates corresponding digital certificate, while by the number
Word certificate returns to client downloads and returns to application server caching.If record has shown requested digital certificate
It downloaded, then returns to the information of request failure.
As a kind of optional embodiment, this method for example can also include following operation.Reach in caching digital certificate
When the predetermined time, digital certificate is removed.Or success has been obtained in response to client notification digital certificate, remove digital certificate.
Specifically, in the embodiments of the present disclosure, the number that application server end caching can be removed by number of mechanisms is demonstrate,proved
Book.For example, the digital certificate in caching is periodically removed at application server end.For another example being counted since caching a digital certificate
When, application server can remove the digital certificate automatically if timing reaches predetermined value.For another example for a number card
Book can notify application server to delete the digital certificate of caching if client downloads are successful.
Fig. 4 diagrammatically illustrates the processing side for digital certificate executed by CA server according to the embodiment of the present disclosure
The flow chart of method.
As shown in figure 4, this method includes operation S410~S440.
In operation S410, obtains the digital certificate from client and download request.
It should be understood that in the embodiments of the present disclosure, what CA server obtained is sent by client and via application
The digital certificate of server forwarding downloads request.
Specifically, a digital certificate downloading request is transmitted directly to application server, application service first by client
Device forwards it to CA server again.
Further, it should be noted that in the embodiments of the present disclosure, if the buffered number of application server
The digital certificate of downloading is requested in certificate downloading, then application server returns to correspondence directly in response to the request and to client
Digital certificate, and no longer forward the request to CA server.If application server does not cache under a digital certificate
The digital certificate for requesting downloading is carried, then application server is not responding to the request, but forwards the request to CA service
Device processing.
Specifically, CA server is downloaded in response to digital certificate and is requested, such as can execute following operation S420~S440.
In operation S420, the first digital certificate that downloading is requested in digital certificate downloading is generated.
Specifically, CA server can first check that digital certificate generates record before generating the first digital certificate.If number
The record display of word certificates constructing has been directed to digital certificate downloading request and had generated corresponding digital certificate, then CA server is rung
The relevant information that request fails should can be returned in the request.Otherwise, it is somebody's turn to do if digital certificate generation record display is directed to not yet
Digital certificate downloading request generated corresponding digital certificate, then CA server can return to the first number of generation in response to the request
Certificate.
In operation S430, the first digital certificate is returned to client.
In operation S440, the first digital certificate is sent to application server, so that application server caching the first number card
Book, so that application server is able to respond and issues again in client after client obtains the failure of the first digital certificate
Digital certificate downloading request and return to the first digital certificate for caching in advance.
It should be understood that in the embodiments of the present disclosure, downloading and requesting for some digital certificate, CA server generates corresponding
After digital certificate, which can be returned to client so that client is completed to download, while can also be by the digital certificate
Application server is sent to for application server caching.
In this way, can also also initiate downloading request again even if the client downloads digital certificate has failed.It should manage
Solution, the downloading request initiated again herein are substantially the digital certificate that request application server returns to own cache, rather than
CA server is requested to regenerate a same digital certificate.
As a kind of optional embodiment, generate digital certificate downloading request the first digital certificate downloaded it
Afterwards, this method for example can also include following operation.By digital certificate labeled as download state.
It should be understood that by that labeled as download state, user can be prevented for same the digital certificate downloaded
Digital certificate, which is repeated as many times, initiates digital certificate downloading request and causes security risk.
As a kind of optional embodiment, after digital certificate is labeled as download state, this method for example may be used also
To include operating as follows.Obtain the updating digital certificate request from client.Specifically, it is requested in response to updating digital certificate
Such as following operation can be executed.Determine whether the first digital certificate is out of date.If it is determined that the first digital certificate is out of date, then
Response is returned to client, so that client, which is based on response, executes calcellation processing to the first digital certificate.In response to client pair
The calcellation processing of first digital certificate executes completion, regenerates the second digital certificate.The second digital certificate is returned to client.
It should be understood that in the embodiments of the present disclosure, being demonstrate,proved for the processing method of updating digital certificate request with for number
The processing method of book downloading request is substantially similar.It is requested for example, both directly being sent from client to application server.If
Application server has cached corresponding digital certificate in advance, then by application server responses in request, and returns to corresponding number
Certificate.If application server does not cache corresponding digital certificate, CA server is forwarded the request to by application server, into
And corresponding digital certificate is returned to from CA server in response to request and to client, while digital certificate being sent to using clothes
Business device caching.Unlike, digital certificate calcellation processing behaviour is also needed to be implemented for the processing method of updating digital certificate request
Make, i.e., will first have expired digital certificate calcellation, regenerates new digital certificate and be used to update to have expired digital certificate.Such as
This, can exist simultaneously to avoid new and old two digital certificates and cause confusion.
Fig. 5 diagrammatically illustrates the block diagram of the client according to the embodiment of the present disclosure.
As shown in figure 5, the client 500 is used to be handled for digital certificate.And the client 500 for example can be with
Module 502 is obtained including sending module 501 and first.The client can be executed above with reference to the description of embodiment of the method part
By the method for client executing, details are not described herein.
Specifically, sending module 501 for example can be used for sending digital certificate downloading request to application server.
First acquisition module 502, which for example can be used for having cached digital certificate downloading in advance in application server, is asked
In the case where the digital certificate for asking downloading, application server responses are obtained in the preparatory caching that digital certificate downloads request and returns
Digital certificate.
By the embodiment of the present disclosure, due to taking caching mechanism to digital certificate, even if in downloading digital certificate
During for some reason (such as user misoperation or network flash) there is disruption, then user still can be with
Initiate downloading request again by client.At this point, the digital certificate cached in advance can be fed back to client by application server
It uses.
Fig. 6 diagrammatically illustrates the block diagram of the application server according to the embodiment of the present disclosure.
As shown in fig. 6, the application server 600 is used to be handled for digital certificate.And the application server 600
It such as may include the second acquisition module 601 and the first respond module 602.The application server can be executed above with reference to method
The method of embodiment part description executed by application server, details are not described herein.
Second acquisition module 601 for example can be used for obtaining the downloading request of the digital certificate from client.
First respond module 602 for example can be used for downloading request in response to digital certificate and execute following operation.That is, determining
Whether digital certificate that digital certificate downloading request downloading has been cached in advance.Wherein, if it is determined that cached number in advance
Word certificate then returns to the digital certificate cached in advance to client.
Fig. 7 diagrammatically illustrates the block diagram of the CA server according to the embodiment of the present disclosure.
As shown in fig. 7, the CA server 700 is used to be handled for digital certificate.And the CA server 700 is for example
It may include that third obtains module 701 and the second respond module 702.The CA server can be executed above with reference to embodiment of the method
The method of part description executed by CA server, details are not described herein.
Third, which obtains module 701, for example can be used for obtaining the downloading request of the digital certificate from client.
Second respond module 702, which for example can be used for downloading request in response to digital certificate, can for example execute following behaviour
Make.Generate the first digital certificate that downloading is requested in digital certificate downloading.And the first digital certificate is returned to client.
And the first digital certificate is sent to application server, so that application server caches the first digital certificate, so that application clothes
Device be engaged in after client obtains the failure of the first digital certificate, is able to respond the digital certificate downloading request issued again in client
And return to the first digital certificate cached in advance.
It should be noted that the way of example of device part is corresponding with the way of example of method part similar, and
Technical effect achieved also corresponds to similar, and details are not described herein.
Any number of or in which any number of at least partly functions in module according to an embodiment of the present disclosure can be with
It is realized in a module.Multiple modules can be split into according to any one or more in the module of the embodiment of the present disclosure
To realize.It can be at least implemented partly as according to any one or more in the module of the embodiment of the present disclosure, unit hard
Part circuit, for example, field programmable gate array (FPGA), programmable logic array (PLA), system on chip, the system on substrate,
System, specific integrated circuit (ASIC) in encapsulation, or can be by carrying out any other conjunction that is integrated or encapsulating to circuit
The hardware or firmware of reason mode realizes, or with any one in three kinds of software, hardware and firmware implementations or with wherein
It is any several appropriately combined to realize.Alternatively, according to one or more of module of the embodiment of the present disclosure can at least by
It is implemented partly as computer program module, when the computer program module is run, corresponding function can be executed.
For example, any number of in sending module 501 and the first acquisition module 502 may be incorporated in a module it is real
Any one module existing or therein can be split into multiple modules.Alternatively, one or more modules in these modules
At least partly function can be combined at least partly function of other modules, and realized in a module.According to this public affairs
The embodiment opened, at least one of sending module 501 and the first acquisition module 502 can at least be implemented partly as hardware
Circuit, such as field programmable gate array (FPGA), programmable logic array (PLA), system on chip, the system on substrate, envelope
The system loaded onto, specific integrated circuit (ASIC), or can by circuit carry out it is integrated or encapsulate it is any other rationally
The hardware such as mode or firmware realize, or with any one in three kinds of software, hardware and firmware implementations or wherein to appoint
It anticipates several appropriately combined realize.Alternatively, at least one of sending module 501 and first acquisition module 502 can be at least
It is implemented partly as computer program module, when the computer program module is run, corresponding function can be executed.
Fig. 8 diagrammatically illustrates the block diagram of the electronic equipment according to the embodiment of the present disclosure.Electronic equipment shown in Fig. 8 is only
An example, should not function to the embodiment of the present disclosure and use scope bring any restrictions.
As shown in figure 8, electronic equipment 800 includes processor 810, computer readable storage medium 820.The electronic equipment
800 can execute the method according to the embodiment of the present disclosure.
Specifically, processor 810 for example may include general purpose microprocessor, instruction set processor and/or related chip group
And/or special microprocessor (for example, specific integrated circuit (ASIC)), etc..Processor 810 can also include using for caching
The onboard storage device on way.Processor 810 can be the different movements for executing the method flow according to the embodiment of the present disclosure
Single treatment unit either multiple processing units.
Computer readable storage medium 820, such as can be non-volatile computer readable storage medium, specific example
Including but not limited to: magnetic memory apparatus, such as tape or hard disk (HDD);Light storage device, such as CD (CD-ROM);Memory, such as
Random access memory (RAM) or flash memory;Etc..
Computer readable storage medium 820 may include computer program 821, which may include generation
Code/computer executable instructions execute processor 810 according to the embodiment of the present disclosure
Method or its any deformation.
Computer program 821 can be configured to have the computer program code for example including computer program module.Example
Such as, in the exemplary embodiment, the code in computer program 821 may include one or more program modules, for example including
821A, module 821B ....It should be noted that the division mode and number of module are not fixation, those skilled in the art can
To be combined according to the actual situation using suitable program module or program module, when these program modules are combined by processor 810
When execution, processor 810 is executed according to the method for the embodiment of the present disclosure or its any deformation.
In accordance with an embodiment of the present disclosure, at least one of sending module 501 and the first acquisition module 502 can be implemented as
Corresponding operating described above may be implemented when being executed by processor 810 with reference to the computer program module that Fig. 8 is described.
The disclosure additionally provides a kind of computer readable storage medium, which can be above-mentioned reality
It applies included in equipment/device/system described in example;Be also possible to individualism, and without be incorporated the equipment/device/
In system.Above-mentioned computer readable storage medium carries one or more program, when said one or multiple program quilts
When execution, the method according to the embodiment of the present disclosure is realized.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the disclosure, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of above-mentioned module, program segment or code include one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants
It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule
The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
It will be understood by those skilled in the art that although showing and describing referring to the certain exemplary embodiments of the disclosure
The disclosure, it will be appreciated by those skilled in the art that in this public affairs limited without departing substantially from the following claims and their equivalents
In the case where the spirit and scope opened, a variety of changes in form and details can be carried out to the disclosure.Therefore, the model of the disclosure
It encloses and should not necessarily be limited by above-described embodiment, but should be not only determined by appended claims, also by appended claims
Equivalent be defined.
Claims (15)
1. a kind of processing method for digital certificate by client executing, comprising:
Digital certificate downloading request is sent to application server;And
The case where digital certificate of downloading is requested in the digital certificate downloading has been cached in advance in the application server
Under, the application server responses are obtained in the digital certificate cached in advance that the digital certificate downloads request and returns.
2. according to the method described in claim 1, wherein, the method also includes:
For the digital certificate, it is determined whether obtained success;And
If it is determined that having obtained success, then the application server is notified to remove the digital certificate cached in advance.
3. according to the method described in claim 1, wherein, the method also includes not caching in advance in the application server
In the case where the digital certificate:
Obtain the first digital certificate that digital certificate CA server downloads request in response to the digital certificate and generates and return.
4. according to the method described in claim 3, wherein, the method also includes:
Determine whether the digital certificate obtained is out of date;
If it is determined that the digital certificate obtained is out of date, then updating digital certificate request is sent to the CA server;
Obtain the response that the CA server is requested in response to the updating digital certificate and returned;
Calcellation processing is executed to the digital certificate based on the response;And
Completion is executed in response to cancelling processing, the CA server is obtained and requests in response to the updating digital certificate and give birth to again
At and return the second digital certificate.
5. a kind of processing method for digital certificate executed by application server, comprising:
It obtains the digital certificate from client and downloads request;And
Request, which is downloaded, in response to the digital certificate executes following operation:
Determine whether to have cached the digital certificate that downloading is requested in the digital certificate downloading in advance;And
If it is determined that having cached the digital certificate in advance, then the digital certificate cached in advance is returned to the client.
6. according to the method described in claim 5, wherein, the method also includes:
If it is determined that then forwarding the digital certificate downloading to digital certificate CA server without caching the digital certificate in advance
Request requests so that the CA server is downloaded in response to the digital certificate and generates and return to the digital certificate;
Cache the digital certificate;And
The digital certificate is transmitted to the client.
7. according to the method described in claim 6, wherein, the method also includes:
When the caching digital certificate reaches the predetermined time, the digital certificate is removed;Or
Success has been obtained in response to digital certificate described in the client notification, has removed the digital certificate.
8. a kind of processing method for digital certificate executed by digital certificate CA server, comprising:
It obtains the digital certificate from client and downloads request;And
Request, which is downloaded, in response to the digital certificate executes following operation:
Generate the first digital certificate that downloading is requested in the digital certificate downloading;
First digital certificate is returned to the client;And
First digital certificate is sent to application server, so that the application server caches first digital certificate,
So that the application server is able to respond after the client obtains the first digital certificate failure in the visitor
The digital certificate downloading that family end issues again requests and returns to first digital certificate cached in advance.
9. according to the method described in claim 8, wherein, requesting downloading in the generation digital certificate downloading
After first digital certificate, the method also includes:
By the digital certificate labeled as download state.
10. according to the method described in claim 9, wherein, it is described by the digital certificate labeled as download state after,
The method also includes:
Obtain the updating digital certificate request from the client;
Following operation is executed in response to updating digital certificate request:
Determine whether first digital certificate is out of date;
If it is determined that first digital certificate is out of date, then response is returned to the client, so that the client is based on
The response executes calcellation processing to first digital certificate;And
Completion is executed to the calcellation processing of first digital certificate in response to the client, regenerates the second number card
Book;And
Second digital certificate is returned to the client.
11. a kind of client, for being handled for digital certificate, comprising:
Sending module, for sending digital certificate downloading request to application server;And
First obtains module, requests downloading for having cached the digital certificate downloading in advance in the application server
Digital certificate in the case where, obtain the application server responses in the digital certificate download request and return it is preparatory delay
The digital certificate deposited.
12. a kind of application server, for being handled for digital certificate, comprising:
Second obtains module, for obtaining the digital certificate downloading request from client;And
First respond module executes following operation for downloading request in response to the digital certificate:
Determine whether to have cached the digital certificate that downloading is requested in the digital certificate downloading in advance;And
If it is determined that having cached the digital certificate in advance, then the digital certificate cached in advance is returned to the client.
13. a kind of digital certificate CA server, for being handled for digital certificate, comprising:
Third obtains module, for obtaining the digital certificate downloading request from client;And
Second respond module executes following operation for downloading request in response to the digital certificate:
Generate the first digital certificate that downloading is requested in the digital certificate downloading;
First digital certificate is returned to the client;And
First digital certificate is sent to application server, so that the application server caches first digital certificate,
So that the application server is able to respond after the client obtains the first digital certificate failure in the visitor
The digital certificate downloading that family end issues again requests and returns to first digital certificate cached in advance.
14. a kind of electronic equipment, comprising:
One or more processors;
Memory, for storing one or more programs,
Wherein, when one or more of programs are executed by one or more of processors, so that one or more of
Processor realizes method described in any one of claims 1 to 10.
15. a kind of computer readable storage medium, is stored with computer executable instructions, described instruction is used for reality when executed
Method described in existing any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910688335.XA CN110381077A (en) | 2019-07-26 | 2019-07-26 | For the treating method and apparatus of digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910688335.XA CN110381077A (en) | 2019-07-26 | 2019-07-26 | For the treating method and apparatus of digital certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110381077A true CN110381077A (en) | 2019-10-25 |
Family
ID=68256723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910688335.XA Pending CN110381077A (en) | 2019-07-26 | 2019-07-26 | For the treating method and apparatus of digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110381077A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143010A (en) * | 2021-11-25 | 2022-03-04 | 上海派拉软件股份有限公司 | Digital certificate acquisition method, device, terminal, system and storage medium |
| CN114172653A (en) * | 2020-08-19 | 2022-03-11 | 华为技术有限公司 | Digital certificate updating method, terminal device, CA server and storage medium |
| CN117082520A (en) * | 2023-10-13 | 2023-11-17 | 武汉信安珞珈科技有限公司 | Digital certificate processing method and device, electronic equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136098A (en) * | 2006-08-30 | 2008-03-05 | 阿里巴巴公司 | Method, device and system for accessing to certificate revocation list |
| CN101447867A (en) * | 2008-12-31 | 2009-06-03 | 中国建设银行股份有限公司 | Method for managing digital certificate and system |
| US20090158031A1 (en) * | 2007-12-17 | 2009-06-18 | Nortel Networks Limited | Secure Certificate Installation on IP Clients |
| CN102118374A (en) * | 2009-12-30 | 2011-07-06 | 鸿富锦精密工业(深圳)有限公司 | System and method for automatically updating digital certificates |
| CN103248479A (en) * | 2012-02-06 | 2013-08-14 | 中兴通讯股份有限公司 | Cloud storage safety system, data protection method and data sharing method |
| CN104811300A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Secret key updating method for cloud storage and implementation method of cloud data auditing system |
| US20170374080A1 (en) * | 2012-10-16 | 2017-12-28 | Pieter-Jan Boone | Secure, non-disruptive firmware updating |
| CN107864041A (en) * | 2017-12-14 | 2018-03-30 | 上海格尔软件股份有限公司 | One kind failure certificate data seamlessly transits guard method |
| CN109815010A (en) * | 2018-12-29 | 2019-05-28 | 深圳供电局有限公司 | A kind of cloud platform unified identity authentication method and system |
-
2019
- 2019-07-26 CN CN201910688335.XA patent/CN110381077A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136098A (en) * | 2006-08-30 | 2008-03-05 | 阿里巴巴公司 | Method, device and system for accessing to certificate revocation list |
| US20090158031A1 (en) * | 2007-12-17 | 2009-06-18 | Nortel Networks Limited | Secure Certificate Installation on IP Clients |
| CN101447867A (en) * | 2008-12-31 | 2009-06-03 | 中国建设银行股份有限公司 | Method for managing digital certificate and system |
| CN102118374A (en) * | 2009-12-30 | 2011-07-06 | 鸿富锦精密工业(深圳)有限公司 | System and method for automatically updating digital certificates |
| CN103248479A (en) * | 2012-02-06 | 2013-08-14 | 中兴通讯股份有限公司 | Cloud storage safety system, data protection method and data sharing method |
| US20170374080A1 (en) * | 2012-10-16 | 2017-12-28 | Pieter-Jan Boone | Secure, non-disruptive firmware updating |
| CN104811300A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Secret key updating method for cloud storage and implementation method of cloud data auditing system |
| CN107864041A (en) * | 2017-12-14 | 2018-03-30 | 上海格尔软件股份有限公司 | One kind failure certificate data seamlessly transits guard method |
| CN109815010A (en) * | 2018-12-29 | 2019-05-28 | 深圳供电局有限公司 | A kind of cloud platform unified identity authentication method and system |
Non-Patent Citations (1)
| Title |
|---|
| 王旭: "基层行数字证书管理中存在的问题", 《甘肃金融》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114172653A (en) * | 2020-08-19 | 2022-03-11 | 华为技术有限公司 | Digital certificate updating method, terminal device, CA server and storage medium |
| CN114172653B (en) * | 2020-08-19 | 2024-03-15 | 华为技术有限公司 | Digital certificate updating method, terminal equipment, CA server and storage medium |
| CN114143010A (en) * | 2021-11-25 | 2022-03-04 | 上海派拉软件股份有限公司 | Digital certificate acquisition method, device, terminal, system and storage medium |
| CN117082520A (en) * | 2023-10-13 | 2023-11-17 | 武汉信安珞珈科技有限公司 | Digital certificate processing method and device, electronic equipment and storage medium |
| CN117082520B (en) * | 2023-10-13 | 2024-01-09 | 武汉信安珞珈科技有限公司 | Digital certificate processing method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110968586B (en) | Distributed transaction processing method and device | |
| CN105515872B (en) | The update method of configuration information, apparatus and system | |
| CN110381077A (en) | For the treating method and apparatus of digital certificate | |
| CN104572278B (en) | The method, device and equipment of light application calling local side ability | |
| CN105283847B (en) | Versions of data control is locally stored | |
| CN107133234A (en) | The method of data cached renewal, apparatus and system | |
| CN109639636A (en) | Business datum forwarding, business data processing method, device and electronic equipment | |
| CN105516079B (en) | The method efficiently downloaded, client device and server for data packet | |
| CN105592117A (en) | Method and device for processing transaction message | |
| CN107026879A (en) | A kind of data cache method and background application system | |
| US20150154617A1 (en) | Determining leads based on web site interactions and browser sessions | |
| CN108228581A (en) | Zookeeper compatible communication methods, server and system | |
| CN106708636A (en) | Cluster-based data caching method and apparatus | |
| CN111614978B (en) | Multimedia material processing method and device and multimedia playing equipment | |
| CN110267077B (en) | Offline caching method, device, terminal and readable storage medium | |
| CN108021594B (en) | Webpage display method, device and system | |
| CN113271364B (en) | Sharing system, method, computer device and storage medium of service arrangement data | |
| CN114971786A (en) | Order information management method, device and system, electronic equipment and storage medium | |
| CN111698281B (en) | Resource downloading method and device, electronic equipment and storage medium | |
| CN108805587A (en) | A kind of customer information processing method, device, medium and electronic equipment | |
| US20090257734A1 (en) | On-vehicle video playback apparatus | |
| CN111818179A (en) | User request processing method and device, computing equipment and medium | |
| CN113411363A (en) | Uploading method of image file, related equipment and computer storage medium | |
| CN115858972A (en) | Page display method and device of application program, storage medium and computer equipment | |
| CN103701844B (en) | The method and system of managing user information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191025 |
|
| RJ01 | Rejection of invention patent application after publication |