[go: up one dir, main page]

CN114884963A - Management method and management device of digital certificate - Google Patents

Management method and management device of digital certificate Download PDF

Info

Publication number
CN114884963A
CN114884963A CN202210700256.8A CN202210700256A CN114884963A CN 114884963 A CN114884963 A CN 114884963A CN 202210700256 A CN202210700256 A CN 202210700256A CN 114884963 A CN114884963 A CN 114884963A
Authority
CN
China
Prior art keywords
digital certificate
name
digital
user
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210700256.8A
Other languages
Chinese (zh)
Other versions
CN114884963B (en
Inventor
袁阳
朱选章
李静晨
闫凡茜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210700256.8A priority Critical patent/CN114884963B/en
Publication of CN114884963A publication Critical patent/CN114884963A/en
Application granted granted Critical
Publication of CN114884963B publication Critical patent/CN114884963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a management method and a management device of a digital certificate, and relates to the field of finance. The method comprises the following steps: the method comprises the steps that a digital certificate management device acquires requirements of a user on a digital certificate, wherein the requirements comprise the name of the digital certificate, the operation type of the digital certificate and the deployment position of a digital certificate unloading device, and the operation type of the digital certificate comprises at least one of adding operation, modifying operation or deleting operation; the digital certificate management equipment generates an executable instruction according to the operation type of the digital certificate, wherein the executable instruction is used for indicating the configuration of the digital certificate corresponding to the name of the digital certificate; the digital certificate management device sends the executable instructions to the digital certificate offload device based on the deployment location of the digital certificate offload device. Correspondingly, the digital certificate unloading device receives the executable instruction from the digital certificate management device, and configures the digital certificate corresponding to the name of the digital certificate according to the executable instruction.

Description

Management method and management device of digital certificate
Technical Field
The present application relates to the field of finance, and in particular, to a method and an apparatus for managing digital certificates.
Background
Currently, in the financial industry, a data center can realize encryption and decryption through a digital certificate so as to achieve the purpose of network security. Thus, there is a great demand for digital certificates in data centers. In a data center, digital certificate offloading may be implemented on dedicated certificate offloading devices, on software/hardware load balancing devices, and on servers, i.e., digital certificate offloading devices are spread across different nodes of the data center. The digital certificate uninstallation refers to a process of authenticating the digital certificate, and may include processes of encryption, decryption, signature verification, and the like.
Due to the fact that the digital certificate unloading equipment is distributed, when operation and maintenance personnel maintain the digital certificate, the digital certificate unloading equipment at different positions needs to be manually maintained correspondingly by different operation and maintenance personnel, and the problems of low operation and maintenance efficiency and high operation and maintenance cost exist.
Therefore, how to improve the operation and maintenance efficiency of the digital certificate becomes a problem to be solved urgently.
Disclosure of Invention
The application provides a management method and a management device of a digital certificate, which can improve the operation and maintenance efficiency of the digital certificate.
In a first aspect, the present application provides a method for managing a digital certificate, including: the method comprises the steps that a digital certificate management device acquires the requirements of a user on a digital certificate, wherein the requirements comprise the name of the digital certificate, the operation type of the digital certificate and the deployment position of a digital certificate unloading device, and the operation type of the digital certificate comprises at least one of adding operation, modifying operation or deleting operation; the digital certificate management equipment generates an executable instruction according to the operation type of the digital certificate, wherein the executable instruction is used for indicating the configuration of the digital certificate corresponding to the name of the digital certificate; the digital certificate management device sends the executable instructions to the digital certificate offload device based on the deployment location of the digital certificate offload device.
According to the management method of the digital certificate, the configuration of the digital certificate is managed uniformly through the digital certificate management equipment, the digital certificate management equipment can generate an executable instruction for configuring the digital certificate after acquiring the requirement of a user on the digital certificate, and sends the executable instruction to the digital certificate unloading equipment to realize the configuration of the digital certificate on the digital certificate unloading equipment, so that the integrated management of the digital certificate of a data center in the financial industry is realized, the digital certificates which are scattered in different areas and have various forms are managed uniformly and intensively, the management method is not influenced by the deployment position of the digital certificate unloading equipment, and the operation and maintenance efficiency of the digital certificate can be improved. In addition, operation and maintenance personnel can realize the digital certificate configuration of each digital certificate unloading device by operating the digital certificate management device, so that labor is saved, the operation and maintenance cost can be reduced, and the high-efficiency, stable and safe operation of the data center can be ensured.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: the digital certificate management equipment acquires a first digital certificate according to the name of the digital certificate, wherein the first digital certificate is a digital certificate corresponding to the name of the digital certificate; and if the first digital certificate is within the validity period, the digital certificate management device sends the first digital certificate to the digital certificate uninstalling device.
According to the management method of the digital certificate, if the first digital certificate is within the validity period, the digital certificate management device sends the first digital certificate to the digital certificate unloading device, so that the fluency of subsequent processing is facilitated, and the probability of failure of the subsequent processing is reduced.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: and if the first digital certificate is not in the validity period, the digital certificate management equipment sends prompt information that the first digital certificate exceeds the validity period to equipment corresponding to the user.
According to the management method of the digital certificate, if the first digital certificate is not in the validity period, the user is informed through the prompt message, so that the user uploads the digital certificate in the validity period, the user can know the processing progress, and the problem in the processing process is solved.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: if the first digital certificate is not in the validity period, the digital certificate management equipment acquires a second digital certificate which has the same name as the first digital certificate but does not exceed the validity period, and the uploading time of the second digital certificate is later than that of the first digital certificate; if the automatic updating requirement exists, the digital certificate management equipment updates the first digital certificate into a second digital certificate and sends the second digital certificate to the digital certificate unloading equipment.
According to the management method of the digital certificate, if the second digital certificate exists and an automatic updating requirement exists, the expired first digital certificate is automatically updated, and the operation and maintenance efficiency of the digital certificate is improved.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: if the automatic updating requirement does not exist, sending prompt information for updating the first digital certificate to equipment corresponding to the user; detecting an operation of updating the first digital certificate by a user; in response to a user operation to update the first digital certificate, a second digital certificate is sent to the digital certificate offload device.
According to the management method of the digital certificate, if the second digital certificate does not exist, the user can be prompted to update the first digital certificate, when the situation that the user updates the first digital certificate is detected, the first lion is informed as the second digital certificate, the transmitted digital certificate can be guaranteed to be effective, and the operation and maintenance efficiency of the digital certificate can be improved.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: detecting an operation of uploading a first digital certificate by a user; verifying the format and/or the name of the first digital certificate in response to the operation of uploading the first digital certificate by the user; and if the verification is passed, storing the first digital certificate.
According to the management method of the digital certificate, the first digital certificate is uploaded by the user, and before the first digital certificate is stored, the format and/or the name of the digital certificate can be verified, so that the format of the digital certificate is the same as the preset format and/or name, and the high efficiency of subsequent management is facilitated.
With reference to the first aspect, in certain implementations of the first aspect, the method further includes: the digital certificate management device receives a processing result from the digital certificate uninstalling device, wherein the processing result includes that the digital certificate corresponding to the digital certificate name is successfully configured or that the digital certificate corresponding to the digital certificate name is unsuccessfully configured.
The method for updating the digital certificate can receive the processing result of the digital certificate unloading equipment, is favorable for determining the processing condition of the digital certificate unloading equipment, and is convenient for unified management.
With reference to the first aspect, in certain implementations of the first aspect, the digital certificate offload device includes at least one of: a dedicated certificate offload device, a software/hardware load balancing device, or a server.
In a second aspect, the present application provides a method for managing digital certificates, including: the digital certificate unloading device receives an executable instruction from the digital certificate management device, wherein the executable instruction is sent by the digital certificate management device based on the deployment position of the digital certificate unloading device, the executable instruction is generated based on the operation type of the digital certificate, the executable instruction is used for indicating that the digital certificate corresponding to the name of the digital certificate is configured, the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading device are determined based on the requirement of a user on the digital certificate, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation; and configuring the digital certificate corresponding to the name of the digital certificate according to the executable instruction.
With reference to the second aspect, in some implementations of the second aspect, the method further includes: if the first digital certificate is in a limited period, the digital certificate unloading device receives the first digital certificate from the digital certificate management device, and the first digital certificate is a digital certificate corresponding to the name of the digital certificate.
With reference to the second aspect, in some implementations of the second aspect, the method further includes: if the first digital certificate is not in the valid period and the automatic updating requirement exists, the digital certificate unloading equipment receives a second digital certificate from the digital certificate management equipment, the second digital certificate and the first digital certificate have the same name but the valid period does not pass, and the uploading time of the second digital certificate is later than that of the first digital certificate.
With reference to the second aspect, in some implementations of the second aspect, the method further includes: and the digital certificate unloading equipment sends a processing result to the digital certificate management equipment, wherein the processing result comprises successful configuration of the digital certificate corresponding to the digital certificate name or failed configuration of the digital certificate corresponding to the digital certificate name.
With reference to the second aspect, in certain implementations of the second aspect, the digital certificate offload device includes at least one of: a dedicated certificate offload device, a software/hardware load balancing device, or a server.
In a third aspect, the present application provides an apparatus for managing digital certificates, the apparatus comprising: a processing module and a transceiver module. Wherein the processing module is configured to: acquiring the requirements of a user on a digital certificate, wherein the requirements comprise the name of the digital certificate, the operation type of the digital certificate and the deployment position of digital certificate unloading equipment, and the operation type of the digital certificate comprises at least one of newly adding operation, modifying operation or deleting operation; generating an executable instruction according to the operation type of the digital certificate, wherein the executable instruction is used for indicating the configuration of the digital certificate corresponding to the name of the digital certificate; the transceiver module is used for: and sending executable instructions to the digital certificate uninstalling device according to the deployment position of the digital certificate uninstalling device.
With reference to the third aspect, in some implementations of the third aspect, the processing module is further configured to: acquiring a first digital certificate according to the name of the digital certificate, wherein the first digital certificate is a digital certificate corresponding to the name of the digital certificate; the transceiver module is further configured to: and if the first digital certificate is within the validity period, sending the first digital certificate to the digital certificate uninstalling device.
With reference to the third aspect, in some implementations of the third aspect, the transceiver module is further configured to: and if the first digital certificate is not in the valid period, sending a prompt message that the first digital certificate exceeds the limited period to the device corresponding to the user.
With reference to the third aspect, in some implementations of the third aspect, the processing module is further configured to: if the first digital certificate is not in the validity period, acquiring a second digital certificate which has the same name as the first digital certificate but does not pass the validity period, wherein the uploading time of the second digital certificate is later than that of the first digital certificate; the transceiver module is further configured to: and if the automatic updating requirement exists, updating the first digital certificate into a second digital certificate, and sending the second digital certificate to the digital certificate unloading equipment.
With reference to the third aspect, in some implementations of the third aspect, the transceiver module is further configured to: if the automatic updating requirement does not exist, sending prompt information for updating the first digital certificate to equipment corresponding to the user; the processing module is further configured to: detecting an operation of updating the first digital certificate by a user; in response to a user operation to update the first digital certificate, a second digital certificate is sent to the digital certificate offload device.
With reference to the third aspect, in some implementations of the third aspect, the processing module is further configured to: detecting an operation of uploading a first digital certificate by a user; verifying the format and/or the name of the first digital certificate in response to the operation of uploading the first digital certificate by the user; and if the verification is passed, storing the first digital certificate.
With reference to the third aspect, in some implementations of the third aspect, the transceiver module is further configured to: and receiving a processing result from the digital certificate uninstalling device, wherein the processing result comprises successful configuration of the digital certificate corresponding to the digital certificate name or failure of the digital certificate corresponding to the digital certificate name.
With reference to the third aspect, in certain implementations of the third aspect, the digital certificate offload device includes at least one of: a dedicated certificate offload device, a software/hardware load balancing device, or a server.
In a fourth aspect, the present application provides an apparatus for managing digital certificates, the apparatus comprising: a receiving and sending module and a processing module. Wherein, the transceiver module is used for: receiving an executable instruction from the digital certificate management device, wherein the executable instruction is sent by the digital certificate management device based on a deployment position, the executable instruction is generated based on an operation type of a digital certificate, the executable instruction is used for indicating that the digital certificate corresponding to the name of the digital certificate is configured, the name of the digital certificate, the operation type of the digital certificate and the deployment position are determined based on the requirement of a user on the digital certificate, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation; the processing module is used for: and configuring the digital certificate corresponding to the name of the digital certificate according to the executable instruction.
With reference to the fourth aspect, in some implementations of the fourth aspect, the transceiver module is configured to: and if the first digital certificate is in a limited period, receiving the first digital certificate from the digital certificate management equipment, wherein the first digital certificate is a digital certificate corresponding to the name of the digital certificate.
With reference to the fourth aspect, in some implementations of the fourth aspect, the transceiver module is configured to: if the first digital certificate is not in the valid period and the automatic updating requirement exists, receiving a second digital certificate from the digital certificate management equipment, wherein the second digital certificate and the first digital certificate have the same name but have no valid period, and the uploading time of the second digital certificate is later than that of the first digital certificate.
With reference to the fourth aspect, in some implementations of the fourth aspect, the transceiver module is configured to: and sending a processing result to the digital certificate management equipment, wherein the processing result comprises that the digital certificate corresponding to the digital certificate name is successfully configured or that the digital certificate corresponding to the digital certificate name is unsuccessfully configured.
In a fifth aspect, the present application provides an apparatus for managing digital certificates, comprising a processor and a memory. The processor is configured to read instructions stored in the memory to perform a method according to any one of the possible implementations of any one of the above aspects.
Optionally, there are one or more processors and one or more memories.
Alternatively, the memory may be integrated with the processor, or provided separately from the processor.
In a specific implementation process, the memory may be a non-transient memory, such as a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.
The apparatus in the above fifth aspect may be a chip, the processor may be implemented by hardware or may be implemented by software, and when implemented by hardware, the processor may be a logic circuit, an integrated circuit, or the like; when implemented in software, the processor may be a general-purpose processor implemented by reading software code stored in a memory, which may be integrated with the processor, located external to the processor, or stand-alone.
In a sixth aspect, the present application provides a computer-readable storage medium having a computer program (which may also be referred to as code, or instructions) that, when executed on a computer, causes the computer to perform the method of any of the possible implementations of any of the above aspects.
In a seventh aspect, the present application provides a computer program product comprising: computer program (also called code, or instructions), which when executed, causes a computer to perform the method of any one of the possible implementations of any one of the above aspects.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
FIG. 1 is a schematic diagram of a data center;
fig. 2 is a schematic flowchart of a method for managing digital certificates according to an embodiment of the present application;
fig. 3 is a schematic flow chart of a method for uploading a digital certificate according to an embodiment of the present application;
FIG. 4 is a schematic flow chart diagram illustrating a method for updating a digital certificate according to an embodiment of the present application;
fig. 5 is a schematic block diagram of a digital certificate management apparatus according to an embodiment of the present application;
fig. 6 is a schematic block diagram of a digital certificate management apparatus according to an embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
The technical solution in the present application will be described below with reference to the accompanying drawings. The management method and management apparatus for digital certificates provided by the present application may be used in the financial field, and may also be used in any fields other than the financial field. The management method and management device for digital certificates provided by the application are not limited to the application field.
For the convenience of understanding the embodiments of the present application, the related terms in the embodiments of the present application will be described first.
1. Digital certificate
A digital certificate is a document containing public key owner information and a public key digitally signed by a certificate authority. Typically issued by a national certified authority or a Certification Authority (CA) system.
2. Digital certificate offloading
The digital certificate uninstallation refers to a process of authenticating the digital certificate, and may include processes of encryption, decryption, signature verification, and the like.
At present, the financial industry has increasingly strict control on network security, and a data center can realize encryption and decryption through a digital certificate so as to achieve the purpose of network security. For example, the domain name of the guest service, the domain name interconnected with the third-party organization, and the domain name of the data center intranet can all realize secure access by encrypting digital certificates. Thus, there is a great need for digital certificates in financial industry data centers. The access mode of the digital certificate encryption may be understood as an access mode that converts an access mode of a hypertext transfer protocol (HTTP) into an access mode of an HTTP secure protocol (HTTPs).
In a data center, digital certificate offloading may be implemented on dedicated certificate offloading devices, on software/hardware load balancing devices, and on servers, i.e., digital certificate offloading devices are spread across different nodes of the data center. Due to the fact that the deployment positions of the digital certificate uninstalling devices are dispersed, the digital certificate formats required by the digital certificate uninstalling devices are various, and the situation that the same digital certificate is deployed in a plurality of digital certificate uninstalling devices exists under special conditions such as bidirectional authentication, data certificate management is increasingly complex. It should be understood that the digital certificate uninstalling apparatus is an apparatus that can implement digital certificate uninstallation, and the digital certificate uninstalling apparatus is merely an example of a name, which is not limited in this application.
Illustratively, FIG. 1 shows a schematic diagram of a data center 100. As shown in fig. 1, the data center 100 includes a device 101, a device 102, a device 103, a device 104, and a device 105. The number of devices included in the data center 100 is merely an example, and the embodiment of the present application is not limited thereto.
Device 102 may be a dedicated certificate offload device, i.e., a device dedicated to digital certificate offload. The device 103 may be a load balancing device or may implement digital certificate offloading. The device 104 may be a server and may also implement digital certificate offload. Devices 101 and 105 may not implement digital certificate offloading, but carry other roles in data center 100.
Device 102, device 103, and device 104 may all be referred to as digital certificate offload devices. Digital certificate offload devices are deployed in a decentralized manner, and data certificate management is relatively complex.
In the common practice of the working field, digital certificate management generally depends on different deployment positions of digital certificate unloading devices, and operation and maintenance personnel manually maintain the digital certificate unloading devices at different positions, so that the problems of low operation and maintenance efficiency and high operation and maintenance cost exist, and meanwhile, great risks are brought to efficient, stable and safe operation of the whole data center.
For example, in the data center 100 shown in fig. 1, when the operation and maintenance personnel manages the digital certificate uninstalling devices (the device 102, the device 103, and the device 104), the digital certificate needs to be configured. Due to the dispersed deployment of the digital certificate unloading equipment, when the operation and maintenance personnel maintain the digital certificate, the digital certificate unloading equipment at different positions needs to be manually maintained correspondingly by different operation and maintenance personnel, that is, 3 operation and maintenance personnel need to maintain the digital certificate for the equipment 102, the equipment 103 and the equipment 104, so that the problems of low operation and maintenance efficiency and high operation and maintenance cost exist, and meanwhile, great risks are brought to the efficient, stable and safe operation of the whole data center. Wherein, maintaining the digital certificate can also be understood as configuring the digital certificate.
In view of this, embodiments of the present application provide a method and a device for managing digital certificates, which can uniformly interface with each digital certificate offloading device, uniformly manage digital certificates in various formats, provide an integrated, automatic, and intelligent method for managing digital certificates, improve operation and maintenance efficiency of digital certificates, and reduce operation and maintenance costs of digital certificates.
Before describing the management method and management apparatus for digital certificates provided in the embodiments of the present application, the following description is made.
First, the first, second and various numerical numbers in the embodiments shown below are merely for convenience of description and are not intended to limit the scope of the embodiments of the present application. E.g., to distinguish between different digital certificates, etc.
Second, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, and c, may represent: a, or b, or c, or a and b, or a and c, or b and c, or a, b and c, wherein a, b and c can be single or multiple.
Fig. 2 is a schematic flowchart of a method 200 for managing digital certificates according to an embodiment of the present disclosure, where the method 200 may be applied to the data center 100 shown in fig. 1, but the embodiment of the present disclosure is not limited thereto. The method 200 may be performed by a digital certificate management apparatus, such as the apparatus 101 or the apparatus 105, but the embodiment of the present application is not limited thereto. It should be understood that, the digital certificate management device is a device of the data center, which is used for interfacing with each digital certificate uninstalling device to perform unified management on digital certificates in various formats.
As shown in fig. 2, the method 200 may include the steps of:
s201, the digital certificate management device obtains the requirement of a user on the digital certificate, wherein the requirement comprises the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading device, and the operation type of the digital certificate comprises at least one of adding operation, modifying operation or deleting operation.
The digital certificate management device may provide a human-machine interface for a user, through which the user may set a demand for digital certificates. The digital certificate management apparatus may acquire a demand of the user for the digital certificate in response to an operation by the user.
It should be noted that the user here may be an operation and maintenance person, and the operation and maintenance person does not need to configure the digital certificate for the digital certificate offloading device, but implements, by using the digital certificate management device, configuration of the digital certificate for the digital certificate offloading device.
The requirements of users for digital certificates can vary according to actual application scenarios, but general requirements include the name of the digital certificate, the operation type of the digital certificate, and the deployment location of the digital certificate offloading device.
The name of the digital certificate is used to represent a different digital certificate in order to facilitate acquisition of the digital certificate. The name of the digital certificate may also be referred to as the identifier of the digital certificate, which is not limited in the embodiments of the present application.
The operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation, wherein the adding operation is used for indicating that the digital certificate is added. The modify operation is used to indicate that the digital certificate is modified, e.g., replaced. The deletion operation is used to indicate deletion of the digital certificate.
The deployment location of the digital certificate offload device is used to represent the location of the device that receives the digital certificate configuration. The deployment location of the digital certificate offload device may be determined based on a number of constraints, which may include whether it is an internet device, whether it is an in-cloud device, or whether it is a third party device, etc. These constraints may be displayed on a human-machine interface provided by the digital certificate management apparatus for the user, and the digital certificate management apparatus determines the deployment location of the digital certificate offload device in response to an operation of the user on the human-machine interface. The digital certificate unloading equipment is used for decrypting the data packet through the digital certificate to obtain the decrypted data packet.
Optionally, the user's requirements for the digital certificate may also include a port number, a server address, and a name of the application. The application program is encrypted and decrypted by using a digital certificate, the application program is installed in digital certificate unloading equipment, the port number is a port for serving the application program, and the server is equipment for receiving and decrypting the data packet.
Illustratively, the digital certificate unloading device is installed with an application program of a mobile phone bank, the mobile phone bank needs to encrypt and decrypt the digital certificate, an operation and maintenance person can set a requirement in the digital certificate management device, and the digital certificate management device can respond to the operation of the operation and maintenance person and obtain the requirement of a user on the digital certificate, where the requirement may include a name of the digital certificate, an operation type of the digital certificate, a deployment location of the digital certificate unloading device, a port number, a server address, and a name of the application program.
It should be noted that, in the prior art, an operation and maintenance person configures a digital certificate, a digital certificate management device may display the digital certificate through a human-computer interaction interface, the operation and maintenance person may set the digital certificate through the human-computer interaction interface, and the digital certificate management device responds to an operation of the operation and maintenance person to obtain a requirement of the operation and maintenance person on the digital certificate, so that the requirement of the operation and maintenance person on the digital certificate does not only include the above-mentioned requirement, which is not listed herein.
S202, the digital certificate management equipment generates an executable instruction according to the operation type of the digital certificate, wherein the executable instruction is used for indicating the configuration of the digital certificate corresponding to the name of the digital certificate.
The executable instructions may also be referred to as configuration instructions, which are not limited in this application.
If the operation type of the digital certificate includes an addition operation, the digital certificate management device may generate an executable instruction as a create instruction according to the addition operation, and a parameter in the create instruction may be used to indicate a name of the digital certificate. If the user's requirement for the digital certificate may also include a port number, a server address, and a name of an application, the parameter in the create instruction may also be used to indicate the port number, the server address, and the name of the application. The create instruction is used for indicating the newly added configuration of the digital certificate corresponding to the name of the digital certificate.
If the operation type of the digital certificate includes a deletion operation, the digital certificate management device may generate an executable instruction as a delete instruction according to the deletion operation, and a parameter in the delete instruction may be used to indicate a name of the digital certificate. If the user's requirement for the digital certificate may also include a port number, a server address, and a name of an application, the parameter in the delete instruction may also be used to indicate the port number, the server address, and the name of the application. The delete instruction is used for indicating that the digital certificate corresponding to the name of the digital certificate is subjected to deletion configuration.
If the operation type of the digital certificate includes a modification operation, the digital certificate management device may generate an executable instruction as a change instruction according to the modification operation, and a parameter in the change instruction may be used to indicate a name of the digital certificate. If the user's requirement for the digital certificate may also include a port number, a server address, and a name of the application program, the parameter in the change instruction may also be used to indicate the port number, the server address, and the name of the application program. The change instruction is used for indicating that the digital certificate corresponding to the name of the digital certificate is subjected to modification configuration.
Optionally, in S202, the generating, by the digital certificate management apparatus, an executable instruction according to the operation type of the digital certificate may include: the digital certificate management equipment classifies the requirements according to the operation type of the digital certificate to obtain the classified requirements; the digital certificate management apparatus generates an executable instruction for each of the classified demands.
If the operation type of the digital certificate includes an adding operation, a modifying operation, and a deleting operation, the digital certificate management device may classify the requirements of the user for the digital certificate into three types, which are a first type requirement, a second type requirement, and a third type requirement, respectively. The first type of requirement may be a requirement for an add operation, the second type of requirement may be a requirement for a modify operation, and the third type of requirement may be a requirement for a delete operation. The executable instruction generated by the digital certificate management device for the first type of requirements is a create instruction, the executable instruction generated for the second type of requirements is a delete instruction, and the executable instruction generated for the third type of requirements is a change instruction.
In this way, when the digital certificate management device receives a large number of demands, the digital certificate management device can firstly classify and then generate executable instructions, and for the instructions with the same demand, only parameters need to be changed, so that the time for generating the instructions can be saved, and the instruction generation efficiency can be improved.
S203, the digital certificate management device sends an executable instruction to the digital certificate unloading device according to the deployment position of the digital certificate unloading device, and correspondingly, the digital certificate unloading device receives the executable instruction.
The number of the digital certificate uninstalling apparatuses may be one or multiple, which is not limited in the embodiment of the present application.
When the number of the digital certificate offloading devices is multiple, the digital certificate management device may send corresponding executable instructions to the respective digital certificate offloading devices according to the deployment locations of the respective digital certificate offloading devices.
Optionally, before S203, the digital certificate management apparatus may verify the executable instruction, and if the verification is successful, execute S203.
The digital certificate management device may verify whether the digital certificate uninstalling device supports the generated executable instruction before sending the executable instruction to the digital certificate uninstalling device, if so, the digital certificate management device passes the verification, and if not, the digital certificate management device fails the verification and may display a prompt message, or notify an operation and maintenance person or a related person through an Instant Messaging (IM) interface unit, a mail, a short message, or an enterprise. The operation and maintenance personnel and the related personnel can also be called a tie person, and the embodiment of the application is not limited to this.
Optionally, in order to enable the operation and maintenance personnel or the related personnel to check the reason for the failure, the prompt message, the mail or the short message may include the specific reason for the failure of the check, so as to facilitate the subsequent generation of the correctly executable instruction.
And S204, configuring the digital certificate corresponding to the name of the digital certificate according to the executable instruction.
After receiving the executable instruction from the digital certificate management device, the digital certificate unloading device may configure the digital certificate corresponding to the name of the digital certificate according to the information indicated by the parameter in the executable instruction. The digital certificate corresponding to the name of the digital certificate may be preset by the digital certificate uninstalling device or sent by the digital certificate management device, which is not limited in the embodiment of the present application.
According to the management method of the digital certificate, the configuration of the digital certificate is managed uniformly through the digital certificate management equipment, the digital certificate management equipment can generate an executable instruction for configuring the digital certificate after acquiring the requirement of a user on the digital certificate, and sends the executable instruction to the digital certificate unloading equipment to configure the digital certificate for the digital certificate unloading equipment. In addition, operation and maintenance personnel can realize the digital certificate configuration of each digital certificate unloading device by operating the digital certificate management device, so that labor is saved, the operation and maintenance cost can be reduced, and the high-efficiency, stable and safe operation of the data center can be ensured.
As an alternative embodiment, the method 200 may further include: the digital certificate management equipment acquires a first digital certificate according to the name of the digital certificate, wherein the first digital certificate is a digital certificate corresponding to the name of the digital certificate; if the first digital certificate is within the validity period, the digital certificate management device sends the first digital certificate to the digital certificate uninstalling device, and correspondingly, the digital certificate management device receives the first digital certificate.
The digital certificate management device can obtain the first digital certificate through the name of the digital certificate, can obtain the validity period information of the certificate from the first digital certificate, and judges whether the validity period is within the validity period, if the validity period is within the first digital certificate, the digital certificate management device sends the first digital certificate to the digital certificate unloading device. After receiving the first digital certificate, the digital certificate offload device may configure the first digital certificate according to the executable instructions.
The first digital certificate may be preset in the digital certificate management device, or may be uploaded by a manager of the digital certificate through a human-computer interaction interface, which is not limited in the embodiment of the present application.
If the first digital certificate is uploaded by a manager of the digital certificate through a man-machine interaction interface, when the digital certificate management equipment detects the operation of uploading the first digital certificate, the format and/or the name of the first digital certificate can be verified, if the verification is passed, the first digital certificate is stored, and if the verification is not passed, the manager of the digital certificate is prompted to upload the digital certificate meeting the condition.
According to the management method of the digital certificate provided by the embodiment of the application, if the first digital certificate is in the validity period, the digital certificate management device sends the first digital certificate to the digital certificate unloading device, so that the fluency of subsequent processing is facilitated, and the probability of failure of the subsequent processing is reduced.
Illustratively, fig. 3 shows a schematic flow diagram of a method 300 of uploading digital certificates. As shown in fig. 3, the method 300 may include the steps of:
s301, detecting the operation of uploading the digital certificate by the user.
The digital certificate management device may provide a human-computer interaction interface for the user, where the human-computer interaction interface may display a control for adding the digital certificate, and when the user (which may be a manager of the digital certificate) clicks the control for adding the digital certificate, the digital certificate management device may detect an operation of uploading the digital certificate by the user.
S302, the format and/or the name of the uploaded digital certificate are verified, and whether the verification is passed or not is judged.
The digital certificate management device can store a preset format and/or a preset naming standard, and can verify the format of the uploaded digital certificate through the preset format and judge whether the verification is passed. The digital certificate management equipment can verify the name of the uploaded digital certificate through a preset name specification and judge whether the verification is passed.
Illustratively, if the preset format is not the same as the format of the uploaded digital certificate, the authentication is not passed. And if the preset format is the same as the format of the uploaded digital certificate, the verification is passed. And if the name of the uploaded digital certificate does not meet the preset naming specification, the verification is not passed. And if the name of the uploaded digital certificate meets the preset name specification, the verification is passed.
And S303, if the verification is passed, storing the uploaded digital certificate.
If the verification is passed, the digital certificate management device can store the uploaded digital certificate so as to facilitate subsequent use.
And S304, if the verification is not passed, sending prompt information to the equipment corresponding to the user.
The hint information may include the result of the verification failure and/or the reason for the verification failure. For example, the reason for the failure of the verification may be that the format of the uploaded digital certificate is not a preset format, or that the name of the uploaded digital certificate does not conform to a preset naming specification.
There are many possible implementations of the hint information.
In one possible implementation, the prompt message may be displayed directly on the interface to facilitate the user in re-uploading the digital certificate.
In another possible implementation manner, the prompt message may notify the user to upload the digital certificate again through an email, a short message, or an enterprise IM interface unit.
According to the method for uploading the digital certificate, the format and/or the name of the uploaded digital certificate are verified, so that a user can conveniently upload the correct digital certificate, subsequent processing fluency is facilitated, and the probability of subsequent processing failure is reduced.
As an alternative embodiment, if the first digital certificate is not within the validity period, the digital certificate management apparatus may use a plurality of possible implementations to process the first digital certificate.
In one possible implementation manner, if the first digital certificate is not within the validity period, the digital certificate management device sends a prompt that the first digital certificate exceeds the validity period to a device corresponding to the user.
The user may be an operation and maintenance person or a worker responsible for managing and uploading the digital certificate, which is not limited in the embodiment of the present application. The device corresponding to the user may be a digital certificate management device, or may also be a device of a mobile phone, a computer, or the like of the user, which is not limited in the embodiment of the present application.
The prompt that the first digital certificate exceeds the limited period may be sent through an email, a short message, or an enterprise IM interface unit, but the embodiment of the present application is not limited thereto.
Optionally, the digital certificate management apparatus may further obtain information such as a name of the digital certificate, an associated domain name or a name of the application program, a type of the digital certificate, and the like from the first digital certificate, and add the information to the prompt information that the first digital certificate exceeds the limited period, so that the user may determine the information of the re-uploaded digital certificate.
In this implementation, if the first digital certificate is not within the validity period, the user is notified through the prompt message, so that the user uploads the digital certificate within the validity period, and the user can know the processing progress and solve the problem in the processing process.
In another possible implementation manner, if the first digital certificate is not within the validity period, the digital certificate management device acquires a second digital certificate which has the same name as the first digital certificate but does not exceed the validity period, and the uploading time of the second digital certificate is later than that of the first digital certificate; and if the automatic updating requirement exists, updating the first digital certificate into a second digital certificate, and sending the second digital certificate to the digital certificate unloading equipment.
The second digital certificate may be uploaded after the user receives the prompt message that the first digital certificate exceeds the limited period, or may be actively uploaded after the user finds that the first digital certificate is about to expire soon, which is not limited in the embodiment of the present application.
The second digital certificate and the first digital certificate have the same name, or the second digital certificate and the first digital certificate have the same domain name, which is not limited in this embodiment of the application.
After the digital certificate management equipment acquires the second digital certificate, whether the user sets an automatic updating requirement can be judged, and if the automatic updating requirement exists, the digital certificate management equipment updates the first digital certificate into the second digital certificate. If the automatic updating requirement does not exist, the digital certificate management equipment can send prompt information for updating the digital certificate to equipment corresponding to the user.
Optionally, if the first digital certificate is not within the validity period, and there is no second digital certificate having the same name as the first digital certificate but not having the validity period, the digital certificate management apparatus may send a prompt message to the apparatus corresponding to the user, where the prompt message requires to upload a new digital certificate.
Illustratively, fig. 4 shows a schematic flow diagram of a method 400 of updating a digital certificate. As shown in fig. 4, the method 400 includes the steps of:
s401, if the first digital certificate is not in the validity period, judging whether a second digital certificate which has the same name as the first digital certificate but does not have the validity period exists.
If the second digital certificate exists, the digital certificate management apparatus may perform S402. If the second digital certificate does not exist, the digital certificate management apparatus may perform S403.
S402, if the second digital certificate exists, judging whether the digital certificate is authorized to be automatically updated after being expired.
And judging whether the digital certificate is authorized to be automatically updated after being expired, namely judging whether an automatic updating requirement exists.
If the authorized digital certificate expires, the digital certificate management apparatus may execute S405. If the unauthorized digital certificate expires and is automatically updated, the digital certificate management apparatus may execute S406.
And S403, if the second digital certificate does not exist, sending prompt information needing to upload a new digital certificate to the equipment corresponding to the user.
If the second digital certificate does not exist and the first digital certificate expires, the user needs to be informed to upload a new digital certificate. It should be understood that the new digital certificate is unexpired and has the same name as the first digital certificate.
S404, if the operation of uploading the second digital certificate by the user is received, the second digital certificate is stored.
And if the user uploads the second digital certificate, the digital certificate management equipment stores the second digital certificate.
Alternatively, if receiving an operation of uploading the second digital certificate by the user, the digital certificate management apparatus may authenticate the second digital certificate using S302, and if the authentication is passed, store the second digital certificate.
Optionally, the digital certificate management apparatus saves the second digital certificate, and S402 may be further performed to implement updating of the digital certificate.
S405, if the authorized digital certificate is expired and automatically updated, the first digital certificate is updated to be a second digital certificate.
If the authorized digital certificate expires and is automatically updated, the digital certificate management device may automatically update the first digital certificate, that is, update the first digital certificate to the second digital certificate.
S406, if the unauthorized digital certificate is expired and automatically updated, sending prompt information for updating the first digital certificate to the equipment corresponding to the user.
If the unauthorized digital certificate expires and is automatically updated, the digital certificate management device may prompt the user to update the first digital certificate.
S407, judging whether an operation of updating the first digital certificate by the user is received.
If an operation of updating the first digital certificate by the user is received, the digital certificate management apparatus may execute S405, that is, update the first digital certificate to the second digital certificate.
And if the operation of updating the first digital certificate by the user is not received, ending the process.
According to the method for updating the digital certificate provided by the embodiment of the application, if the second digital certificate exists and the automatic updating requirement exists, the expired first digital certificate is automatically updated, if the second digital certificate exists and the automatic updating requirement does not exist, the user is informed of updating the expired first digital certificate, if the second digital certificate does not exist, the user is informed of uploading the unexpired digital certificate, the expired digital certificate can be updated, and the operation and maintenance efficiency of the digital certificate is improved.
As an optional embodiment, the method 200 may further include: and the digital certificate unloading equipment sends a processing result to the digital certificate management equipment, wherein the processing result comprises successful configuration of the digital certificate corresponding to the digital certificate name or failed configuration of the digital certificate corresponding to the digital certificate name. Correspondingly, the digital certificate management apparatus receives the processing result.
The digital certificate uninstalling device sends the processing result to the digital certificate management device, and the digital certificate management device can receive the processing result, so that the processing condition of the digital certificate uninstalling device can be determined, and unified management is realized.
Optionally, the digital certificate management apparatus may further send the processing result to a device corresponding to the user or a person in charge of the digital certificate uninstalling apparatus. The person in charge of the digital certificate uninstalling apparatus may be a person entered by a user or a person in charge of the digital certificate uninstalling apparatus.
For example, the digital certificate management device may obtain the contact information of the principal from a database, where the database includes information of each digital certificate uninstalling device and the principal corresponding to the digital certificate uninstalling device, and the digital certificate management device may determine, according to the digital certificate uninstalling device, information of the principal corresponding to the digital certificate uninstalling device from the database, and further implement sending of the processing result to the device corresponding to the principal. The database may also be referred to as a service application ledger, which is not limited in this embodiment of the present application.
The method for updating the digital certificate provided by the embodiment of the application can receive the processing result of the digital certificate unloading equipment, is favorable for determining the processing condition of the digital certificate unloading equipment, and is convenient for unified management.
The method provided by the embodiment of the present application is described above in detail, and the embodiment of the present application further provides a digital certificate management device, which can execute the method.
Fig. 5 shows a schematic block diagram of a digital certificate management apparatus 500. As shown in fig. 5, the digital certificate management apparatus 500 includes a digital certificate storage module 510, a digital certificate processing module 520, a digital certificate offload node management module 530, and a notification module 540.
1) The digital certificate storage module 510 is configured to store the digital certificate uploaded by the user, so that the digital certificate processing module 520 invokes the digital certificate.
The digital certificate storage module 510 may include a digital certificate transmission module 511, a digital certificate verification module 512, a digital certificate information acquisition module 513, and a digital certificate validity management module 514.
The digital certificate transmission module 511 may be configured to receive a digital certificate uploaded by a user, may also be configured to send the digital certificate to the digital certificate verification module 512 and the digital certificate information acquisition module 513, and may also be configured to send the digital certificate to the digital certificate processing module 520.
The digital certificate verifying module 512 may be configured to receive the digital certificate from the digital certificate transmitting module 511, and verify that the digital certificate passes the above S302.
The digital certificate information obtaining module 513 may be configured to receive the first digital certificate from the digital certificate transmission module 511, obtain basic information of the first digital certificate, for example, information such as a name of the first digital certificate, an associated domain name or a name of an application program, a type of the first digital certificate, and a validity period of the first digital certificate, and add the basic information of the first digital certificate to a database, where the first digital certificate, the basic information of the first digital certificate, and a contact address of a relevant principal may be stored in the database. The digital certificate information acquisition module 513 may also send the validity period of the first digital certificate to the digital certificate validity management module 514.
The digital certificate validity management module 514 may be configured to receive the validity period of the first digital certificate from the digital certificate information obtaining module 513, verify whether the first digital certificate exceeds the validity period, and count the digital certificates that have expired and the digital certificates that are about to expire. If the first digital certificate exceeds the validity period, the digital certificate validity period management module 514 sends an indication message to the notification module 540, so as to instruct the notification module 540 to send a prompt message to the relevant responsible person of the first digital certificate.
If the first digital certificate expires, the digital certificate validity management module 514 may further perform the method 400, and for a specific implementation, reference may be made to the above description, which is not described herein again.
2) The digital certificate processing module 520 is configured to process the digital certificate according to the requirement of the user.
The digital certificate processing module 520 may include a digital certificate acquisition module 521, a user requirement acquisition module 522, and a digital certificate instruction generation module 523.
The digital certificate acquiring module 521 is configured to acquire the digital certificate from the digital certificate transmitting module 511. The user requirement obtaining module 522 may be configured to obtain a requirement of the user for the digital certificate, and send the requirement of the digital certificate to the digital certificate instruction generating module 523. The digital certificate instruction generating module 523 is configured to receive a requirement of a digital certificate, generate an executable instruction according to the requirement, and send the executable instruction to the digital certificate offload node management module 530.
3) The digital certificate offload node management module 530 may be configured to receive the executable instructions from the digital certificate processing module 520 and send the executable instructions to the digital certificate offload device to which the executable instructions correspond.
The digital certificate offload node management module 530 may include a digital certificate instruction receipt verification module 531 and a digital certificate offload node interface module 532. The digital certificate instruction receiving and verifying module 531 may be configured to receive the executable instruction from the digital certificate instruction generating module 523, verify the executable instruction, and send the executable instruction to the digital certificate offload node interface module 532 if the verification is successful. If the verification is unsuccessful, an indication message is sent to the notification module 540, and the notification module 540 is instructed to send a prompt message to the relevant responsible person.
The digital certificate offload node interface module 532 may be configured to receive executable instructions from the digital certificate instruction receipt verification module 531 and send the executable instructions to the digital certificate offload device. The digital certificate offload device may be one or more dedicated certificate offload devices, one or more hardware/software load balancing devices, one or more servers, or one or more other certificate offload devices.
4) The notification module 540 may be configured to receive the indication information and send a prompt message to the user according to the indication information.
The notification module 540 may include an email system interface module 541, a short message system interface module 542, and an enterprise IM interface module 543.
The mail system interface module 541 may send the prompt information to the device corresponding to the user in the form of a mail. The short message system interface module 542 may send a prompt message to a device corresponding to the user in the form of a short message. The enterprise IM interface module 543 may send the prompting message to the device corresponding to the user in the form of enterprise information.
In addition, the embodiment of the application also provides a digital certificate management device.
Fig. 6 shows a schematic block diagram of a digital certificate management apparatus 600 according to an embodiment of the present application. The apparatus 600 comprises: a processor 610, a transceiver 620, and a memory 630. Wherein the processor 610, the transceiver 620 and the memory 630 are in communication with each other through an internal connection path, the memory 630 is used for storing instructions, and the processor 610 is used for executing the instructions stored in the memory 630 to control the transceiver 620 to transmit and/or receive signals.
It is to be understood that the apparatus 600 may be used to execute various steps and/or processes corresponding to the digital certificate management device or the digital certificate offload device in the above method embodiments. The memory 630 may optionally include both read-only memory and random-access memory, and provides instructions and data to the processor 610. A portion of the memory 630 may also include non-volatile random access memory. For example, the memory 630 may also store device type information. The processor 610 may be configured to execute the instructions stored in the memory 630, and when the processor 610 executes the instructions stored in the memory 630, the processor 610 is configured to perform the various steps and/or flows of the above-described method embodiments corresponding to a digital certificate management apparatus or a digital certificate offload apparatus.
It should be understood that, in the embodiment of the present application, the processor 610 of the apparatus 600 may be a Central Processing Unit (CPU), and the processor 610 may also be other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software elements in a processor. The software elements may be located in ram, flash, rom, prom, or eprom, registers, among other storage media that are well known in the art. The storage medium is located in a memory, and a processor executes instructions in the memory and combines hardware thereof to perform the steps of the above-described method. To avoid repetition, it is not described in detail here.
The present application provides a readable computer storage medium for storing a computer program for implementing a method corresponding to the digital certificate management apparatus or the digital certificate offloading apparatus in the above embodiments.
The present application provides a computer program product including a computer program (also referred to as code, or instructions) that, when executed on a computer, can perform the method corresponding to the digital certificate management apparatus or the digital certificate offload apparatus in the above embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A method for managing digital certificates, comprising:
acquiring the demand of a user on a digital certificate, wherein the demand comprises the name of the digital certificate, the operation type of the digital certificate and the deployment position of digital certificate unloading equipment, and the operation type of the digital certificate comprises at least one of adding operation, modifying operation or deleting operation;
generating an executable instruction according to the operation type of the digital certificate, wherein the executable instruction is used for indicating that the digital certificate corresponding to the name of the digital certificate is configured;
and sending the executable instruction to the digital certificate uninstalling device according to the deployment position of the digital certificate uninstalling device.
2. The method of claim 1, further comprising:
acquiring a first digital certificate according to the name of the digital certificate, wherein the first digital certificate is a digital certificate corresponding to the name of the digital certificate;
and if the first digital certificate is within the valid period, sending the first digital certificate to the digital certificate uninstalling device.
3. The method of claim 2, further comprising:
and if the first digital certificate is not in the valid period, sending prompt information that the first digital certificate exceeds a limited period to equipment corresponding to the user.
4. The method of claim 2, further comprising:
if the first digital certificate is not in the valid period, acquiring a second digital certificate which has the same name as the first digital certificate but does not have the valid period, wherein the uploading time of the second digital certificate is later than that of the first digital certificate;
and if the automatic updating requirement exists, updating the first digital certificate into the second digital certificate, and sending the second digital certificate to the digital certificate unloading equipment.
5. The method of claim 4, further comprising:
if the automatic updating requirement does not exist, sending prompt information for updating the first digital certificate to equipment corresponding to the user;
detecting an operation of the user to update the first digital certificate;
updating the first digital certificate to the second digital certificate in response to the user updating the first digital certificate.
6. The method of claim 2, further comprising:
detecting an operation of uploading the first digital certificate by the user;
verifying the format and/or the name of the first digital certificate in response to the operation of uploading the first digital certificate by the user;
and if the verification is passed, storing the first digital certificate.
7. The method of claim 1, further comprising:
receiving a processing result from the digital certificate uninstalling device, where the processing result includes that the digital certificate corresponding to the digital certificate name is successfully configured or that the digital certificate corresponding to the digital certificate name is unsuccessfully configured.
8. The method of any of claims 1-7, wherein the digital certificate offload device comprises at least one of:
a dedicated certificate offload device, a software/hardware load balancing device, or a server.
9. A method for managing digital certificates, comprising:
receiving an executable instruction from a digital certificate management device, wherein the executable instruction is sent by the digital certificate management device based on a deployment position of a digital certificate unloading device, the executable instruction is generated based on an operation type of a digital certificate, the executable instruction is used for indicating that the digital certificate corresponding to a name of the digital certificate is configured, the name of the digital certificate, the operation type of the digital certificate and the deployment position of the digital certificate unloading device are determined based on requirements of a user on the digital certificate, and the operation type of the digital certificate comprises at least one of an adding operation, a modifying operation or a deleting operation;
and configuring the digital certificate corresponding to the name of the digital certificate according to the executable instruction.
10. An apparatus for managing digital certificates, comprising: a processor coupled with a memory for storing a computer program that, when invoked by the processor, causes the apparatus to perform the method of any of claims 1 to 8 or to perform the method of claim 9.
11. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program comprising instructions for implementing the method according to any one of claims 1 to 8 or implementing the method according to claim 9.
12. A computer program product comprising computer program code which, when run on a computer, causes the computer to implement the method of any one of claims 1 to 8 or the method of claim 9.
CN202210700256.8A 2022-06-20 2022-06-20 Digital certificate management method and management device Active CN114884963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210700256.8A CN114884963B (en) 2022-06-20 2022-06-20 Digital certificate management method and management device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210700256.8A CN114884963B (en) 2022-06-20 2022-06-20 Digital certificate management method and management device

Publications (2)

Publication Number Publication Date
CN114884963A true CN114884963A (en) 2022-08-09
CN114884963B CN114884963B (en) 2023-11-03

Family

ID=82682035

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210700256.8A Active CN114884963B (en) 2022-06-20 2022-06-20 Digital certificate management method and management device

Country Status (1)

Country Link
CN (1) CN114884963B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766005A (en) * 2022-11-17 2023-03-07 中国工商银行股份有限公司 Digital certificate configuration method, device, device, medium and program product
WO2024242917A1 (en) * 2023-05-19 2024-11-28 Oracle International Corporation Transitioning network entities associated with a virtual cloud network through a series of phases of a certificate bundle distribution process
US12401634B2 (en) 2023-09-14 2025-08-26 Oracle International Corporation Distributing certificate bundles according to fault domains
US12401657B2 (en) 2023-09-13 2025-08-26 Oracle International Corporation Aggregating certificate authority certificates for authenticating network entities located in different trust zones
US12401526B2 (en) 2023-07-18 2025-08-26 Oracle International Corporation Updating digital certificates associated with a virtual cloud network
US12425239B2 (en) 2023-08-10 2025-09-23 Oracle International Corporation Authenticating certificate bundles with asymmetric keys
US12425240B2 (en) 2023-09-13 2025-09-23 Oracle International Corporation Certificate revocation list management services
US12432076B2 (en) 2023-10-24 2025-09-30 Oracle International Corporation Provisioning hosts with operator accounts for use by clients to access target resources

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553671A (en) * 2015-12-23 2016-05-04 北京奇虎科技有限公司 Digital certificate managing method, device and system
CN108667781A (en) * 2017-04-01 2018-10-16 西安西电捷通无线网络通信股份有限公司 A kind of digital certificate management method and equipment
CN109962781A (en) * 2017-12-26 2019-07-02 浙江宇视科技有限公司 A digital certificate distribution device
US20200396089A1 (en) * 2018-07-24 2020-12-17 Tencent Technology (Shenzhen) Company Limited Digital certificate management method and apparatus, computer device, and storage medium
CN112187453A (en) * 2020-09-10 2021-01-05 中信银行股份有限公司 Digital certificate updating method and system, electronic equipment and readable storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553671A (en) * 2015-12-23 2016-05-04 北京奇虎科技有限公司 Digital certificate managing method, device and system
CN108667781A (en) * 2017-04-01 2018-10-16 西安西电捷通无线网络通信股份有限公司 A kind of digital certificate management method and equipment
CN109962781A (en) * 2017-12-26 2019-07-02 浙江宇视科技有限公司 A digital certificate distribution device
US20200396089A1 (en) * 2018-07-24 2020-12-17 Tencent Technology (Shenzhen) Company Limited Digital certificate management method and apparatus, computer device, and storage medium
CN112187453A (en) * 2020-09-10 2021-01-05 中信银行股份有限公司 Digital certificate updating method and system, electronic equipment and readable storage medium

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766005A (en) * 2022-11-17 2023-03-07 中国工商银行股份有限公司 Digital certificate configuration method, device, device, medium and program product
WO2024242917A1 (en) * 2023-05-19 2024-11-28 Oracle International Corporation Transitioning network entities associated with a virtual cloud network through a series of phases of a certificate bundle distribution process
US12401526B2 (en) 2023-07-18 2025-08-26 Oracle International Corporation Updating digital certificates associated with a virtual cloud network
US12425239B2 (en) 2023-08-10 2025-09-23 Oracle International Corporation Authenticating certificate bundles with asymmetric keys
US12401657B2 (en) 2023-09-13 2025-08-26 Oracle International Corporation Aggregating certificate authority certificates for authenticating network entities located in different trust zones
US12425240B2 (en) 2023-09-13 2025-09-23 Oracle International Corporation Certificate revocation list management services
US12401634B2 (en) 2023-09-14 2025-08-26 Oracle International Corporation Distributing certificate bundles according to fault domains
US12432076B2 (en) 2023-10-24 2025-09-30 Oracle International Corporation Provisioning hosts with operator accounts for use by clients to access target resources

Also Published As

Publication number Publication date
CN114884963B (en) 2023-11-03

Similar Documents

Publication Publication Date Title
CN114884963B (en) Digital certificate management method and management device
US10021113B2 (en) System and method for an integrity focused authentication service
US11223480B2 (en) Detecting compromised cloud-identity access information
KR102347659B1 (en) Secure provisioning and management of devices
US11076295B2 (en) Remote management method, and device
US20190182051A1 (en) Systems and methods for trusted path secure communication
EP2973250B1 (en) Incremental compliance remediation
CN110719203B (en) Operation control method, device and equipment of intelligent household equipment and storage medium
US9350536B2 (en) Cloud key management system
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
US20100332848A1 (en) System and method for code signing
US20070074033A1 (en) Account management in a system and method for providing code signing services
CN107135205B (en) Network access method and system
CN111614686B (en) Key management method, controller and system
CN112514328A (en) Communication system, provider node, communication node and method for providing virtual network functionality to a customer node
EP4350554A2 (en) Secure count in cloud computing networks
EP2405376A1 (en) Utilization of a microcode interpreter built in to a processor
CN110929231A (en) Digital asset authorization method and device and server
CN103188677A (en) Client software authentication method and client software authentication device and client software authentication system
JP2016105570A (en) Roadside equipment, execution method for same, service provider device and mobile station
CN113051539B (en) Method and device for calling digital certificate
CN112073961A (en) SIM card status update method and device, terminal and readable storage medium
US12045600B2 (en) Method for upgrading IoT terminal device and electronic device thereof
CN104852904A (en) Server remote restart method based on mobile phone APP and encrypted short message
CN104202325A (en) System for implementing security policies on mobile communication equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant