Chinaunix首页 | 论坛 | 博客
  • 博客访问: 561223
  • 博文数量: 375
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 15
  • 用 户 组: 普通用户
  • 注册时间: 2013-09-20 10:21
文章分类

全部博文(375)

文章存档

2015年(1)

2014年(374)

分类: LINUX

2014-08-18 11:24:14

原文地址:[手册] mod_ssl 相关术语 作者:ailms

Glossary

Available Languages: | | |

This glossary defines some of the common terminology related to Apache in particular, and web serving in general. More information on each concept is provided in the links.

The restriction of access to network realms. In an Apache context usually the restriction of access to certain URLs.
See:

 
An unambiguous formula or set of rules for solving a problem in a finite number of steps. Algorithms for encryption are usually called Ciphers.

# 注释 :所谓 Algorithm 就是一个不明确的公式或者一系列规则,用于解决一个问题。用于加密的的算法一般称之为 “Cipher”
 
A perl script that aids in compiling   sources into Dynamic Shared Objects ( s) and helps install them in the Apache Web server.
See: Manual Page:

The positive identification of a network entity such as a server, a client, or a user.
See:

# 注释 :所谓 "Authentication" 就是对一个网络实体(例如服务器、客户机、用户)的身份的正面肯定
A data record used for authenticating network entities such as a server or a client. A certificate contains X.509 information pieces about its owner (called the subject) and the signing   (called the issuer), plus the owner's   and the signature made by the CA. Network entities verify these signatures using CA certificates.
See:

# 注释 :所谓 "Certificate" ,就是一个数据记录,用于认证一个网络实体(例如服务器、客户机)。一个证书含有关于它的持有人(称为 Subject)的 X.509 信息块,

# 加上所有者的公钥以及由 CA 的私钥的签名。如果要验证一份证书的真假,需要用对该证书进行签名的 CA 自己的证书
An unsigned   for submission to a  , which signs it with the   of their CA Certificate. Once the CSR is signed, it becomes a real certificate.
See:

# 注释 :所谓“证书签名请求(Certificate Signning Request)”,就是把一份未签名的证书提交给一个 CA ,申请用该 CA 的私钥进行加密。

# 一旦几个 CSR 被签名,就立即变成一份真实的证书
A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.
See:

# 注释 :所谓 CA(certificate authority)是一个受信任的第三方组织,它的目的是对某个网络实体的证书请求(CSR)使用自己的私钥进行签名。

# 其他网络实体如果想检验某份由该 CA 所签名的证书的真假,可以使用该 CA 的公钥对证书进行解密。如果能够解开,就说明这份证书的确是由该 CA 所签名的。

# 因为签名是由 CA 的私钥加密的,而私钥只有 CA 知道(假设它保管良好),而一个公钥只能和一个唯一的私钥对应,所以只要能够解密,就证明的确是该 CA

# 的私钥加密的,也就是等于承认了该证书的真实性。

An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc.
See:

# 注释 :Cipher 就是专门指对数据进行加密的算法,例如 DES、IDEA、RC4
The result after   is passed through a  .
See:

# 注释 :所谓 Cipertext 就是密文,也就是明文经过加密后的结果
A standard definition for an interface between a web server and an external program that allows the external program to service requests. The interface was originally defined by but there is also an .
See:

# 注释 :CGI 就是公共网关接口。是一个标准,用于 web 服务器和外部程序的接口,允许外部程序(不是 httpd)来服务器请求
See:  

A text file containing   that control the configuration of Apache.
See:

An HTTP   for proxying raw data channels over HTTP. It can be used to encapsulate other protocols, such as the SSL protocol.

# 注释 :CONNECT 是一种 HTTP method ,用于通过 HTTP 来代理原始数据通道。它可以用于封装其他的协议,例如 SSL 协议
An area in the   where certain types of   are allowed.
See:
An encrypted text block that validates a certificate or other file. A   creates a signature by generating a hash of the Public Key embedded in a Certificate, then encrypting the hash with its own Private Key. Only the CA's public key can decrypt the signature, verifying that the CA has authenticated the network entity that owns the Certificate.
See:

# 注释 :所谓数字签名就是一个加密的文本块(text block),用于验证一个证书或者其他文件(的真实性)。CA 建立一个证书的过程是对嵌入在证书签名请求(CSR)中的

# 公钥计算出一个 hash 值,然后用它的私钥进行加密,这个加密的 hash 值(摘要)就是数字签名。这样一来,只有该 CA 的公钥才能解开前面的签名,然后对证书中的公钥

# 计算出一个 hash 值,再和解密后得到的原始 hash 值比较,如果两者相等,就证明证书的真实性
A configuration command that controls one or more aspects of Apache's behavior. Directives are placed in the  
See:
  compiled separately from the Apache binary that can be loaded on-demand.
See:
Named variables managed by the operating system shell and used to store information and communicate between programs. Apache also contains internal variables that are referred to as environment variables, but are stored in internal Apache structures, rather than in the shell environment.
See:
Diminished in cryptographic strength (and security) in order to comply with the United States' Export Administration Regulations (EAR). Export-crippled cryptographic software is limited to a small key size, resulting in Ciphertext which usually can be decrypted by brute force.
See:

# 注释 :所谓 Export-Crippled 就是指美国对于加密算法的出口的限制,只能出口那些 key 的长度较小的算法,这样的算法安全性降低了,相对容易破解
A process that is applied to data that is sent or received by the server. Input filters process data sent by the client to the server, while output filters process documents on the server before they are sent to the client. For example, the INCLUDES output filter processes documents for  .
See:

The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, www is a hostname, example.com is a domain name, and is a fully-qualified domain name.
An internal Apache representation of the action to be performed when a file is called. Generally, files have implicit handlers, based on the file type. Normally, all files are simply served by the server, but certain file types are "handled" separately. For example, the cgi-script handler designates files to be processed as  .
See:
A mathematical one-way, irreversable algorithm generating a string with fixed-length from another string of any length. Different input strings will usually produce different hashes (depending on the hash function).

# 注释 :Hash 是一种用于计算数字摘要的算法。是一种单向的、不可逆的算法,确保不能从摘要推算出原文。它的计算结果是一个固定长度的字符串,不管原文有多长。

# 而且它要确保不同的原文必须产生不同的输出,不可能相同。
The part of the   request and response that is sent before the actual content, and that contains meta-information describing the content.
A   that is placed inside the web tree and applies configuration   to the directory where it is placed and all sub-directories. Despite its name, this file can hold almost any type of directive, not just access-control directives.
See:
The main Apache  . The default location is /usr/local/apache2/conf/httpd.conf, but it may be moved using run-time or compile-time configuration.
See:
The standard transmission protocol used on the World Wide Web. Apache implements version 1.1 of the protocol, referred to as HTTP/1.1 and defined by .
The HyperText Transfer Protocol (Secure), the standard encrypted communication mechanism on the World Wide Web. This is actually just HTTP over  .
See:

# 注释 :HTTPS 是安全超文本传输协议。用于Internet web 服务的标准的加密通信方案。实际上它是 HTTP  over SSL 而已。
In the context of  , an action to perform on a resource, specified on the request line by the client. Some of the methods available in HTTP are GET, POST, and PUT.

# 注释 :所谓 Method 就是在 HTTP 协议中,针对某个资源的一个动作,由客户机给出,例如 GET、POST、PUT
A hash of a message, which can be used to verify that the contents of the message have not been altered in transit.
See:

# 注释 :消息摘要就是前面提到的 Hash 算法的计算结果。可以用于检验消息是否在传输过程中被修改过,所以它是用于确保消息的完整性的。
A way to describe the kind of document being transmitted. Its name comes from that fact that its format is borrowed from the Multipurpose Internet Mail Extensions. It consists of a major type and a minor type, separated by a slash. Some examples are text/html, image/gif, and application/octet-stream. In HTTP, the MIME-type is transmitted in the Content-Type  .
See:

# 注释 :
An independent part of a program. Much of Apache's functionality is contained in modules that you can choose to include or exclude. Modules that are compiled into the Apache binary are called static modules, while modules that are stored separately and can be optionally loaded at run-time are called dynamic modules or  . Modules that are included by default are called base modules. Many modules are available for Apache that are not distributed as part of the Apache HTTP Server  . These are referred to as third-party modules.
See:
()
Module Magic Number is a constant defined in the Apache source code that is associated with binary compatibility of modules. It is changed when internal Apache structures, function calls and other significant parts of API change in such a way that binary compatibility cannot be guaranteed any more. On MMN change, all third party modules have to be at least recompiled, sometimes even slightly changed in order to work with the new version of Apache.
The Open Source toolkit for SSL/TLS
See #

# 注释 :OpenSSL 是 SSL/TLS 的开源实现
The word or phrase that protects private key files. It prevents unauthorized users from encrypting them. Usually it's just the secret encryption/decryption key used for  .
See:

# 注释 :口令句是用于加密 private key 的一个字符串,因为 private key 是文件的形式存在的,如果权限设置不当就有泄露的可能性,

# 所以建议使用口令句进行加密
The unencrypted text.

# 注释 :明文(plaintext)就是未加密的原始消息内容
The secret key in a   system, used to decrypt incoming messages and sign outgoing ones.
See:

# 注释 :private key 用于解密由公钥加密的密文(CipherText)以及进行签名
An intermediate server that sits between the client and the origin server. It accepts requests from clients, transmits those requests on to the origin server, and then returns the response from the origin server to the client. If several clients request the same content, the proxy can deliver that content from its cache, rather than requesting it from the origin server each time, thereby reducing response time.
See:
The publicly available key in a   system, used to encrypt messages bound for its owner and to decrypt signatures made by its owner.
See:

# 注释 :public key 是用于加密要发送的消息,以及用于解密由私钥加密的数据(一般是数字签名)
The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a key pair. Also called Asymmetric Cryptography.
See:

# 注释 :public key Cryptography (公钥密码学)就是指非对称加密系统的研究和应用。
A way of describing a pattern in text - for example, "all the words that begin with the letter A" or "every 10-digit phone number" or even "Every sentence with two commas in it, and no capital letter Q". Regular expressions are useful in Apache because they let you apply certain attributes against collections of files or resources in very flexible ways - for example, all .gif and .jpg files under any "images" directory could be written as "/images/.*(jpg|gif)$". Apache uses Perl Compatible Regular Expressions provided by the library.

A   server that appears to the client as if it is an origin server. This is useful to hide the real origin server from the client for security reasons, or to load balance.
Secure Sockets Layer
A protocol created by Netscape Communications Corporation for general communication authentication and encryption over TCP/IP networks. The most popular usage is HTTPS, i.e. the HyperText Transfer Protocol (HTTP) over SSL.
See:

# 注释 :所谓 SSL (secure socket layer)就是一个 Netscape 公司建立的协议,用于基于 TCP/IP 网络的普通的通信认证和加密。最常见的用途就是 HTTPS,

# 也就是 HTTP over SSL

A technique for embedding processing directives inside HTML files.
See:

# 注释 :所谓 SSI(Server Side Include)就是一个用于嵌入处理指定到 HTML 文件中的技术
The context information of a communication in general.

# 注释 :session(会话)就是泛指一个通信的上下文信息
The original SSL/TLS implementation library developed by Eric A. Young
The study and application of Ciphers that use a single secret key for both encryption and decryption operations.
See:

# 注释 :对称密码学就是对只使用一个 share secret ,同时用于加密和解密的技术的研究和应用
A package of files gathered together using the tar utility. Apache distributions are stored in compressed tar archives or using pkzip.

Transport Layer Security
The successor protocol to SSL, created by the Internet Engineering Task Force (IETF) for general communication authentication and encryption over TCP/IP networks. TLS version 1 is nearly identical with SSL version 3.
See:

# 注释 :TLS(传输层安全)是 SSL v3 的升级版,TLS v1 基本上 SSL v3 相同。
The name/address of a resource on the Internet. This is the common informal term for what is formally called a  . URLs are usually made up of a scheme, like http or https, a hostname, and a path. A URL for this page is .

# 注释 :URL (统一资源定位符)是对 Internet 上一个资源的“位置”的标识。有一个相对正式的名称 URI(统一资源标识)。
A compact string of characters for identifying an abstract or physical resource. It is formally defined by . URIs used on the world-wide web are commonly referred to as  .

# 注释 :URI 一般就是指 URL
Serving multiple websites using a single instance of Apache. IP virtual hosting differentiates between websites based on their IP address, while name-based virtual hosting uses only the name of the host and can therefore host many sites on the same IP address.
See: Apache Virtual Host documentation

# 注释 :所谓虚拟主机就是指只运行一个 Apache ,但却可以服务于多个站点,可以有基于 ip 和基于名称的两种
An authentication certificate scheme recommended by the International Telecommunication Union (ITU-T) which is used for SSL/TLS authentication.
See:

# 注释 :X.509 是一个证书标准的方案。

Available Languages: | | |

阅读(415) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~