Boost Beast Translation (zh_Hans)/Doc / Qbk / 03 Core / 9 Ssl Tls Certificate (qbk) — Chinese (Simplified Han script) @ Boost-Weblate: recommends that if a certificate includes a SAN dNSName field, …

Zen

Translation

Source string description

type: paragraph

English

Chinese (Simplified Han script)

Needs editing (Needs rewriting)

Skip

Loading…

admin

String added in the repository

English

Chinese (Simplified Han script) 261 characters editedCurrent translationState: Needs editing (Needs rewriting)

06/05/2026

Browse all string changes

Things to check

Unchanged translation

Source and translation are identical.

Reset

Glossary

English	Chinese (Simplified Han script)
No related strings found in the glossary.

String information

Source string description

type: paragraph

Unit identifier

59453

Source string location

string ID 93

String age

06/05/2026

Last updated

06/05/2026

Source string age

06/05/2026

Translation file QuickBook file

doc/qbk/03_core/9_ssl_tls_certificate_zh_Hans.qbk, string 19

Shortcut	Action
`?`	Open available keyboard shortcuts.
`Alt` + `Home`	Navigate to the first translation in the current search.
`Alt` + `End`	Navigate to the last translation in the current search.
`Alt` + `PageUp` or `Ctrl` + `↑` or `Alt` + `↑` or `Cmd` + `↑` or	Navigate to the previous translation in the current search.
`Alt` + `PageDown` or `Ctrl` + `↓` or `Alt` + `↓` or `Cmd` + `↓` or	Navigate to the next translation in the current search.
`Ctrl` + `Enter` or `Cmd` + `Enter`	Submit current form; this works the same as pressing Save and continue while editing translation.
`Ctrl` + `Shift` + `Enter` or `Cmd` + `Shift` +`Enter`	Unmark translation as Needing edit and submit it.
`Alt` + `Enter` or `Option` + `Enter`	Submit the string as a suggestion; this works the same as pressing Suggest while editing translation.
`Ctrl` + `E` or `Cmd` + `E`	Focus on translation editor.
`Ctrl` + `U` or `Cmd` + `U`	Focus on comment editor.
`Ctrl` + `M` or `Cmd` + `M`	Shows Automatic suggestions tab.
`Ctrl` + `1` to `Ctrl` + `9` or `Cmd` + `1` to `Cmd` + `9`	Copies placeable of a given number from source string.
`Ctrl` + `M` followed by `1` to `9` or `Cmd` + `M` followed by `1` to `9`	Copy the machine translation of a given number to current translation.
`Ctrl` + `I` followed by `1` to `9` or `Cmd` + `I` followed by `1` to `9`	Ignore one item in the list of failing checks.
`Ctrl` + `J` or `Cmd` + `J`	Shows the Nearby strings tab.
`Ctrl` + `S` or `Cmd` + `S`	Focus on search field.
`Ctrl` + `O` or `Cmd` + `O`	Copy the source string.
`Ctrl` + `Y` or `Cmd` + `Y`	Toggle the Needs editing checkbox.
`→`	Browse the next translation string.
`←`	Browse the previous translation string.

	English	Chinese (Simplified Han script)	Actions
	Boost.Asio provides various methods for loading certificate authority certificates:	Boost.Asio provides various methods for loading certificate authority certificates:
	* [@boost:/doc/html/boost_asio/reference/ssl__context/add_certificate_authority.html `net::ssl::context::add_certificate_authority`] * [@boost:/doc/html/boost_asio/reference/ssl__context/add_verify_path.html `net::ssl::context::add_verify_path`] * [@boost:/doc/html/boost_asio/reference/ssl__context/load_verify_file.html `net::ssl::context::load_verify_file`] * [@boost:/doc/html/boost_asio/reference/ssl__context/set_default_verify_paths.html `net::ssl::context::set_default_verify_paths`]	* [@boost:/doc/html/boost_asio/reference/ssl__context/add_certificate_authority.html `net::ssl::context::add_certificate_authority`] * [@boost:/doc/html/boost_asio/reference/ssl__context/add_verify_path.html `net::ssl::context::add_verify_path`] * [@boost:/doc/html/boost_asio/reference/ssl__context/load_verify_file.html `net::ssl::context::load_verify_file`] * [@boost:/doc/html/boost_asio/reference/ssl__context/set_default_verify_paths.html `net::ssl::context::set_default_verify_paths`]
	It is important to set up peer verification so that the TLS/SSL handshake fails if certificate verification is unsuccessful:	It is important to set up peer verification so that the TLS/SSL handshake fails if certificate verification is unsuccessful:
	A client must also verify that the hostname or IP address in the certificate matches the expected one. The [@boost:/doc/html/boost_asio/reference/ssl__host_name_verification.html `net::ssl::host_name_verification`] helper function object can perform this verification according to the rules described in RFC 6125:	A client must also verify that the hostname or IP address in the certificate matches the expected one. The [@boost:/doc/html/boost_asio/reference/ssl__host_name_verification.html `net::ssl::host_name_verification`] helper function object can perform this verification according to the rules described in RFC 6125:
	A server can also request and verify a client certificate to authenticate the client:	A server can also request and verify a client certificate to authenticate the client:
	Server Certificate	Server Certificate
	A Server Certificate is a digital certificate that confirms a server's identity as the legitimate destination for a client. It contains a verifiable signature that ensures it was issued by a trusted certificate authority (CA).	A Server Certificate is a digital certificate that confirms a server's identity as the legitimate destination for a client. It contains a verifiable signature that ensures it was issued by a trusted certificate authority (CA).
	When a server certificate is issued by an intermediate certificate authority, and the client lacks those intermediate certificates, the server should provide all the relevant certificates to the client. This allows the client to verify the final certificate in the chain against the root certificate.	When a server certificate is issued by an intermediate certificate authority, and the client lacks those intermediate certificates, the server should provide all the relevant certificates to the client. This allows the client to verify the final certificate in the chain against the root certificate.
	The following Boost.Asio methods can be used for loading a certificate or a certificate chain:	The following Boost.Asio methods can be used for loading a certificate or a certificate chain:
	* [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate.html `net::ssl::context::use_certificate`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate_file.html `net::ssl::context::use_certificate_file`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate_chain.html `net::ssl::context::use_certificate_chain`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate_chain_file.html `net::ssl::context::use_certificate_chain_file`]	* [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate.html `net::ssl::context::use_certificate`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate_file.html `net::ssl::context::use_certificate_file`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate_chain.html `net::ssl::context::use_certificate_chain`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate_chain_file.html `net::ssl::context::use_certificate_chain_file`]
	Client Certificate	Client Certificate
	A server can authenticate clients by requiring and verifying their certificates, preventing access for those without a valid certificate and private key. The server enforces this by modifying peer verification settings:	A server can authenticate clients by requiring and verifying their certificates, preventing access for those without a valid certificate and private key. The server enforces this by modifying peer verification settings:
	If used, the necessary CA certificates must be loaded into the server's SSL context to enable verification of the client's certificate.	If used, the necessary CA certificates must be loaded into the server's SSL context to enable verification of the client's certificate.
	Common Name and Subject Alternative Name	Common Name and Subject Alternative Name
	The Subject Alternative Name (SAN) is an extension in X.509 certificates that allows multiple domain names, subdomains, or IP addresses to be associated with a single SSL/TLS certificate. Before that it was the Common Name field in the certificate subject which could contain a single hostname.	The Subject Alternative Name (SAN) is an extension in X.509 certificates that allows multiple domain names, subdomains, or IP addresses to be associated with a single SSL/TLS certificate. Before that it was the Common Name field in the certificate subject which could contain a single hostname.
	recommends that if a certificate includes a SAN dNSName field, the client must ignore the subject CN field. Some modern browsers, such as Google Chrome, check only the SAN section in an SSL/TLS certificate and reject certificates that contain only the CN field.	recommends that if a certificate includes a SAN dNSName field, the client must ignore the subject CN field. Some modern browsers, such as Google Chrome, check only the SAN section in an SSL/TLS certificate and reject certificates that contain only the CN field.
	Private Key	Private Key
	The private key of a certificate is required during the SSL/TLS handshake to prove that the certificate's provider is its rightful owner	The private key of a certificate is required during the SSL/TLS handshake to prove that the certificate's provider is its rightful owner
	The following Boost.Asio methods can be used for loading a private key:	The following Boost.Asio methods can be used for loading a private key:
	* [@boost:/doc/html/boost_asio/reference/ssl__context/use_private_key.html `net::ssl::context::use_private_key`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_private_key_file.html `net::ssl::context::use_private_key_file`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_rsa_private_key.html `net::ssl::context::use_rsa_private_key`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_rsa_private_key_file.html `net::ssl::context::use_rsa_private_key_file`]	* [@boost:/doc/html/boost_asio/reference/ssl__context/use_private_key.html `net::ssl::context::use_private_key`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_private_key_file.html `net::ssl::context::use_private_key_file`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_rsa_private_key.html `net::ssl::context::use_rsa_private_key`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_rsa_private_key_file.html `net::ssl::context::use_rsa_private_key_file`]
	If the private key is secured with a password, the [@boost:/doc/html/boost_asio/reference/ssl__context/set_password_callback.html net::ssl::context::set_password_callback] allows specifying a callable object to retrieve the password.	If the private key is secured with a password, the [@boost:/doc/html/boost_asio/reference/ssl__context/set_password_callback.html net::ssl::context::set_password_callback] allows specifying a callable object to retrieve the password.
	Self-Signed and Self-Issued Certificates	Self-Signed and Self-Issued Certificates
	A self-issued certificate is a certificate where the issuer and subject are the same entity.	A self-issued certificate is a certificate where the issuer and subject are the same entity.
	A self-signed certificate is a self-issued certificate in which the digital signature can be verified using the public key within the certificate.	A self-signed certificate is a self-issued certificate in which the digital signature can be verified using the public key within the certificate.
	Installing an untrusted, self-issued, or self-signed CA certificate poses a	Installing an untrusted, self-issued, or self-signed CA certificate poses a
	Diffie-Hellman (DH) Parameters	Diffie-Hellman (DH) Parameters
	Diffie-Hellman (DH) key exchange is a cryptographic protocol that allows two parties to securely establish a shared secret over an insecure communication channel. The key exchange process involves both parties agreeing on a set of parameters, known as Diffie-Hellman parameters, which include a large prime number `p` and a generator `g`. Since generating these parameters is a computationally expensive task, a user might prefer to provide a precomputed value at startup.	Diffie-Hellman (DH) key exchange is a cryptographic protocol that allows two parties to securely establish a shared secret over an insecure communication channel. The key exchange process involves both parties agreeing on a set of parameters, known as Diffie-Hellman parameters, which include a large prime number `p` and a generator `g`. Since generating these parameters is a computationally expensive task, a user might prefer to provide a precomputed value at startup.
	The following Boost.Asio methods can be used for loading DH parameters:	The following Boost.Asio methods can be used for loading DH parameters:
	* [@boost:/doc/html/boost_asio/reference/ssl__context/use_tmp_dh.html `net::ssl::context::use_tmp_dh`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_tmp_dh_file.html `net::ssl::context::use_tmp_dh_file`]	* [@boost:/doc/html/boost_asio/reference/ssl__context/use_tmp_dh.html `net::ssl::context::use_tmp_dh`] * [@boost:/doc/html/boost_asio/reference/ssl__context/use_tmp_dh_file.html `net::ssl::context::use_tmp_dh_file`]
	If no DH parameter is provided, OpenSSL will refuse to perform any handshake that uses DHE-based cipher suites but will still work with other cipher suites, such as those based on ECDHE.	If no DH parameter is provided, OpenSSL will refuse to perform any handshake that uses DHE-based cipher suites but will still work with other cipher suites, such as those based on ECDHE.
	A Self-Issued Certificate Example	A Self-Issued Certificate Example

	English	Chinese (Simplified Han script)	Actions
	``` openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -copy_extensions copy -days 365 -out server.crt ```	``` openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -copy_extensions copy -days 365 -out server.crt ```
	* Generate a Client CSR:	* Generate a Client CSR:
	``` openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -subj "/CN=client.1" ```	``` openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -subj "/CN=client.1" ```
	* Sign the Client CSR using our CA:	* Sign the Client CSR using our CA:
	``` openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -days 365 -out client.crt ```	``` openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -days 365 -out client.crt ```
	* Generate a DH parameters file:	* Generate a DH parameters file:
	``` openssl dhparam -out dh4096.pem 4096 ```	``` openssl dhparam -out dh4096.pem 4096 ```
	Server example: [path_link example/doc/ssl/server.cpp server.cpp]	Server example: [path_link example/doc/ssl/server.cpp server.cpp]
	Note that the server is configured in such a way that it requests and verifies the client certificate. You can disable this by commenting out the related line in the example.	Note that the server is configured in such a way that it requests and verifies the client certificate. You can disable this by commenting out the related line in the example.
	You can test the server using this cURL command:	You can test the server using this cURL command:
	``` curl https://localhost:8080 --cacert ca.crt --cert client.crt --key client.key ```	``` curl https://localhost:8080 --cacert ca.crt --cert client.crt --key client.key ```
	Also, you can use the client example: [path_link example/doc/ssl/client.cpp client.cpp]	Also, you can use the client example: [path_link example/doc/ssl/client.cpp client.cpp]
	recommends that if a certificate includes a SAN dNSName field, the client must ignore the subject CN field. Some modern browsers, such as Google Chrome, check only the SAN section in an SSL/TLS certificate and reject certificates that contain only the CN field.	recommends that if a certificate includes a SAN dNSName field, the client must ignore the subject CN field. Some modern browsers, such as Google Chrome, check only the SAN section in an SSL/TLS certificate and reject certificates that contain only the CN field.
	Private Key	Private Key
	The private key of a certificate is required during the SSL/TLS handshake to prove that the certificate's provider is its rightful owner	The private key of a certificate is required during the SSL/TLS handshake to prove that the certificate's provider is its rightful owner
	The following Boost.Asio methods can be used for loading a private key:	The following Boost.Asio methods can be used for loading a private key:
	SSL/TLS Certificate	SSL/TLS Certificate
	Certificate Authority	Certificate Authority
	A Certificate Authority (CA) is a trusted entity that signs digital certificates, enabling users to verify their authenticity. Rather than storing every individual certificate for each server (which would be impractical due to the sheer volume and frequent renewals), users can store a limited set of root certificates to authenticate server certificates as needed.	A Certificate Authority (CA) is a trusted entity that signs digital certificates, enabling users to verify their authenticity. Rather than storing every individual certificate for each server (which would be impractical due to the sheer volume and frequent renewals), users can store a limited set of root certificates to authenticate server certificates as needed.
	Boost.Asio provides various methods for loading certificate authority certificates:	Boost.Asio provides various methods for loading certificate authority certificates:
	* [@boost:/doc/html/boost_asio/reference/ssl__context/add_certificate_authority.html `net::ssl::context::add_certificate_authority`] * [@boost:/doc/html/boost_asio/reference/ssl__context/add_verify_path.html `net::ssl::context::add_verify_path`] * [@boost:/doc/html/boost_asio/reference/ssl__context/load_verify_file.html `net::ssl::context::load_verify_file`] * [@boost:/doc/html/boost_asio/reference/ssl__context/set_default_verify_paths.html `net::ssl::context::set_default_verify_paths`]	* [@boost:/doc/html/boost_asio/reference/ssl__context/add_certificate_authority.html `net::ssl::context::add_certificate_authority`] * [@boost:/doc/html/boost_asio/reference/ssl__context/add_verify_path.html `net::ssl::context::add_verify_path`] * [@boost:/doc/html/boost_asio/reference/ssl__context/load_verify_file.html `net::ssl::context::load_verify_file`] * [@boost:/doc/html/boost_asio/reference/ssl__context/set_default_verify_paths.html `net::ssl::context::set_default_verify_paths`]
	It is important to set up peer verification so that the TLS/SSL handshake fails if certificate verification is unsuccessful:	It is important to set up peer verification so that the TLS/SSL handshake fails if certificate verification is unsuccessful:
	A client must also verify that the hostname or IP address in the certificate matches the expected one. The [@boost:/doc/html/boost_asio/reference/ssl__host_name_verification.html `net::ssl::host_name_verification`] helper function object can perform this verification according to the rules described in RFC 6125:	A client must also verify that the hostname or IP address in the certificate matches the expected one. The [@boost:/doc/html/boost_asio/reference/ssl__host_name_verification.html `net::ssl::host_name_verification`] helper function object can perform this verification according to the rules described in RFC 6125:
	A server can also request and verify a client certificate to authenticate the client:	A server can also request and verify a client certificate to authenticate the client:
	Server Certificate	Server Certificate
	A Server Certificate is a digital certificate that confirms a server's identity as the legitimate destination for a client. It contains a verifiable signature that ensures it was issued by a trusted certificate authority (CA).	A Server Certificate is a digital certificate that confirms a server's identity as the legitimate destination for a client. It contains a verifiable signature that ensures it was issued by a trusted certificate authority (CA).
	When a server certificate is issued by an intermediate certificate authority, and the client lacks those intermediate certificates, the server should provide all the relevant certificates to the client. This allows the client to verify the final certificate in the chain against the root certificate.	When a server certificate is issued by an intermediate certificate authority, and the client lacks those intermediate certificates, the server should provide all the relevant certificates to the client. This allows the client to verify the final certificate in the chain against the root certificate.

Translation

Things to check

Unchanged translation

Glossary

String information

Source string description

Details

Unit identifier

Source string location

String age

Last updated

Source string age

Translation file QuickBook file