| 主权项 |
1. A method, implemented by a computing system programmed to perform the following, comprising:
collecting, by the computing system, information about a set of one or more cryptographic certificates already deployed at one or more remote computing systems over a network, wherein the information about the set of one or more cryptographic certificates comprises certificate parameters from both valid and invalid certificates; receiving first input to designate a first subset of the set of cryptographic certificates as valid certificates; receiving second input to designate a second subset of the set of cryptographic certificates as invalid certificates; and automatically generating, by the computing system, a policy from the collected information about the set of one or more cryptographic certificates, wherein automatically generating the policy comprises:
comparing the certificate parameters of the first subset of the set of cryptographic certificates to the certificate parameters of the second subset of the set of cryptographic certificates to generate comparative results; anddefining a first condition of a set of conditions for the policy responsive to and based on the comparative results. |
