Before the LDAP client USES a certificate for encryption, it verifies that the server it is talking with owns the certificate by encrypting a challenge and verifying that the server can decrypt it.
SSH offers certificate based authentication, strong encryption, and other features, and is considered to be far more secure.
SSH提供基于验证的证书、强加密和其他特性,并且被认为安全多了。
3
Because this is using asymmetric encryption, where each side has its own certificate and private key, it should be somewhat simpler to handle than the Listing 5 symmetric-encryption example.