静态IP地址、ssl证书和万恶之源
我有一个问题,我害怕答案。
我有: 顶级域名(来自新西兰领土托克劳,.tk,还有哪里?), 来自 startSSL.com 的免费 2 年 ssl 证书, 免费托管包。
现在,我克服了 startSSL 想要的每一个环节(诚然不是太难),获得了 2 年 ssl 证书,现在我担心我遇到了成功的最后障碍,可能仍然会阻碍我的计划。我梦想有一个角落证书,上面写着“Secured by startSSL”。我得到了代码片段和所有内容,并将其粘贴到我的网站中。
问题。我的主机不太热衷于允许我使用 ssl 的免费软件包。 据我所知,您需要访问一些配置文件才能发生这种情况? 或者您可以像使用 .htaccess 和 .htpassword 文件一样在您的虚拟主机上进行设置吗?
您还需要一个静态IP。有什么解决方法吗?
还是我在做梦?有人有建议吗?
I have a question, I fear the answer.
I have:
a top level domain name (free from Tokelau, a territory of New Zealand, .tk, where else?),
a free 2 year ssl certificate from startSSL.com,
a free hosting package.
Now I jumped through every hoop startSSL wanted (admittedly wasn't too difficult), to get me my 2 year ssl certificate, and now I fear I have encountered a final barrier to success that might still stall my plans. I dreamt of a corner certificate stating "Secured by startSSL". I got the code snippet and everythings, and have pasted it into my website.
Problem. my host is not so keen on a free package to allow me to ssl.
As far as I know you need access to some config files to allow this to happen?
or can you just like with .htaccess and .htpassword files do the setting on your webhost?
Also you need a static IP. Are there any workarounds?
Or am I dreaming? Anyone with advice?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
忘了它。如果您的主机没有配置 SSL,那么如果没有他们的帮助,您将无法添加它
Forget it. If your host doesn't have SSL configured, you have no chance to add it without their help
SSL 需要一些文件和配置更改,指向这些文件。
此外,静态 IP 也是必需的,因为对于加密请求,如果不解密,就无法知道请求的目标主机。静态 IP 地址的使用为该请求提供了目的地。
澄清一下:使用虚拟主机时,多个主机将共享相同的 IP 地址,因此当请求传入时,前两行是:
Apache(或任何 Web 服务器),查看“主机”字段以确定如何路由的请求。如果请求已加密,则无法确定如何路由请求,并且您需要知道使用什么证书才能解密它。
SSL Requires some files and configuration changes, pointing to the files.
Also, the static IP is required because with an encrypted request, there's no way to know to what host the request is intended without decryption. The use of a static IP address gives that request a destination.
To clarify: when using virtual hosts, multiple hosts will share the same IP address, so when a request comes in, the first two lines are:
Apache (or any web server), looks at the 'Host' field to determine how to route the request. If the request is encrypted, there's no way to determine how to route the request, and you need to know what certificate to use in order to decrypt it.
您提议的设置有两个问题。
免费主机通常不提供控制面板界面来允许安装 SSL 证书(至少我从未见过),因为这需要他们在后端的帮助或从前端访问 VPS / 专用服务器-end.
安装 SSL 证书必须使用静态 IP 地址。
There are two problems with your proposed set-up.
Free hosts generally don't provide a control panel interface to allow installation of SSL Certificates (at least I've never seen it) as this requires either their help on the back-end or VPS / Dedicated Server access from the front-end.
Static IP address is a must for SSL certificate installation.
从网络服务器的角度来看,SSL 证书涉及端口和 IP 地址,即使与基于名称的虚拟主机一起使用也是如此。
SSL 是关于与 URL/请求中的证书和域相匹配的 IP(以验证证书)。
您必须在网络服务器上为第二个 SSL 证书提供不同的端口或不同的 IP 地址。
或者,您还可以获得多域和通配符证书,允许不同的主机名或域将证书与不同的客户端请求 URL 相匹配,但证书仍然是 Web 服务器的该端口/IP 上的唯一内容。
只是我的 $.02
From webserver perspective, SSL cert is about a port and an IP address, even when being used with Name-based virtual hosts.
SSL is about the IP the matching the cert and domain in the URL/request(to verify the cert).
You would have to give a second SSL cert different port or different IP address on the webserver.
Alternatively, you can also get multi-domain and wildcard certs that allow different hostnames or domains to match the cert with different client request URLs, but the cert is still the only thing on that port/IP of the webserver.
Just my $.02