SSL证书配置和测试
我需要为网站实施 SSL 证书,经过一番研究后我得到了三个问题。
1) 我认为我需要购买 SSL 证书并要求我的主机安装它。我的问题是您是否需要更改证书网站的任何代码?
2)在我购买证书之前,网站至少要建立几个月。我只是想知道是否有可用于开发环境的开发 SSL 证书?
3)或者我必须使用自己分配的证书吗?如果是的话,有没有关于如何在本地计算机(wamp)和开发 URL 站点上创建 SSL 自分配证书的好教程?
非常感谢。 萨姆:)
I need to implement a SSL certificate for a website, I've got three questions after some research.
1) I believe i need to buy a SSL certificate and ask my host to install it. My question is do you need to alter any code for the website for the certificate?
2) Before I buy the certificate, the website is going to be built for a couple of month at least. I'm just wondering is there a developing SSL certificate I can use for the developing environment?
3) Or do I have to use self assigned certificate? If so are there any good tutorials on how to create a SSL self assigned certificate on a local machine (wamp) and a developing url site?
Thank you very much.
Sam :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
1) 不,您根本不需要更改网站上的任何代码即可使用已安装的 SSL 证书。它非常简单,只需在所需的目标链接前面添加 HTTPS: 协议规范而不是典型的 HTTP: 协议即可。但是,如果您想在网站访问者执行某些操作(例如提交包含潜在敏感数据的 Web 表单)之前确定其是否使用加密页面,那么根据您开发网站的内容,您将需要检测是否使用了加密页面。当前页面请求已通过 HTTP 或 HTTPS 发送,那么如果是 HTTP 请求的页面,您可能需要将页面请求重定向到 HTTPS 版本,然后再继续。
2) 除了创建您自己的“自签名”证书(第 3 条中对此有更多介绍)之外,您获得公开有效 SSL 证书的唯一选择是从公共认可的证书颁发机构 (CA )。长话短说,使用您的服务器和访问者的网络浏览器支持的相同加密标准的相同密钥长度的证书,无论供应商如何,都不会更强或更弱加密。因此,您可以简单地按价格购买 SSL 证书。我与 GoDaddy 没有任何关系,但多年来一直使用它们来获取公共 SSL 证书。
3)您当然可以创建自己的自签名证书。执行此操作的方法根据您的主机服务器和版本而有所不同。自签名证书的限制是,如果您要与任何人共享此证书,您会从浏览器收到警告消息,表明该证书不是从可验证的来源发布的。在大多数当前的浏览器中,它看起来像是一个巨大的可怕消息,表明出现了问题,并且它们试图警告您的用户不要这样做。不过,当然,使用自签名证书肯定没有什么问题。对于您自己的开发用途来说,这显然是正确的。即使具有相同密钥长度和加密方法的自签名证书在加密上也与商业提供的证书一样安全。如果您想使用自签名证书,只需搜索针对您的服务器操作系统和版本执行此操作的说明即可了解详细信息。安装后,当您尝试通过 HTTPS 浏览页面时,您将收到浏览器发出的警告。您的浏览器应该向您显示一个选项来永久记住并接受您的自签名证书,之后您将不再看到该警告,而该证书仍然安装并有效。
1) No, you do not need to alter any code on your website at all in order to use an installed SSL certificate. It is as simple as prefixing your desired destination link with the HTTPS: protocol specification instead of the typical HTTP: protocol. However, if you want to determine if your site visitor is using an encrypted page before they do something, such as submit a web form with potentially sensitive data, then depending on what you are developing your site in, you will need to detect if the current page request has been sent over HTTP or HTTPS, then if it is an HTTP requested page, you probably want to redirect the page request to the HTTPS version before proceeding.
2) Other than creating your own "self signed" certificate (more on this in #3), no your only option for a publicly valid SSL certificate is to obtain one from a publicly recognized Certificate Authority (CA). Long story short, a certificate of the same key length using the same encryption standard supported by your server and visitor's web browser, is no stronger or weaker regardless of vendor for purposes of encryption. So you can simply shop by price for your SSL certs. I have no affiliation with GoDaddy, but have been using them for years for public SSL certificates.
3) You certainly can create your own self signed certificate. The methods for doing this vary based on your host server and version. The limitation to a self signed certificate, is that if you go to share this with anyone, you get that warning message from your browser that the certificate is not published from a verifiable source. In most current browsers, it looks like a big scary message that something is wrong and they attempt to warn your user away from doing this. However, of course, there is certainly nothing wrong with using a self signed certificate. This is obviously true for your own development uses. Even a self signed certificate of the same key length and encryption method is as cryptographically secure as a commercially provided certificate. If you want to use a self signed certificate, just search for instruction for doing that for your server OS and version for details. Once it is installed, you will get the warning from your browser when you try to browse to a page over HTTPS. Your browser should show you an option to permanently remember and accept your self signed certificate, after which you will no longer see that warning while that certificate remains installed and valid.