Kodi pali kusiyana kotani pakati pa http vs https? Kufotokozera mwatsatanetsatane ndondomeko ya SSL encryption

Ndi chitukuko chofulumira cha intaneti, anthu ena amachita zomwe akufunaWechat malonda,Kukwezeleza akaunti yapagulu, koma amadandaulaKutsatsa Paintanetisizigwira ntchito, kwenikwenimedia yatsopanoNjira yabwino yoti anthu azitha kutsatsa pa intaneti ndi kudzera pakusakangalandekuchuluka kwake.

Chifukwa chake, injini zosaka ndizodziwika kwambiri masiku anoKutsatsa Kwapaintanetiimodzi mwa njira.

Kuphatikiza apo, injini zosakira Google ndi Baidu zanena poyera kuti ma https akuphatikizidwa pamakina osakira.

makamakaZamalondaKwa mawebusayiti, tikulimbikitsidwa kugwiritsa ntchito https encryption protocol, zomwe sizimangothandiza kukweza masanjidwe, komanso zimathandiza ogwiritsa ntchito kuwona tsambalo mosamala.

Protocol ya Hypertext Transfer Protocol HTTP imagwiritsidwa ntchito kusamutsa zidziwitso pakati pa msakatuli ndi seva. HTTP protocol imatumiza zomwe zili m'mawu omveka bwino ndipo sizipereka mtundu uliwonse wa kubisa kwa data. Ngati wowukira asokoneza kulumikizana kwa msakatuli ndi seva protocol siyoyenera kutumiza zidziwitso zachinsinsi, monga nambala ya kirediti kadi, mawu achinsinsi ndi zina zolipira.

Pofuna kuthetsa vutoli la protocol ya HTTP, ndondomeko ina iyenera kugwiritsidwa ntchito: HTTPS yotetezeka ya socket layer hypertext transfer protocol HTTPS. seva. , ndi kubisa kulumikizana pakati pa msakatuli ndi seva.

XNUMX. Malingaliro oyambira a HTTP ndi HTTPS

HTTP: ndiyo njira yogwiritsiridwa ntchito kwambiri pa netiweki pa intaneti. Ndi kasitomala-mbali ndi seva-mbali yopempha ndi mayankho (TCP) imagwiritsidwa ntchito kutumiza hypertext kuchokera pa seva ya WWW kupita kwa osatsegula wamba. kothandiza, zomwe zimapangitsa kuti kusamutsidwa kwa maukonde kuchepe.

HTTPS: Ndi njira yotetezeka ya HTTP.Mwachidule, ndi mtundu wotetezedwa wa HTTP, ndiko kuti, kuwonjezera gawo la SSL ku HTTP.Maziko achitetezo a HTTPS ndi SSL, kotero kuti zambiri zachinsinsi zimafunikira SSL.

Ntchito zazikulu za protocol ya HTTPS zitha kugawidwa m'mitundu iwiri: imodzi ndikukhazikitsa njira yotetezera zidziwitso kuti zitsimikizire chitetezo cha kufalitsa deta; ina ndikutsimikizira kutsimikizika kwa tsambalo.

XNUMX. Kodi pali kusiyana kotani pakati pa HTTP ndi HTTPS?

Zomwe zimatumizidwa ndi protocol ya HTTP sizinalembedwe, ndiye kuti ndizosavuta kugwiritsa ntchito protocol ya HTTP kufalitsa zinsinsi. Protocol ya SSL (Secure Sockets Layer) ya HTTPS idabadwa kuti ibisire zomwe zimafalitsidwa ndi protocol ya HTTP.

Mwachidule, HTTPS protocol ndi network protocol yopangidwa ndi SSL + HTTP protocol yomwe imatha kutumizirana ma encrypted transmission and identification, ndipo imakhala yotetezeka kuposa http protocol.

Kusiyana kwakukulu pakati pa HTTPS ndi HTTP ndi motere:

• 1. Protocol ya https ikuyenera kupita ku ca kuti ikalembetse satifiketi. Nthawi zambiri, satifiketi yaulere imakhala yochepa, ndiye kuti ndalama zina zimafunikira.
• 2. http ndi hypertext transfer protocol, zambiri zimafalitsidwa m'mawu osavuta, ndipo https ndi njira yotetezedwa ya ssl encrypted transfer.
• 3. http ndi https amagwiritsa ntchito njira zolumikizirana zosiyana ndi madoko osiyanasiyana. Yoyamba ndi 80 ndipo yomaliza ndi 443.
• 4. Kulumikizana kwa http ndikosavuta komanso kosawerengeka; protocol ya HTTPS ndi network protocol yopangidwa ndi protocol ya SSL + HTTP yomwe imatha kutumizirana ma encrypted ndikutsimikizira kuti ndi ndani, yomwe ili yotetezeka kuposa http protocol.

XNUMX. Kufotokozera mwatsatanetsatane za ndondomeko ya HTTPS ndi SSL encryption

Tonse tikudziwa kuti HTTPS imatha kubisa zidziwitso kuti ziletse zidziwitso zachinsinsi kuti zisamapezeke ndi anthu ena, kotero mawebusayiti ambiri amabanki kapena maimelo ndi mautumiki ena okhala ndi chitetezo chambiri adzagwiritsa ntchito protocol ya HTTPS.

1. Wogula ayambitsa pempho la HTTPS

Izi sizinganene, ndiye kuti, wogwiritsa ntchito amalowetsa ulalo wa https mu msakatuli, kenako ndikulumikizana ndi doko la 443 la seva.

2. Kusintha kwa seva

Seva yogwiritsa ntchito protocol ya HTTPS iyenera kukhala ndi ziphaso za digito, zomwe mungapange nokha kapena kuyika ku bungwe.Kusiyanitsa ndikuti satifiketi yoperekedwa ndi inu nokha iyenera kutsimikiziridwa ndi kasitomala musanapitilize kulowa, pomwe satifiketi yoperekedwa ndi kampani yodalirika sichitero. Tsamba lachidziwitso lidzatuluka.

Sitifiketiyi ndi makiyi awiri agulu komanso makiyi achinsinsi. Ngati simukumvetsetsa makiyi omwe ali ndi anthu komanso makiyi achinsinsi, mutha kuganiza kuti ndi kiyi ndi loko, koma ndiwe munthu wekha padziko lapansi amene muli ndi kiyiyi. , mutha kutseka Loko Mutu kwa ena, ena angagwiritse ntchito loko kutseka zinthu zofunika, kenako ndikutumizani kwa inu, chifukwa ndi inu nokha amene muli ndi kiyi iyi, ndiye kuti ndiwe yekha amene angawone zinthu zokhoma ndi loko iyi.

3. Tumizani satifiketi

Satifiketi iyi ndi kiyi yapagulu, koma ili ndi zambiri, monga olamulira satifiketi, nthawi yotha ntchito, ndi zina zotero.

4. Satifiketi ya kasitomala

Gawo ili la ntchitoyo likuchitidwa ndi TLS ya kasitomala, choyamba, idzatsimikizira ngati chinsinsi cha anthu onse ndi chovomerezeka, monga wolamulira wopereka, nthawi yotsiriza, ndi zina zotero. pali vuto ndi satifiketi.

Ngati palibe vuto ndi chiphaso, ndiye pangani mtengo wachisawawa, ndiyeno gwiritsani ntchito chiphasocho kuti mubise mtengo wachisawawa, monga tafotokozera pamwambapa, tsekani mtengo wokhazikika ndi loko, kuti pokhapokha ngati pali fungulo, simungathe kuwona zokhoma zamtengo wapatali.

5. Kutumiza mauthenga obisika

Gawoli limatumiza mtengo wachinsinsi womwe wasungidwa ndi satifiketi. Cholinga chake ndikulola seva kuti ipeze mtengo wachisawawa, ndiyeno kulumikizana pakati pa kasitomala ndi seva kumatha kubisidwa ndi kusinthidwa mwachisawawa.

6. Chidziwitso chachinsinsi cha gawo lautumiki

Seva ikatha kusokoneza ndi kiyi yachinsinsi, imapeza mtengo wachinsinsi (chinsinsi chachinsinsi) chotumizidwa ndi kasitomala, kenako ndikulemba zomwe zili mumtengowo molingana ndi mtengo wake. ndipo onse kasitomala ndi seva amadziwa chinsinsi chachinsinsi, bola ngati algorithm ya encryption ili yolimba mokwanira ndipo chinsinsi chachinsinsi chimakhala chovuta mokwanira, deta ndi yotetezeka mokwanira.

7. Kutumiza mauthenga obisika

Gawo ili la chidziwitso ndi chidziwitso chomwe chimasungidwa ndi kiyi yachinsinsi cha gawo lautumiki ndipo chikhoza kubwezeretsedwanso kumbali ya kasitomala.

8. Zambiri za kasitomala

Wothandizira amachotsa zidziwitso zomwe zatumizidwa ndi gawo lautumiki ndi kiyi yachinsinsi yomwe idapangidwa kale, motero amapeza zomwe zidasungidwa.

Chachinayi, malingaliro a injini zosakira ku HTTPS

Baidu yakhazikitsa tsamba lathunthu latsamba la HTTPS losakanizidwa ndi encrypted kuti lithetse kununkhiza ndi kubera zinsinsi za "gulu lachitatu". Nkhaniyi, Baidu adanena polengeza mu September 2010 kuti "Baidu sidzakwawa masamba a HTTPS", pamene Google inanena mu ndondomeko ya algorithm kuti "pazimenezi, malo ogwiritsira ntchito HTTPS encryption technology adzakhala ndi masanjidwe abwinoko. .

Chifukwa chake, m'malo akuluwa, kodi oyang'anira masamba akuyenera kutengera protocol "yowopsa" ya HTTPS? HTTPS pamakina osakiraSEONanga bwanji zotsatira zake?

1. Maganizo a Google

Maganizo a Google pa kuphatikizika kwa masamba a HTTPS siwosiyana ndi malo a HTTP, ndipo amatenganso "kaya kugwiritsa ntchito encryption yotetezeka" (HTTPS) ngati cholozera pakusaka kwa algorithm. Pali mwayi wowonetsa zambiri, ndipo kusanja kulinso kopindulitsa kuposa masamba a HTTP amasamba ofanana.

Ndipo Google yanena momveka bwino kuti "akuyembekeza kuti onse olemba mawebusayiti azitha kugwiritsa ntchito protocol ya HTTPS m'malo mwa HTTP", zomwe zikuwonetsa kutsimikiza mtima kwake kukwaniritsa cholinga cha "HTTPS kulikonse".

2. Maganizo a Baidu

M'mbuyomu, ukadaulo wa Baidu unali wobwerera m'mbuyo, kunena kuti "singakwawa masamba a https", komanso "idada nkhawa" ndi "masamba ambiri a https sangaphatikizidwe". pangani mawebusayiti a https kuti mukwaniritse cholingacho". Nkhani idasindikizidwa pankhani ya "Friendly to Baidu", yopereka malingaliro anayi ndi zochita zenizeni "zopititsa patsogolo kulumikizana kwa Baidu pamasamba a https":

1. Pangani masamba opezeka pa http amasamba a https omwe akuyenera kulembedwa ndi injini yosakira ya Baidu.

2. Weruzani mlendo kudzera mwa wogwiritsa ntchito, ndikukhazikitsa BaiDuspider imalunjikitsidwa ku tsamba la http. Ogwiritsa ntchito wamba akamayendera tsambalo kudzera pa injini yosakira ya Baidu, amatumizidwa patsamba lofananira la https mpaka 301.Monga momwe tawonetsera pachithunzichi, chithunzi pamwambapa chikuwonetsa mtundu wa http womwe uli nawo ku Baidu, ndipo chithunzi cham'munsi chikuwonetsa kuti ogwiritsa ntchito adzalumphira ku mtundu wa https akadina.

3. Tsamba la http silimangopangidwira tsamba loyambira, masamba ena ofunikira amafunikanso kupangidwa ndi mtundu wa http ndikulumikizana wina ndi mnzake.Musati muchite izi: ulalo womwe uli patsamba lofikira http ukadali wolumikizidwa ndi tsamba la https. , zomwe zimapangitsa Baiduspider kulephera kupitiriza kukwawa—— Takumana ndi zinthu zotere kotero kuti tingaphatikizepo tsamba limodzi latsamba lonselo.

4. Zina zomwe sizifunikira kubisidwa, monga chidziwitso, zitha kunyamulidwa ndi dzina lachidziwitso chachiwiri.MwachitsanzoAlipayTsambali, zomwe zili mkati mwachinsinsi zimayikidwa pa https, zomwe zimatha kugwidwa mwachindunji ndi Baiduspider zimayikidwa pa dzina lachidziwitso chachiwiri.

Malinga ndi kuyesa kwa Computer Science House mu ulalo womwe uli pansipa, zimatengera 114 milliseconds kukhazikitsa kulumikizana ndi HTTP; zimatengera 436 milliseconds kukhazikitsa kulumikizana ndi HTTPS, ndi 322 milliseconds pa gawo la ssl, kuphatikiza kuchedwa kwa netiweki ndi kupitilira apo. ya encryption ndi decryption ya ssl yokha (seva molingana ndi chidziwitso cha kasitomala Dziwani ngati kiyi yatsopano iyenera kupangidwa; seva imayankha ku kiyi ya master ndikubweza uthenga wotsimikizika ndi kiyi ya master kwa kasitomala; seva imapempha kasitomala kuti asayine siginecha ya digito ndi kiyi yapagulu).

XNUMX. Kodi ma HTTPS amadya bwanji kuposa HTTP?

HTTPS kwenikweni ndi HTTP protocol yomangidwa pamwamba pa SSL/TLS.Chen WeiliangNdikuganiza kuti zimatengera kuchuluka kwa seva zomwe zimagwiritsidwa ntchito ndi SSL / TLS yokha.

HTTP imagwiritsa ntchito TCP kugwirana chanza katatu kuti akhazikitse mgwirizano, ndipo kasitomala ndi seva ayenera kusinthanitsa mapaketi a 3;

Kuphatikiza pa mapaketi atatu a TCP, HTTPS ikufunikanso kuwonjezera mapaketi 9 ofunikira pakugwirana chanza kwa ssl, kotero pali mapaketi 12 onse.

Kulumikizana kwa SSL kukhazikitsidwa, njira yotsatirira yotsatizana imakhala njira yolumikizira yofananira monga 3DES, yomwe ili ndi katundu wopepuka wa CPU. , kotero vuto likubwera.Ngati mumanganso gawo la ssl pafupipafupi, zotsatira zake pa seva zimakhala zowopsa.Ngakhale kutsegula HTTPS kusunga moyo kumatha kuchepetsa vuto la kulumikizidwa kumodzi, ndi tsamba lalikulu. ndi kuchuluka kwa ogwiritsa ntchito nthawi imodzi. , projekiti yodziyimira payokha ya SSL yoyimitsa kutengera kugawana katundu ndiyofunikira. Ntchito yapaintaneti imayikidwa pambuyo pa SSL termination proxy. The SSL termination proxy can be hardware based, such as F5; or that can be kutengera软件Inde, mwachitsanzo, Wikipedia imagwiritsa ntchito Nginx.

Pambuyo potengera HTTPS, kuchuluka kwa seva zomwe zidzagwiritsidwe ntchito, Januware 2010GmailKusintha kugwiritsa ntchito kwathunthu kwa HTTPS, kuchuluka kwa CPU pamakina akutsogolo a SSL sikudzawonjezeka ndi 1%, kukumbukira kukumbukira kwa kulumikizana kulikonse kudzakhala kochepera 20KB, ndipo kuchuluka kwa magalimoto pamaneti kudzawonjezeka ndi zosakwana 2% Popeza Gmail iyenera kugwiritsa ntchito maseva a N pogawira, ndiye kuti CPU load data ilibe tanthauzo lalikulu. Kugwiritsa ntchito kukumbukira komanso kuchuluka kwa kuchuluka kwa magalimoto pa intaneti pa intaneti iliyonse ndizofunika kwambiri. pamphindikati (kwa 1500-bit RSA) ), deta iyi ndi yophunzitsa kwambiri.

XNUMX. Ubwino wa HTTPS

Ndi chifukwa chakuti HTTPS ndi yotetezeka kwambiri kotero kuti owukira sangapeze malo oyambira.Kutengera momwe oyang'anira masamba amawonera, maubwino a HTTPS ndi awa:

1. SEO mbali

Google idasintha ma algorithm awo osaka mu Ogasiti 2014, ponena kuti "tsamba losungidwa ndi HTTPS likhala pamwamba pazotsatira zosaka kuposa tsamba lofanana la HTTP".

2. Chitetezo

Ngakhale HTTPS siili yotetezeka kwenikweni, mabungwe omwe amadziwa ziphaso za mizu ndi mabungwe omwe amadziwa ma algorithms achinsinsi amathanso kuchita ziwopsezo zapakatikati, koma HTTPS ikadali yankho lotetezeka kwambiri pamapangidwe apano, ndi zabwino izi:

(1) Gwiritsani ntchito protocol ya HTTPS kuti mutsimikizire ogwiritsa ntchito ndi ma seva kuti muwonetsetse kuti deta imatumizidwa kwa kasitomala ndi seva yoyenera;

(2) Protocol ya HTTPS ndi protocol ya netiweki yopangidwa ndi protocol ya SSL + HTTP yomwe imatha kutumizirana ma encrypted transmission and identification. kukhulupirika kwa data.

(3) HTTPS ndiye njira yotetezeka kwambiri pamapangidwe apano.

XNUMX. Kuipa kwa HTTPS

Ngakhale HTTPS ili ndi zabwino zambiri, imakhalabe ndi zofooka zina.Mwachindunji, pali mfundo ziwiri izi:

1. SEO mbali

Malingana ndi deta ya ACM CoNEXT, kugwiritsa ntchito HTTPS protocol kudzatalikitsa nthawi yotsegula masamba pafupifupi 50% ndikuwonjezera mphamvu yogwiritsira ntchito mphamvu ndi 10% mpaka 20%. Kuphatikiza apo, protocol ya HTTPS idzakhudzanso cache, kuonjezera deta pamwamba ndi mphamvu. kugwiritsa ntchito, komanso ngakhale Njira zotetezera zomwe zilipo zidzakhudzidwanso ndipo zidzakhudzidwa.

Kuphatikiza apo, kuchuluka kwa kubisa kwa protocol ya HTTPS ndikochepa, ndipo sikukhala ndi zotsatira zochepa pakuwukira kwa owononga, kukana ntchito, komanso kubera ma seva.

Chofunika koposa, dongosolo la ngongole la ziphaso za SSL sizotetezeka, makamaka pamene mayiko ena amatha kuwongolera chiphaso cha mizu ya CA, kuwukira kwapakati ndi kotheka.

2. Nkhani zachuma

(1) Zikalata za SSL zimafunikira ndalama. Chiphaso chikakhala champhamvu kwambiri, mtengo wake umakwera kwambiri. Mawebusayiti amunthu amatha kugwiritsa ntchito ziphaso zaulere za SSL.

(2) Zikalata za SSL nthawi zambiri zimafunikira kulumikizidwa ku IP, ndipo mayina amtundu wambiri sangathe kulumikizidwa ku IP yomweyo. IPv4 zothandizira sizingathandizire kugwiritsa ntchito izi (SSL ili ndi zowonjezera zomwe zitha kuthetsa vutoli pang'ono, koma ndizovuta ndipo zimafunikira osatsegula, Opaleshoni Thandizo ladongosolo, Windows XP siligwirizana ndi kutambasuka uku, kuganizira maziko anaika a XP, mbali imeneyi pafupifupi opanda ntchito).

(3) Kusungirako kugwirizana kwa HTTPS sikuli koyenera monga HTTP, ndipo mawebusaiti apamwamba sangagwiritse ntchito pokhapokha ngati kuli kofunikira, ndipo mtengo wa magalimoto ndi wokwera kwambiri.

(4) HTTPS yolumikizira seva-mbali yogwiritsira ntchito zida ndizokwera kwambiri, ndipo mawebusayiti omwe ali ndi alendo ochulukirapo amafunikira ndalama zambiri. pamwamba.

(5) Gawo logwirana chanza la protocol ya HTTPS ndi nthawi yambiri ndipo limakhala ndi zotsatira zoipa pa liwiro lofanana la webusaitiyi.Ngati sikofunikira, palibe chifukwa choperekera nsembe kwa wogwiritsa ntchito.

XNUMX. Kodi tsamba lawebusayiti likufunika kugwiritsa ntchito kabisidwe ka HTTPS?

Ngakhale Google ndi Baidu onse "amayang'ana HTTPS mosiyana", izi sizikutanthauza kuti oyang'anira masamba akuyenera kusintha webusayiti kukhala HTTPS!

Choyamba, tiyeni tikambirane za Google.Ngakhale Google imatsindikabe kuti "mawebusayiti omwe amagwiritsa ntchito ukadaulo wa HTTPS encryption amatha kupeza masanjidwe abwinoko", sizinganenedwe kuti uku ndi "cholakwika" chosuntha.

Ofufuza akunja anenapo poyankha nkhaniyi: chifukwa chomwe Google idachita izi (kusintha ma aligorivimu, kaya agwiritse ntchito ukadaulo wa HTTPS encryption ngati cholozera pamasanjidwe a injini zosakira) sikungakhale kupititsa patsogolo luso lakusaka kwa wogwiritsa ntchito komanso intaneti. Nkhani yachitetezo ndikungobweza "kutaya" pamwano wa "Prism Gate". Uku ndikuyenda mongodzifunira nokha pansi pa mbendera ya "sacrifice ego", kunyamula mbendera ya "Security Impact Ranking" ndikuyimba "HTTPS". kulikonse" ”, ndiyeno mopanda mphamvu kulola ambiri a webmasters kuti alowe nawo mumsasa wa protocol wa HTTPS.

Ngati tsamba lanu ndi laZamalonda/WechatKwa nsanja, ndalama, malo ochezera a pa Intaneti ndi magawo ena, ndibwino kugwiritsa ntchito protocol ya HTTPS; ngati ndi tsamba labulogu, tsamba lotsatsira, tsamba lazidziwitso, kapena tsamba lankhani, satifiketi yaulere ya SSL ingagwiritsidwe ntchito.

XNUMX. Kodi webmaster amamanga bwanji tsamba la HTTPS?

Pankhani yomanga mawebusayiti a HTTPS, tiyenera kutchula protocol ya SSL. SSL ndiye protocol yoyamba yachitetezo cha netiweki yotengedwa ndi Netscape. Ndi protocol yachitetezo yomwe imakhazikitsidwa pa Transmission Communication Protocol (TCP/IP), pogwiritsa ntchito ukadaulo wa public key , SSL imathandizira kwambiri mitundu yosiyanasiyana ya maukonde, pomwe ikupereka mautumiki atatu ofunikira achitetezo, onse amagwiritsa ntchito ukadaulo wachinsinsi wapagulu.

Pankhani yomanga mawebusayiti a HTTPS, tiyenera kutchula protocol ya SSL. SSL ndiye protocol yoyamba yachitetezo cha netiweki yotengedwa ndi Netscape. Ndi protocol yachitetezo yomwe imakhazikitsidwa pa Transmission Communication Protocol (TCP/IP), pogwiritsa ntchito ukadaulo wa public key , SSL imathandizira kwambiri mitundu yosiyanasiyana ya maukonde, pomwe ikupereka mautumiki atatu ofunikira achitetezo, onse amagwiritsa ntchito ukadaulo wachinsinsi wapagulu.

1. Udindo wa SSL

(1) Tsimikizirani ogwiritsa ntchito ndi ma seva kuti muwonetsetse kuti deta imatumizidwa kwa kasitomala ndi seva yoyenera;

(2) Sungani deta kuti muteteze deta kuti isabedwe pakati;

(3) Sungani kukhulupirika kwa deta ndikuwonetsetsa kuti deta siisinthidwa panthawi yotumizira.

Satifiketi ya SSL imayimira fayilo ya digito yomwe imatsimikizira zidziwitso za onse awiri mukulankhulana kwa SSL. Nthawi zambiri imagawidwa kukhala satifiketi ya seva ndi satifiketi ya kasitomala. Satifiketi ya SSL yomwe timanena imanena za satifiketi ya seva. Satifiketi ya SSL ndi zoperekedwa ndi wodalirika wodalirika wa satifiketi ya digito CA. (monga VeriSign, GlobalSign, WoSign, ndi zina zotero), zoperekedwa pambuyo potsimikizira seva, ndi kutsimikizika kwa seva ndi ntchito zotumizira deta, zogawidwa mu Satifiketi Yowonjezera (EV) SSL, Chitsimikizo cha Gulu (OV) SSL satifiketi, ndi satifiketi yotsimikizira dzina la domain (DV) SSL.

2. 3 njira zazikulu zofunsira satifiketi ya SSL

Pali njira zitatu zazikulu zofunsira satifiketi ya SSL:

(1), pangani fayilo ya CSR

Zomwe zimatchedwa CSR ndi fayilo yopempha ya Certificate Secure Request satifiketi yopangidwa ndi wopemphayo. Panthawi yopanga, makinawo apanga makiyi awiri, imodzi ndi kiyi yapagulu, yomwe ndi fayilo ya CSR, ndipo ina ndi kiyi yachinsinsi, zomwe zimasungidwa pa seva.

Kuti mupange mafayilo a CSR, ofunsira angagwiritse ntchito zikalata za WEB SERVER, general APACHE, ndi zina zotero, gwiritsani ntchito mzere wa malamulo wa OPENSSL kuti mupange mafayilo a KEY + CSR2, Tomcat, JBoss, Resin, etc. gwiritsani ntchito KEYTOOL kupanga mafayilo a JKS ndi CSR, IIS imapanga. pempho loyembekezera ndi fayilo ya CSR.

(2), chiphaso cha CA

Tumizani CSR ku CA, ndipo CA nthawi zambiri imakhala ndi njira ziwiri zotsimikizira:

① Kutsimikizika kwa dzina la domain: Nthawi zambiri, bokosi la makalata la woyang'anira limakhala lovomerezeka. Njira iyi ndi yachangu, koma satifiketi yotulutsidwa ilibe dzina la kampani.

② Chitsimikizo cha zolemba zamabizinesi: Chiphaso chabizinesi chabizinesi chiyenera kuperekedwa, chomwe nthawi zambiri chimatenga masiku 3-5 ogwira ntchito.

Palinso ziphaso zomwe zimayenera kutsimikizira njira ziwiri zomwe zili pamwambazi nthawi imodzi, zomwe zimatchedwa satifiketi ya EV. Satifiketi iyi imatha kupanga adilesi ya asakatuli pamwamba pa IE2 kukhala yobiriwira, kotero kutsimikizika kulinso kolimba kwambiri.

(3), kukhazikitsa satifiketi

Mukalandira satifiketi kuchokera ku CA, mutha kuyika satifiketi pa seva. Nthawi zambiri, fayilo ya APACHE imakopera mwachindunji KEY+CER ku fayilo, kenako ndikusintha fayilo ya HTTPD.CONF; TOMCAT, ndi zina zambiri, muyenera kuitanitsa satifiketiyo kuchokera kunja. Fayilo ya CER yoperekedwa ndi CA mufayilo ya JKS. , ikopereni ku seva, kenako ndikusintha SERVER.XML; IIS ikuyenera kukonza pempho lomwe likuyembekezera ndikulowetsa fayilo ya CER.

XNUMX. Upangiri wa satifiketi ya SSL yaulere

Kugwiritsa ntchito satifiketi ya SSL sikungotsimikizira chitetezo cha chidziwitso, komanso kumathandizira kudalira kwa wogwiritsa ntchito patsamba, koma potengeraMangani malo okwereraPoganizira za mtengo wake, akatswiri ambiri a pawebusaiti amakhumudwitsidwa nazo.Kwaulere pa intaneti nthawi zonse ndi msika womwe sudzachoka.Pali malo osungira aulere, ndipo mwachilengedwe pali ziphaso zaulere za SSL.M'mbuyomu, zidanenedwa kuti Mozilla, Cisco , Akamai , IdenTrust, EFF, ndi ofufuza a ku yunivesite ya Michigan adzayambitsa pulojekiti ya Let's Encrypt CA, yomwe ikukonzekera kupereka ziphaso zaulere za SSL ndi mautumiki oyendetsera satifiketi pamasamba kuyambira m'chilimwe (chidziwitso: ngati mukufuna ziphaso zapamwamba komanso zovuta, muyenera kulipira), ndipo nthawi yomweyo , imachepetsanso zovuta za unsembe wa satifiketi, nthawi yoyika ndi masekondi 20-30 okha.

Nthawi zambiri amakhala mawebusayiti akulu komanso apakatikati omwe amafunikira ziphaso zovuta, ndipo masamba ang'onoang'ono monga mabulogu anu amatha kuyesa ziphaso zaulere za SSL poyamba.

M'munsimu muliChen WeiliangBlogyo ikukudziwitsani za satifiketi zingapo zaulere za SSL, monga: CloudFlare SSL, NameCheap, ndi zina.

1. CloudFlare SSL

CloudFlare ndi tsamba la webusayiti ku United States lomwe limapereka ntchito za CDN.Ili ndi ma seva ake a CDN padziko lonse lapansi.Makampani akuluakulu kapena mawebusayiti ambiri kunyumba ndi kunja akugwiritsa ntchito ma CDN a CloudFlare.Zowona,zomwe zimagwiritsidwa ntchito kwambiri ndi akatswiri apa intaneti apanyumba ndi CloudFlare's CDN yaulere ya CloudFlare.Ilinso yabwino kwambiri.Satifiketi yaulere ya SSL yoperekedwa ndi CloudFlare ndi UniversalSSL, kutanthauza, SSL yapadziko lonse.Ogwiritsa atha kugwiritsa ntchito satifiketi ya SSL popanda kufunsira ndi kukonza satifiketi kuchokera kwa oyang'anira satifiketi. CloudFlare imapereka encryption ya SSL ku onse ogwiritsa ntchito (kuphatikiza ogwiritsa ntchito aulere), mawonekedwe apaintaneti Chikalatacho chimakhazikitsidwa mkati mwa mphindi 5, ndipo kutumizidwa kokha kumamalizidwa mkati mwa maola 24, kupereka TLS encryption service yozikidwa pa Elliptic Curve Digital Signature Algorithm (ECDSA) pazambiri zamasamba.

2. NameCheap

NameCheap ndi gulu lotsogola lovomerezeka la ICANN lolembetsa dzina lawebusayiti ndi kampani yochitira webusayiti, yomwe idakhazikitsidwa mu 2000, kampaniyo imapereka malingaliro aulere a DNS, kutumiza ma URL (amatha kubisa ulalo woyambirira, kuthandizira 301 redirection) ndi mautumiki ena, kuwonjezera apo, NameCheap imaperekanso Zaka za satifiketi ya SSL yaulere.

3. Tiyeni Tibiseni

Let's Encrypt ndi pulojekiti yotchuka yopereka satifiketi ya SSL yaulere posachedwa. Let's Encrypt ndi pulojekiti yaulere komanso yaulere yothandiza anthu onse yoperekedwa ndi ISRG, yomwe imangotulutsa ziphaso, koma satifiketiyo imakhala yovomerezeka kwa masiku 90 okha.Ndizoyenera kugwiritsidwa ntchito payekha kapena kwakanthawi, ndipo siziyeneranso kupirira kuti satifiketi yodzisainirayo siidaliridwa ndi osatsegula.

Pamenepo,Chen WeiliangBlogyi ikukonzekeranso kugwiritsa ntchito Let's Encrypt posachedwa ^_^

Tiyeni Tilembetse maphunziro aulere a satifiketi ya SSL, chonde onani nkhaniyi kuti mumve zambiri:"Momwe mungalembetsere Let's Encrypt"