Ndeupi musiyano pakati pe http vs https? Tsananguro yakadzama yeSSL encryption process

Nekukurumidza kukura kweInternet, vamwe vanhu vanoita zvavanodaWechat marketing,Public account promotion, asi anonyunyuta网络 营销haishande, chaizvomidhiya mitsvaNzira yakanakisa yekuti vanhu vaite Internet marketing iri kuburikidza nekutsvaga injinidrainagehuwandu.

Nokudaro, injini dzekutsvaga ndiyo inonyanya kufarirwa mazuva anoWeb Promotionimwe yenzira.

Uyezve, injini dzekutsvaga Google neBaidu vakataura pachena kuti https inosanganisirwa muinjini yekutsvaga.

kunyanyaE-commerceKune mawebhusaiti, zvinokurudzirwa kushandisa iyo https encryption protocol, iyo isingangobatsiri kuvandudza masosi, asiwo inobatsira vashandisi kuona webhusaiti zvakachengeteka.

Hypertext Transfer Protocol HTTP protocol inoshandiswa kuendesa ruzivo pakati pewebhu bhurawuza newebhu server.HTTP protocol inotumira zvirimo mumavara akajeka uye haipe chero nzira ye encryption yedata. protocol haina kukodzera kuendesa rumwe ruzivo rwakadzama, senge nhamba yekadhi rechikwereti, password uye rumwe ruzivo rwekubhadhara.

Kuti ugadzirise chikanganiso ichi cheHTTP protocol, imwe protocol inoda kushandiswa: iyo yakachengeteka socket layer hypertext transfer protocol HTTPS Kuti chengetedzo yekufambiswa kwedata, HTTPS inowedzera SSL protocol kuHTTP, uye SSL inovimba nezvitupa kuratidza server. , uye encrypt kutaurirana pakati pebrowser neserver.

XNUMX. Basic concepts yeHTTP neHTTPS

HTTP: Ndiyo inonyanya kushandiswa netiweki protocol paInternet.I client-side and server-side request and response standard (TCP).Inoshandiswa kufambisa hypertext kubva paWWW server kuenda kubrowser yenzvimbo.Sevha iri inoshanda zvakanyanya, zvichikonzera kushoma kwetiweki kutamiswa.

HTTPS: Yakachengeteka HTTP chiteshi Muchidimbu, yakachengeteka vhezheni yeHTTP, kureva, kuwedzera SSL layer kuHTTP.Nheyo yekuchengetedza yeHTTPS iSSL, saka iyo yakadzama yemukati mekunyorera inoda SSL.

Iwo makuru mabasa eHTTPS protocol anogona kukamurwa kuita mhando mbiri: imwe ndeyekumisikidza chiteshi chekuchengetedza ruzivo kuve nechokwadi chekuchengetedzwa kwekufambiswa kwedata; imwe ndeyekusimbisa huchokwadi hwewebhusaiti.

XNUMX. Ndeupi musiyano uripo pakati peHTTP neHTTPS?

Iyo data inofambiswa neHTTP protocol haina kuvharidzirwa, kureva kuti, mune plaintext. Naizvozvo, hazvina kuchengeteka zvakanyanya kushandisa HTTP protocol kutumira ruzivo rwepachivande.Kuitira kuona kuti aya akavanzika data anogona kuvharirwa uye kufambiswa, Netscape yakagadzira iyo SSL. (Secure Sockets Layer) protocol yeHTTPS yakazvarwa kuti inyore iyo data inofambiswa neHTTP protocol.

Zvichitaurwa zviri nyore, iyo HTTPS protocol itiweki protocol yakagadzirwa neSSL + HTTP protocol iyo inogona kuita encrypted kutapurirana uye chitupa chechokwadi, uye yakachengeteka kupfuura iyo http protocol.

Misiyano mikuru pakati peHTTPS neHTTP ndeiyi:

• 1. Iyo https protocol inoda kuenda kuca kunonyorera chitupa. Kazhinji, kune mashoma emahara zvitupa, saka imwe muripo inodiwa.
• 2. http is a hypertext transfer protocol, mashoko anofambiswa mumagwaro akajeka, uye https ndeye yakachengeteka ssl encrypted transfer protocol.
• 3. http ne https shandisa nzira dzekubatanidza dzakasiyana zvachose uye zviteshi zvakasiyana. Yekutanga ndeye 80 uye yekupedzisira ndeye 443.
• 4

XNUMX. Tsananguro yakadzama yeHTTPS uye SSL encryption process

Isu tese tinoziva kuti HTTPS inogona encrypt ruzivo kudzivirira ruzivo rwakadzama kuti risawanikwe nevechitatu mapato, saka mazhinji mawebhusaiti emabhangi kana mae-mail uye mamwe masevhisi ane mazinga ekuchengetedza akanyanya achashandisa HTTPS protocol.

1. Mutengi anotanga chikumbiro cheHTTPS

Ichi hachisi chinhu chekutaura, ndiko kuti, mushandisi anopinda https URL mubrowser, obva abatanidza kune 443 chiteshi cheseva.

2. Server configuration

Sevha inoshandisa HTTPS protocol inofanirwa kunge iine seti yezvitupa zvedhijitari, izvo zvinogona kuitwa iwe pachako kana kuiswa kusangano.Musiyano ndewekuti chitupa chakapihwa wega chinoda kuongororwa nemutengi chisati chaenderera mberi nekuchiwana, ukuwo. chitupa chakashandiswa nekambani yakavimbika hachidaro. Peji yekukurumidza ichabuda.

Seti yezvitupa iyi makiyi eruzhinji nekiyi yakavanzika. Kana usinganzwisise kiyi yeruzhinji nekiyi yakavanzika, unogona kufungidzira sekiyi nekiyi, asi iwe ndiwe wega munhu pasi pano ane kiyi iyi.Unokwanisa kukiya kiya.Mutungamirire kune vamwe, vamwe vanogona kushandisa kiya ichi kukiya zvinhu zvakakosha, vobva vatumira kwauri, nekuti ndiwe wega une kiyi iyi, saka ndiwe wega unoona zvinhu zvakakiiwa nekiyi iyi.

3. Tumira chitupa

Ichi chitupa ndicho kiyi yeruzhinji, asi ine ruzivo rwakawanda, senge chiremera chechitupa, nguva yekupera, zvichingodaro.

4. Client parsing certificate

Ichi chikamu chebasa chinoitwa neTLS yemutengi.Chokutanga, ichaona kana kiyi yeruzhinji iriko, semvumo yekuburitsa, nguva yekupera, zvichingodaro. Kana kusarudzika kukawanikwa, bhokisi renyevero richabuda, richiratidza kuti pane dambudziko nechitupa.

Kana pasina dambudziko nechitupa, wobva wagadzira kukosha kwakasarudzika, wobva wanyora kukosha kwakasarudzika nechitupa, sezvataurwa pamusoro, kiya kukosha kwakasarudzika nekiyi, kuitira kuti kunze kwekunge paine kiyi, haugone kuona yakakiiwa. kukosha zvemukati.

5. Kufambiswa kwemashoko akavharidzirwa

Chikamu ichi chinotumira kukosha kwakavharidzirwa nechitupa. Chinangwa ndechekurega sevha ichiwana kukosha kusina kurongeka, uyezve kutaurirana pakati pemutengi nesevha kunogona kuvharidzirwa nekudzikiswa kuburikidza neukoshi husina kurongeka uhu.

6. Segment segment decryption information

Mushure mekunge sevha yadzima nekiyi yakavanzika, inowana kukosha (private key) inotumirwa nemutengi, uye yobva yavharira zvirimo musymmetrically kuburikidza nekukosha. Nenzira iyi, kunze kwekunge kiyi yakavanzika ichizivikanwa, zvirimo hazvigone kuwanikwa, uye vese mutengi uye sevha vanoziva kiyi yakavanzika, chero bedzi iyo encryption algorithm yakasimba zvakakwana uye kiyi yakavanzika yakaoma zvakakwana, iyo data yakachengeteka zvakakwana.

7. Kufambiswa kwemashoko akavharidzirwa

Ichi chikamu cheruzivo irwo ruzivo rwakavharidzirwa nekiyi yakavanzika yechikamu chebasa uye inogona kudzoserwa kudivi remutengi.

8. Client decryption ruzivo

Mutengi anodzima ruzivo rwakatumirwa kubva muchikamu chesevhisi nekiyi yakavanzika yakambogadzirwa, uye nekudaro anowana izvo zvakadzikiswa.Kunyangwe kana wechitatu akaongorora data panguva yese iyi, hazvibatsiri.

Chechina, maitiro einjini dzekutsvaga kuHTTPS

Baidu yakatanga sevhisi yakazara-saiti yeHTTPS yakavharidzirwa sevhisi yekugadzirisa "bato rechitatu" kufemba nekubira kuvanzika kwevashandisi. Sezvineiwo, kutanga kwaChivabvu 2010, Google yakatanga kugovera sevhisi yakavharidzirwa yeHTTPS, inofamba-famba mapeji ewebhu eHTTPS. nyaya, Baidu akataura muchiziviso munaGunyana 5 kuti "Baidu haizoshingairira kukambaira mapeji ewebhu eHTTPS", nepo Google yakataura mualgorithm yekuvandudza kuti "pasi pemamiriro akafanana, masayiti anoshandisa HTTPS encryption tekinoroji achave nekutsvaga kurinani. Advantage".

Saka, munzvimbo iyi yakakura, mawebhusaiti anofanira kutora "njodzi" HTTPS protocol? HTTPS yekutsvaga injiniSEOZvakadini nemigumisiro yacho?

1. Mafungiro eGoogle

Maonero eGoogle pamusoro pekuiswa kweHTTPS saiti haana kusiyana neaya eHTTPS, uye anototora "kana kushandisa yakachengeteka encryption" (HTTPS) sechinhu chinotaridzirwa mune yekutsvaga ranking algorithm.Mawebhusaiti anoshandisa HTTPS encryption tekinoroji anogona kuwana mhedzisiro iri nani. Kune mimwe mikana yekuratidzira, uye chinzvimbo chiri zvakare chinobatsira kupfuura HTTP masaiti emasaiti akafanana.

Uye Google yakaratidza pachena kuti "inotarisira kuti vese webmasters vachakwanisa kushandisa HTTPS protocol panzvimbo yeHTTP", iyo inoratidza kutsunga kwayo kuzadzisa chinangwa che "HTTPS kwese".

2. Mafungiro aBaidu

Kare, tekinoroji yeBaidu yaive kumashure, ichiti "haizokambaira mapeji ehttps", asi zvakare "yainetsekana" nezve "mapeji mazhinji ehttps haagone kuverengerwa." Kusvikira Gunyana 2014, 9, Baidu akapa hurukuro "Mavakirwo emasaiti ehttps." Chinyorwa chakaburitswa nezvenyaya ye "Shamwari kuBaidu", ichipa mazano mana uye zviito zvakanangana "kuvandudza hushamwari hweBaidu hwemasaiti ehttps":

1. Ita kuti http ive neshanduro dzemapeji e https dzinoda kunyoreswa neBaidu yekutsvaga injini.

2. Tonga mushanyi kuburikidza nemumiririri wemushandisi, uye isa BaiIyo duspider yakanangidzirwa ku http peji. Kana vashandisi vakangoshanyira peji kuburikidza neBaidu yekutsvaga injini, vanozoendeswa kune inoenderana https peji kuburikidza ne301.Sezvinoratidzwa pamufananidzo, mufananidzo uri pamusoro ndiyo http vhezheni inosanganisirwa muBaidu, uye mufananidzo wepazasi iHTTPS vhezheni iyo vashandisi vanozosvetukira kwairi mushure mekudzvanya.

3. http vhezheni haingoitirwe peji remba chete, mamwe mapeji akakosha anodawo kugadzirwa ne http vhezheni uye akabatanidzwa kune mumwe nemumwe.. Usaita izvi: link iri pahomepage http peji ichiri kubatanidzwa kune https peji. , izvo zvinoita kuti Baiduspider itadze kuenderera mberi ichikambaira—— Tasangana nemamiriro ezvinhu akadai zvekuti tinokwanisa chete kusanganisira peji remba resaiti yese.

4. Chikamu chemukati chisingadi kuvharirwa, senge ruzivo, chinogona kutakurwa nerechipiri-level domain zita.semuyenzanisoAlipaySaiti, iyo yakakosha encrypted yemukati inoiswa pa https, izvo zvinogona kubatwa zvakananga neBaiduspider zvinoiswa pane yechipiri-level domain zita.

Zvinoenderana nebvunzo yeComputer Science House mune iyi link iri pazasi, zvinotora zana negumi nemazana mana emamiriseconds kumisikidza kubatana neHTTP; zvinotora mazana mana nemakumi matatu nematanhatu milliseconds kumisikidza kubatana neHTTPS, uye 114 milliseconds yechikamu che ssl, kusanganisira kunonoka kwetiweki uye pamusoro. ye encryption uye decryption ye ssl pachayo (sevha zvinoenderana neruzivo rwemutengi Sarudza kana kiyi nyowani inoda kugadzirwa; sevha inopindura kune kiyi kiyi uye inodzosera meseji yakasimbiswa nekiyi kiyi kumutengi; sevha inokumbira mutengi siginecha yedhijitari uye kiyi yeruzhinji).

XNUMX. Ko HTTPS inoshandisa yakawanda sei kupfuura HTTP?

HTTPS ichokwadi HTTP protocol yakavakirwa pamusoro peSSL/TLS Naizvozvo, kuenzanisa kuti yakawanda sei sevha zviwanikwa zvinoshandiswa neHTTPS pane HTTP,Chen WeiliangIni ndinofunga zvinonyanya kuenderana nekuti yakawanda sei server zviwanikwa zvinodyiwa neSSL/TLS pachayo.

HTTP inoshandisa TCP-nzira nhatu kubata ruoko kuti ugadzire kubatana, uye mutengi uye sevha inoda kuchinjanisa 3 mapaketi;

Pamusoro pemapaketi matatu eTCP, HTTPS inodawo kuwedzera mapaketi mapfumbamwe anodiwa kune ssl ruoko, saka kune gumi nemaviri mapaketi.

Mushure meiyo SSL yekubatanidza yatangwa, inotevera encryption nzira inova symmetric encryption nzira senge 3DES, ine yakareruka CPU mutoro.Kuenzaniswa neyeasymmetric encryption nzira kana SSL yekubatanidza yatangwa, mutoro weiyo symmetric encryption nzira paCPU. inogona kusatariswa. , saka dambudziko ririkuuya.Kana iwe ukavaka patsva ssl sesheni kazhinji, kukanganisa pakuita kweserver kuchauraya.Kunyangwe kuvhura HTTPS chengeta-ichirikugona kurerutsa dambudziko rekuita kwekubatana kumwe chete, haina kukodzera mawebhusaiti makuru ane nhamba huru yevashandisi vari panguva imwe chete. , yakazvimirira SSL termination proxy based on load sharing yakakosha.Webhu web service inoiswa mushure meSSL termination proxy.SSL termination proxy inogona kuva hardware-based, seF5; kana kuti inogona kuvakirwa pairi软件Hongu, semuenzaniso, Wikipedia inoshandisa Nginx.

Mushure mekutora HTTPS, yakawanda sei sevha zviwanikwa zvichashandiswa, Ndira 2010GmailKuchinjira kukushandisa kwakazara kweHTTPS, iyo CPU mutoro wekumberi-yekupedzisira kugadzirisa SSL muchina hauzowedze neinopfuura 1%, ndangariro yekushandisa kwega yega yekubatanidza ichave isingasviki 20KB, uye network traffic inowedzera neisingasviki 2% Sezvo Gmail ichifanira kushandisa masevha eN pakugovera, saka Iyo CPU load data haina zvakawanda zvinorehwa.Kushandiswa kwendangariro uye netiweki data yetraffic yekubatana kwega kwega zvine kukosha kwereferensi.Chinyorwa chino chinodonongodzawo kuti core rimwechete rinobata kubata maoko kanosvika 1500. pasekondi (ye1024-bit RSA) ), iyi data inodzidzisa zvakanyanya.

XNUMX. Zvakanakira HTTPS

Imhaka yekuti HTTPS yakachengeteka zvakanyanya zvekuti vanorwisa havakwanise kuwana pekutangira. Kubva pamaonero evatariri vewebhu, zvakanakira HTTPS ndezvizvi:

1. SEO zvinhu

Google yakagadzirisa injini yekutsvaga algorithm muna Nyamavhuvhu 2014, ichiti "saiti yakavharidzirwa neHTTPS ichakwirisa mumibairo yekutsvaga pane yakafanana neHTTP saiti".

2. Chengetedzo

Kunyangwe HTTPS isina kuchengetedzeka zvachose, masangano anoziva zvitupa zvemidzi uye masangano ane hunyanzvi encryption algorithms anogona zvakare kuita man-in-the-pakati kurwisa, asi HTTPS ichiri mhinduro yakachengeteka pasi pechivakwa chazvino, ine zvinotevera zvakanakira:

(1) Shandisa HTTPS protocol kutendesa vashandisi nemaseva kuona kuti data ratumirwa kune chaiyo mutengi uye server;

(2) Iyo HTTPS protocol inetiweki protocol yakagadzirwa neSSL+HTTP protocol iyo inokwanisa kuita encrypted transmission uye identity authentication.Yakachengeteka kupfuura http protocol, iyo inogona kudzivirira data kubiwa nekushandurwa panguva yekufambisa uye kuona kuvimbika kwe data.

(3) HTTPS ndiyo mhinduro yakachengeteka pasi pechivakwa chazvino.Kunyangwe isina kuchengetedzeka zvachose, inowedzera zvakanyanya mutengo weman-in-the-pakati kurwisa.

XNUMX. Zvakaipa zveHTTPS

Kunyangwe zvazvo HTTPS ine mabhenefiti makuru, ichine zvimwe zvinokanganisa.Kunyanya, kune anotevera mapoinzi maviri:

1. SEO zvinhu

Maererano ne ACM CoNEXT data, kushandisa HTTPS protocol kuchawedzera nguva yekurodha peji neinenge 50% uye kuwedzera simba rekushandisa ne10% kusvika 20%. Pamusoro pezvo, HTTPS protocol ichakanganisawo cache, kuwedzera data pamusoro uye simba rekushandisa. , uye kunyangwe aripo ekuchengetedza Matanho achakanganiswawo uye achakanganiswa saizvozvo.

Zvakare, iyo encryption chiyero cheHTTPS protocol ishoma, uye haitombo tamba chero chikamu mukurwiswa kwehacker, kuramba kurwiswa kwesevhisi, uye kubiwa kweseva.

Kunyanya kukosha, iyo kiredhiti ketani system yeSSL zvitupa haina kuchengetedzeka, kunyanya kana dzimwe nyika dzichigona kudzora CA mudzi chitupa, man-in-the-pakati kurwisa kunogoneka.

2. Mamiriro ehupfumi

(1) Zvitupa zveSSL zvinoda mari.Kuwedzera simba kwechitupa, kunowedzera mutengo.Mawebhusaiti ega ega anogona kushandisa zvitupa zveSSL zvemahara.

(2) SSL zvitupa zvinowanzoda kusungirirwa kuIP, uye mazita emazita akawanda haakwanisi kusungirirwa kune imwechete IP IPv4 zviwanikwa hazvigone kutsigira kushandiswa uku (SSL ine maextensions anogona kugadzirisa dambudziko iri zvishoma, asi inonetsa uye inoda mabhurawuza, Kushanda Sistimu Tsigiro, Windows XP haitsigire iyi yekuwedzera, tichitarisa iyo yakaiswa base yeXP, iyi ficha inenge isina basa).

(3) HTTPS yekubatanidza caching haina kunyatsoita seHTTP, uye mawebhusaiti akakwira-traffic haazoshandise kunze kwekunge zvichidikanwa, uye mutengo wemotokari wakanyanya.

(4) HTTPS yekubatanidza server-side resource kushandiswa kwakakwira zvakanyanya, uye kutsigira mawebhusaiti ane vashanyi vashoma kunoda mutengo wakakurisa.Kana HTTPS yese ikashandiswa, avhareji mutengo weVPS unoenderana nekufungidzira kuti mazhinji emakomputa zviwanikwa hazvina basa. achakwira.

(5) Chikamu chekubata maoko cheHTTPS protocol chinopedza nguva uye chine kukanganisa kunoenderana nekumhanya kwewebhusaiti.Kana zvisiri izvo, hapana chikonzero chekusiya ruzivo rwemushandisi.

XNUMX. Nzvimbo yewebhusaiti inoda kuvharirwa neHTTPS here?

Kunyangwe Google neBaidu vese "vachitarisa HTTPS zvakasiyana", izvi hazvireve kuti webmasters vanofanirwa kushandura iyo webhusaiti protocol kuHTTPS!

Chekutanga ngatitaure nezveGoogle.Kunyangwe Google ichiramba ichisimbisa kuti "mawebhusaiti anoshandisa HTTPS encryption tekinoroji anogona kuwana zvirinani," hazvigone kutongerwa kunze kuti iyi "ulterior motive" kufamba.

Vaongorori vekune dzimwe nyika vakati vachipindura nyaya iyi: chikonzero chakaita kuti Google iite danho iri (gadziridza algorithm, ingave kushandisa HTTPS encryption tekinoroji sechinhu chinonongedza chekutsvaga injini kusanja) inogona kunge isiri yekuvandudza ruzivo rwemushandisi yekutsvaga neInternet. Chengetedzo nyaya ndeyekungodzora "kurasika" mu "Prism Gate". Uku ndiko kuita kwekuda kuzvifarira pasi pemureza we "sacrifice the ego", wakasimudza banner re "Security Impact Ranking" uye kuimba "HTTPS. kwese kupi" slogan, wobva waregedza ruzhinji rwevatenzi vewebhu vachida kupinda muHTTPS protocol camp.

Kana webhusaiti yako iri yeE-commerce/WechatKune mapuratifomu, mari, social network uye mamwe minda, zviri nani kushandisa HTTPS protocol; kana iri blog saiti, saiti yekushambadzira, yakasarudzika saiti yeruzivo, kana saiti yenhau, chitupa cheSSL chemahara chinogona kushandiswa.

XNUMX. Ko webmaster anovaka sei nzvimbo yeHTTPS?

Kana tasvika pakuvakwa kwemasaiti eHTTPS, tinofanirwa kutaura nezveSSL protocol. SSL ndiyo yekutanga network security protocol yakatorwa neNetscape. Iprotocol yezvekuchengetedza yakaitwa paTransmission Communication Protocol (TCP/IP), pachishandiswa public key technology. , SSL inotsigira zvakanyanya marudzi akasiyana etiweki, nepo ichipa matatu ekutanga masevhisi ekuchengetedza, ese anoshandisa yeruzhinji kiyi tekinoroji.

Kana tasvika pakuvakwa kwemasaiti eHTTPS, tinofanirwa kutaura nezveSSL protocol. SSL ndiyo yekutanga network security protocol yakatorwa neNetscape. Iprotocol yezvekuchengetedza yakaitwa paTransmission Communication Protocol (TCP/IP), pachishandiswa public key technology. , SSL inotsigira zvakanyanya marudzi akasiyana etiweki, nepo ichipa matatu ekutanga masevhisi ekuchengetedza, ese anoshandisa yeruzhinji kiyi tekinoroji.

1. Basa reSSL

(1) Simbisa vashandisi uye maseva kuti ive nechokwadi chekuti data rinotumirwa kune chaiyo mutengi uye sevha;

(2) Encrypt data kudzivirira data kubva kubiwa pakati;

(3) Chengetedza kutendeseka kweiyo data uye ona kuti iyo data haina kuchinjwa panguva yekufambisa.

Chitupa cheSSL chinoreva faira redhijitari rinoratidza kuzivikanwa kwemapato ese ari muSSL kutaurirana. Rinowanzo kupatsanurwa kuita setifiketi yeserver uye chitupa chevatengi. Chitupa cheSSL chatinowanzo taura chinongoreva chitupa cheserver. Chitupa cheSSL ndicho yakapihwa nedare retifiketi redhijitari rakavimbika CA. (zvakadai seVeriSign, GlobalSign, WoSign, zvichingodaro), rakapihwa mushure mekuona kuzivikanwa kwesevha, ine humbowo hwesevha uye mabasa ekutumira data encryption, yakakamurwa kuita Yakawedzerwa Kusimbisa (EV) SSL chitupa, Kusimbiswa kweSangano (OV) SSL chitupa, uye zita rezita rekusimbisa Type (DV) SSL chitupa.

2. Matanho matatu makuru ekunyorera chitupa cheSSL

Pane matanho matatu makuru ekunyorera chitupa cheSSL:

(1), ita CSR faira

Iyo inonzi CSR ndiyo Certificate Chengetedzwa Chikumbiro chetifiketi faira rekukumbira rinogadzirwa nemunyoreri.Panguva yekugadzira, sisitimu inoburitsa makiyi maviri, imwe kiyi yeruzhinji, inova CSR faira, uye imwe yacho kiyi yakavanzika, iyo inochengetwa pane server.

Kugadzira mafaira eCSR, vanyoreri vanogona kureva WEB SERVER zvinyorwa, general APACHE, nezvimwewo, shandisa OPENSSL command line kugadzira KEY+CSR2 mafaera, Tomcat, JBoss, Resin, etc. shandisa KEYTOOL kugadzira JKS neCSR mafaera, IIS inogadzira. zvikumbiro zvakamirira uye CSR faira.

(2), CA certification

Tumira iyo CSR kuCA, uye iyo CA kazhinji ine nzira mbiri dzechokwadi:

① Huchokwadi hwezita rezita: Kazhinji, bhokisi retsamba remutungamiriri rinotenderwa. Nzira iyi inokurumidza, asi chitupa chakapihwa hachina zita rekambani.

②、Enterprise gwaro retifiketi: Rezinesi rebhizinesi rebhizinesi rinoda kupihwa, iro rinowanzotora 3-5 mazuva ekushanda.

Kune zvakare zvitupa zvinoda kuratidza nzira mbiri dziri pamusoro panguva imwe chete, dzinodaidzwa kuti chitupa cheEV.Chitupa ichi chinogona kuita kuti kero yebrowser iri pamusoro peIE2 iite green, saka iyo yechokwadi ndiyo zvakare yakasimba.

(3), kuiswa kwechitupa

Mushure mekugamuchira chitupa kubva kuCA, unogona kuendesa chitupa paserver. Kazhinji, iyo APACHE faira inokopa zvakananga KEY+CER kufaira, uye yogadzirisa iyo HTTPD.CONF faira; TOMCAT, nezvimwewo, inoda kupinza chitupa CER. faira rakapihwa neCA mufaira reJKS. , rikope kuseva, uye wozogadzirisa SERVER.XML; IIS inoda kugadzirisa chikumbiro chakamirira uye kupinza faira reCER.

XNUMX. Yemahara SSL chitupa kurudziro

Kushandisa chitupa cheSSL hakugone chete kuvimbisa kuchengetedzwa kweruzivo, asi zvakare kunatsiridza kuvimba kwemushandisi pawebhusaiti, asi tichifunga nezvekuvaka webhusaitiTichifunga nezve mutengo, vazhinji vewebhusaiti vanoodzwa mwoyo nazvo. Yemahara paInternet inogara iri musika isingazobuda kunze kwechimiro.Kune nzvimbo dzemahara dzekutambira, uye zvakasikwa kune zvemahara SSL zvitupa. Pakutanga, zvakashumwa kuti Mozilla, Cisco , Akamai , IdenTrust, EFF, uye vaongorori paYunivhesiti yeMichigan vachatanga iyo Let's Encrypt CA project, iyo inoronga kupa emahara SSL zvitupa uye zvitupa manejimendi masevhisi emawebhusaiti kutanga zhizha rino (chinyorwa: kana iwe uchida zvimwe zvepamberi zvitupa zvakaoma, iwe uchada kubhadhara), uye panguva imwe chete , uye zvakare inoderedza kuoma kwekuisa zvitupa, izvo zvinotora masekonzi 20-30 chete.

Anowanzo hombe uye epakati saizi mawebhusaiti anoda zvitupa zvakaomarara, uye mawebhusaiti madiki senge ega mablog anogona kuedza emahara SSL zvitupa kutanga.

Pazasi apaChen WeiliangIyo blog ichakuzivisa iwe kune akati wandei emahara SSL zvitupa, senge: CloudFlare SSL, NameCheap, nezvimwe.

1. CloudFlare SSL

CloudFlare iwebhusaiti iri kuUnited States inopa masevhisi eCDN.Ine CDN server node dzayo pasi rose.Makambani makuru mazhinji kana mawebhusaiti epamba nekunze arikushandisa CloudFlare's CDN services.Chokwadi,inonyanya kushandiswa nevedzimba webmasters. ndeye CloudFlare's CDN yemahara, mhanyisa Izvo zvakare zvakanaka kwazvo.Chitupa cheSSL chemahara chakapihwa neCloudFlare ndeyeUniversalSSL, kureva, SSL yepasirese. encryption kune vese vashandisi (kusanganisira vashandisi vemahara), web interface Chitupa chinomiswa mukati me5 maminetsi, uye otomatiki kutumira kunopedzwa mukati meawa makumi maviri nemana, ichipa TLS encryption service yakavakirwa paElliptic Curve Digital Signature Algorithm (ECDSA) yewebhu traffic.

2. NameCheap

NameCheap inotungamira ICANN-yakatenderwa zita rezita rekunyoresa uye webhusaiti webhusaiti kambani, yakavambwa mu2000, kambani inopa yemahara DNS resolution, URL kutumira (inogona kuvanza iyo yekutanga URL, inotsigira 301 redirection) uye mamwe masevhisi, mukuwedzera, NameCheap inopawo Makore eSSL setifiketi yemahara sevhisi.

3. Ngatinyorei

Let's Encrypt ipurojekiti yemahara yekuburitsa zvitupa zveSSL nguva pfupi yadarika. Let's Encrypt ipurojekiti yemahara uye yemahara inopihwa neISRG, iyo inongoburitsa zvitupa, asi chitupa chinoshanda kwemazuva makumi mapfumbamwe chete.Inokodzera kushandiswa kwemunhu kana kushandiswa kwenguva pfupi, haichafanire kutsungirira kukurumidza kuti zvitupa zvekuzvisaina hazvivimbwe nemabhurawuza.

saizvozvo,Chen WeiliangIyo blog iri kurongawo kushandisa Let's Encrypt munguva pfupi yapfuura ^ _ ^

Ngatinyorei yemahara SSL chitupa application tutorial, ndapota tarisa kuchinyorwa ichi kuti uwane ruzivo:"Maitiro ekunyorera Let's Encrypt"