Shulou(Shulou.com)06/01 Report--

Editor to share with you the ssl certificate example analysis, I believe that most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's go to understand it!

Google, which has been away from the Chinese market for eight years, has been reported by the media that the search business will return to the Chinese market, which is good news for users. after all, Google search is more user-friendly and accepted by the public, and Google browser has a high market share and is loved by the public. But the Chrome 68 browser, which was officially released on July 24th, marked all HTTP transport protocol sites as "Not Secure", meaning that in the eyes of Google Chrome 68, only https is a secure site. Perhaps in the near future, Google browsers or searched sites will be considered insecure as long as they are in the http transport protocol.

Why does Google push HTTPS?

With the continuous improvement of the level of network security, Internet security protocols are becoming more and more important. Because HTTP is a plaintext transmission protocol, when Internet users' web browsers arrive at HTTP websites or information exchanges, they will be tampered with, illegally redirected, put into advertisements, and the data can not ensure the integrity of the data in the process of transmission. Especially for online banking, e-commerce, social media, medical and other industries, there is a huge security risk of information disclosure. As a result, Google is becoming more and more averse to the HTTP protocol, and the vigilance of insecure pages is getting stronger and stronger. When a SSL/TLS certificate is installed and the site is migrated to HTTPS, it can help to encrypt the connection, thus preventing the data being transferred from eavesdropping or even manipulation.

How to choose the brand of ssl certificate?

In fact, there are many types of certificates we use, and the SSL certificate is just one of them. Our common certificates are roughly the following according to their different uses:

1. SSL certificate, which is used to encrypt HTTP protocol, that is, HTTPS.

2, code signing certificate, used to sign binaries, such as Windows kernel drivers, Firefox plug-ins, Java code signatures and so on.

3. Client certificate, which is used to encrypt messages.

4, two-factor certificate, online banking professional version of the use of USB Key is this type of certificate.

These certificates are issued by certified certification authorities, which we call CA (Certificate Authority). There are many such CA centers around the world. Ssl certificates are used for the website https. Here are five top SSL certificate brands that can adapt to almost all browsers and platforms.

Comodo: Comodo is one of the best network security service providers and SSL certificate service providers in the world. Founded in 1998, the company is headquartered in New Jersey, USA. The price of the SSL certificate provided by Comodo is relatively close to the people, and it provides a lot of free products, which users can download directly from the official website, which is the first choice for many small and medium-sized websites.

DigiCert: a long-standing SSL certification authority in the United States, DigiCert, located in Lehigh, Utah, has provided professional SSL certificates and management tools for ten years. While other certificate companies are turning to products that have nothing to do with encryption, DigiCert still focuses on SSL digital certificate products, which leads to their unparalleled customer service.

Symantec: the SSL certificate brand that entered the Chinese market earlier, the company was founded in April 1982, headquartered in California, USA, and has branches in more than 40 countries and regions around the world. There is no doubt that Symantec is a global leader in Internet security. With "encryption everywhere" as the brand manifesto, Symantec provides a wide range of content and network security software and hardware solutions for enterprises, individual users and service providers.

Founded in 2001, GeoTrust:Geotrust occupied 25% of the global market share in just five years and currently has more than 100000 users in more than 150 countries around the world. The company was acquired by VerSign for $125 million in 2006. As one of the largest information security vendors and service providers in the world, Geotrust has won the trust of individual and corporate users around the world.

Entrust: a well-known Canadian CA organization. In recent years, with the rapid development in the Chinese market, strict audit, high efficiency and humanized service, it has won the favor of many users. Entrust Datacard provides you with trusted authentication and secure transaction technology to make these experiences more secure and reliable. Our solutions include the combination of the physical world of financial cards, passports and identity documents with digital certificates, identity authentication and secure communications.

How to upgrade HTTPS for HTTP website?

It is not a difficult thing to upgrade the HTTP website to HTTPS. The webmaster only needs to apply for the SSL certificate from the domestic authoritative CA agency agent (such as Bisheng Interconnection https://www.bisend.cn/ssl-certificate). There are many types of SSL certificates. You can choose the appropriate SSL certificate according to the size and service scope of your website, the number of domain names, the characteristics of the website, etc. Then deploy on the server, mainly to redirect the https page, you can complete the HTTPS website upgrade.

Take Apache deployment SSL certificate as an example:

a. Check to see if apache enables ssl

Open the apache installation directory / conf/httpd.conf file and find the two lines inside

# LoadModule ssl_module modules/mod_ssl.so

Remove the # at the beginning of the line and save the file

Execute command: apache installation directory / bin/httpd-M | grep ssl_module. The result below shows that apache already supports ssl. Otherwise, please open the ssl module of apache first.

b. Configure the certificate to the corresponding site

Edit the site configuration file corresponding to the site, such as apache installation directory / conf/extra/httpd-ssl.conf, and modify the contents as follows

DocumentRoot "/ var/www/html" >

ServerName www.domain.com

SSLEngine on

SSLCertificateFile certificate file path / _ www.domain.com.cer

SSLCertificateKeyFile certificate file path / _ www.domain.com.key

SSLCertificateChainFile certificate file path / _ www.domain.com_ca.crt

c. Restart apache takes effect

The above is all the content of this article "sample Analysis of ssl Certificate". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.