Shulou(Shulou.com)06/01 Report--

When you visit a website page, the page may display the error message "this site is not secure", so what is the reason why the page says "this site is not secure"? You know what? In order to let you know more about the solution of "this site is not safe" displayed on the page, the editor summarizes the following content, let's look down together.

First of all, let's find out, what is the HTTPS website?

The HTTPS website is simply an upgrade of the HTTP website, in which the addition of the "S" means encryption. In other words, HTTPS sites will use user data to encrypt and transmit, which is an upgraded version compared to the plaintext transmission of HTTP sites.

In theory, HTTPS sites are supposed to be more secure, but why do IE browsers tell users that "this site is not secure"?

As mentioned earlier, the HTTPS website is because of the SSL certificate configured on the website, and the SSL certificate is the key to the encrypted transmission of the HTTPS website. When the IE browser detects that there is a problem with the SSL certificate of the HTTPS website you are currently visiting, there is a risk of access, and the user will be prompted that "this site is not secure". Generally speaking, the problems with SSL certificates are caused by the following reasons.

1. Domain name mismatch

One of the very important functions of the HTTPS website is to confirm the identity of the website. This is very effective in preventing DNS hijacking. A SSL certificate must correspond to a website domain name. When you visit a website domain name that is inconsistent with the domain name set in the SSL certificate, the browser will prompt the user that the website is not secure.

The webmaster may have misconfigured the SSL certificate and the website domain name, or he may think that multiple websites can use the same SSL certificate, resulting in a mismatch between the domain name and the SSL certificate.

The following figure takes Baidu's SSL certificate as an example to show how to view the domain name configured and bound in the SSL certificate.

As can be seen in the image above, all domain names that Baidu's SSL certificate can adapt to. Generally speaking, SSL certificate can be divided into three forms: single domain name, multiple domain name and wildcard. For more information about SSL certificates, you can browse other related introductions on this website.

2. SSL certificate expires

The expiration of the SSL certificate is also one of the causes of the error. All SSL certificates will have a validity period, which is usually 1-2 years. When the certificate expires, the certificate must be updated for the HTTPS site to continue to work properly. You can see the validity period of the SSL certificate as shown in the figure.

3. System time error

Another common cause of error is the system time error on the client side. The IE browser will determine whether the SSL certificate has expired, and the browser's time judgment is based on your system time. If your system time is incorrect, there is a good chance that the browser will misjudge and cause a SSL certificate that has not yet expired to be considered expired. Causes the final page to display an error message. The solution is also very simple, which is to change your system time correctly. This article will not introduce how to do it.

4. Self-signed certificate is used

In fact, SSL certificate is not a very advanced technology, generally people who know the code can make a self-signed SSL certificate. However, suppose you deploy to your site using a self-signed SSL certificate to save money. Then mistakes will still occur. The reason is that your self-signed certificate is not in the trusted root certificate of the operating system.

Only SSL certificates issued by trusted root certificates are considered secure by browsers, and all other SSL certificate browsers will prompt an error.

In fact, it is easy to understand that the operating system has identified a number of CA institutions (SSL certification authorities) in advance. Because these CA institutions have strong technical capabilities and can be trusted, the SSL certificates issued by them are trusted. Just imagine, if any individual or organization could issue a SSL certificate, what security would the HTTPS website have?

So never use a self-signed SSL certificate to save money. Now there are many SSL certificate agencies on the market, they will provide various brands of SSL certificates, including cheap and expensive, we can choose and buy according to their own actual situation.

For example, you can choose that the SSL certificate securely encrypts the website, which can effectively prevent hijacking, prevent your website from being maliciously implanted with advertisements, prevent tampering and monitoring from leaking users' passwords, and optimize the SEO ranking of search engines with SSL certificates.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.