Shulou(Shulou.com)05/31 Report--

This article mainly introduces "what are the HTTPS certificate knowledge points". In the daily operation, I believe many people have doubts about the HTTPS certificate knowledge points. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for you to answer the questions of "what are the HTTPS certificate knowledge points?" Next, please follow the editor to study!

1. Preface

Now do not add a HTTPS website domain name appears unprofessional, especially in the use of JWT authentication interface must add HTTPS for your interface to add a layer of security barrier. Today, let's talk about configuring HTTPS's key SSL certificates, also known as CA certificates.

two。 What is a SSL certificate?

SSL (Secure socket layer) certificate encrypts and hides the transmitted data by establishing a SSL secure channel between the browser and the WEB server to ensure that the data will not be changed during transmission and ensure the integrity of the data. at present, it has become one of the mainstream standards of Internet secure transmission. Since SSL technology has been established in all major browsers and WEB server programs, we only need to install trusted certificates.

3. Why get a certificate from CA?

The certificate issued by yourself has not been officially registered with a well-known certification authority, so you can't guarantee its authenticity. Do you think if you visit a phishing website, and the certificate of this site is a certificate issued by them, what's the point? However, the certificate issued by yourself can also ensure the security of data transmission, but mainstream browsers do not trust you, so use the certificate issued by the authoritative CA certificate issuing authority.

4. Why is the certificate so expensive?

The certificate of CA institution used to be charged, and the price starts from one or two thousand yuan to tens of thousands of yuan, and it is still an annual fee. In fact, the cost of signing a certificate is almost zero, just start a program and run, but why is a virtual certificate so expensive?

As far as Pangge knows, a CA organization must have an annual WebTrust audit, pay money to browser manufacturers, and pay huge premiums to insurance companies. In addition, the more advanced certificate issuance process is very stringent, requiring a lot of manual audit work. It will take several years for the new CA company to be widely trusted before it can widely enter the root certificate chain. If you want to join, you have to pay for other well-known CA companies to buy sub-certificates to speed up the process.

5. Do you have a free certificate?

The high price deterred many small and medium-sized websites, when an organization named Let's Encrypt came out. It is a free, open, automated certification authority (CA) that aims to provide free access to credit certificates for anyone who owns a domain name. Wildcard certificates are currently supported, but only have a 90-day expiration date.

The meaning of Let's Encrypt is just like Gmail, making email gradually free of charge and entering the homes of ordinary people. At present, most of the low-level CA certificates are free, and you can apply for them through several major cloud vendors in China. Without Let's Encrypt, I'm afraid we'll still have to be cut leeks by CA.

6. What are the types of CA certificates?

CA certificates can be distinguished according to the verification method and the number of domain name adaptations.

Verification mode

Most of the DV domain name verification SSL certificates are free. You only need to verify the ownership of the corresponding domain name. It is suitable for small static websites and blogs. The issuance can be completed in a few minutes.

OV enterprise verification SSL certificate, which needs to verify the ownership of the domain name and the identity information of the enterprise, proves that the applicant is a legitimate and real entity, which is usually issued within 1 to 5 working days.

For EV extended verification SSL certificate, in addition to verifying domain name ownership and enterprise identity information, you also need to submit extended verification, such as Deng and Bradstreet. Usually, CA institutions will make a return visit by phone, and usually issue the certificate within 2-7 working days. The price is generally about 1000 yuan to 10,000 yuan, which is suitable for online trading websites and enterprise websites.

Domain name adaptation

A single domain name certificate, such as a certificate issued to www.felord.cn, can only be used for that domain name, not for its subordinate domain name, for example, it cannot be used for assets.felord.cn.

Wildcard certificate can only protect one domain name and all lower-level domain names of that domain name, and does not limit the number of domain names.

Multi-domain name certificate, this is the most, can protect multiple domain names at the same time, do not limit the type of domain name, if you are interested, you can take a look at the certificate of Taobao.

The SSL certificate is bound to the domain name instead of the server IP.

At this point, the study of "what are the knowledge points of HTTPS certificate" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.