Seven Misconceptions about HTTPS

This article discusses seven misunderstandings about HTTPS in detail, including HTTPS cannot be cached, SSL certificate is expensive, HTTPS is too slow and so on, watching this article, I hope you can more thorough understanding of HTTPS. Myth Seven: HTTPS cannot be cached many people think that for security reasons, the browser does not save the HTTPS cache locally. In fact, HTTPS can be cached as long as a specific command is used in the HTTP header. Eric Lawrence, Microsoft's IE Project manager, wrote: "It might be shocking, as long as HTTP headers allow this, and all versions of IE cache HTTPS content." For example, if the header command is cache-control:max-age=600, then this page will be cached by IE for 10 minutes. The cache policy of IE is independent of whether to use HTTPS protocol. (The behavior of other browsers in this respect is inconsistent, depending on the version you are using, so this is not discussed here.) Firefox only caches https in memory by default. However, as long as there is cache-control:public in the header command, the cache is written to the hard disk. Firefox has HTTPS content in its hard disk cache, and the header command is cache-controlublic. Misunderstanding VI: SSL certificate is expensive if you search the Internet, you will find a lot of cheap SSL certificates, about 10 dollars a year, which is the same as a. com domain name of the annual fee. And in fact, you can find a free SSL certificate. In effect, a cheap certificate is certainly less than a certificate issued by a large institution, but almost all mainstream browsers accept the certificate. Misunderstanding five: HTTPS site must have exclusive IP address because IPV4 will be allocated, so a lot of people care about this problem. There is no doubt that only one SSL certificate can be installed per IP address. However, if you use the Subdomain wildcard SSL certificate (wildcard SSL certificate, which costs about $125 per year), you can deploy multiple HTTPS subdomains on one IP address. In addition, UCC (Unified Communications Certificate, Unified Communications Certificate) supports a single certificate to match multiple sites simultaneously, which can be a completely different domain name. SNI (server name indicates, server named indication) allows multiple certificates to be installed on more than one domain name on an IP address. Server side, Apache and Nginx support this technology, IIS does not support, client, IE 7+, Firefox 2.0+, Chrome 6+, Safari 2.1+ and opera 8.0+ support. Myth four: When transferring a server to purchase a new certificate to deploy an SSL certificate, you need these steps: 1. On your server, generate a CSR file(SSL certificate requests file, SSL Certificate Signing request). 2. Use the CSR file to purchase an SSL certificate. 3. Install the SSL certificate. These steps are carefully designed to ensure the security of the transmission and to prevent anyone from intercepting or illegally obtaining a certificate. As a result, the certificate you obtained in the second step cannot be used on another server. If you need to do this, you must export the certificate in a different format. For example, the practice of IIS is to generate a. pfx file that can be transferred and password-protected. Passing the. pfx file to another server will continue to use the original SSL certificate. Free to receive the Lamp Brothers and original PHP tutorial CD/"Detailed PHP" Essentials Edition, details of the website customer service: Http://www.lampbrother.netPHPCMS two times development http://yun.itxdl.cn/online/phpcms /index.php?u=5 Development of HTTP://YUN.ITXDL.CN/ONLINE/WEIXIN/INDEX.PHP?U=5 Mobile Internet server-side development http://yun.itxdl.cn/online/server/ Index.php?u=5javascript Course Http://yun.itxdl.cn/online/js/index.php?u=5CTO Training Camp http://yun.itxdl.cn/online/cto/ Index.php?u=5

