Seven misunderstandings about HTTPS

Seven misunderstandings about HTTPS

This article discusses in detail seven misunderstandings about HTTPS, including the inability to cache HTTPS, the expensive SSL certificate, and the slowness of HTTPS. I hope you can have a better understanding of HTTPS. Misunderstanding 7: HTTPS cannot be cached Many people think that for security reasons, the browser will not save the HTTPS cache locally. In fact, as long as a specific command is used in the HTTP header, HTTPS can be cached. Eric Lawrence, Microsoft's IE project manager, wrote: "It may be shocking to say that as long as the HTTP header permits this, all versions of IE cache HTTPS content. For example, if the header command is Cache-Control: max-age = 600, the web page will be cached by IE for 10 minutes. The cache policy of IE has nothing to do with whether or not to use HTTPS protocol. (The behavior of other browsers in this regard is inconsistent, depending on the version you are using, so we will not discuss it here .)" Firefox caches HTTPS only in memory by default. However, as long as the header command contains Cache-Control: Public, the Cache will be written to the hard disk. The hard disk Cache of Firefox contains HTTPS content, and the header command is Cache-Controlublic. Misunderstanding 6: SSL certificates are expensive If you search online, you will find a lot of cheap SSL certificates, about $10 a year, which is about the same as the annual fee for a. com domain name. In fact, you can also find a free SSL certificate. In terms of effectiveness, cheap certificates are certainly worse than certificates issued by large organizations, but almost all mainstream browsers accept these certificates. Misunderstanding 5: The HTTPS site must have an exclusive IP address As IPv4 is about to be allocated, many people are concerned about this issue. Each IP address can only install one SSL certificate. However, if you use a sub-domain wildcard SSL certificate (wildcard SSL certificate, the price is about $125 per year), you can deploy multiple HTTPS sub-domain names on one IP address. In addition, UCC (Unified Communication Certificate, uniied Communications Certificate) supports a Certificate that matches multiple sites at the same time, and can be a completely different domain name. SNI (Server Name Indication, Server Name Indication) allows multiple certificates to be installed on multiple domain names on one IP address. Server, Apache, and Nginx support this technology, which is not supported by IIS. support for clients, IE 7 +, Firefox 2.0 +, Chrome 6 +, Safari 2.1 +, and Opera 8.0 +. Misunderstanding 4: purchase a new certificate when transferring servers To deploy an SSL certificate, perform the following steps: 1. generate a CSR File (SSL Certificate Request file, SSL Certificate Signing Request) on your server ). 2. use the CSR file to purchase an SSL certificate. 3. install the SSL certificate. These steps have been carefully designed to ensure transmission security and prevent unauthorized access to the certificate. The result is that the certificate you obtained in step 2 cannot be used on another server. To do this, you must output the certificate in another format. For example, IIS generates a transfer-able. pfx file and password-protected it. Pass the. pfx file to other servers and you will be able to continue using the original SSL certificate. Get free LAMP Brothers original php Tutorial CD/the elaborate PHP Essentials edition, details consulting official website Customer Service: http://www.lampbrother.net PHPCMS secondary development http://yun.itxdl.cn/online/phpcms/index.php? U = 5 Develop http://yun.itxdl.cn/online/weixin/index.php? U = 5 Mobile internet server development http://yun.itxdl.cn/online/server/index.php? U = 5 Javascript http://yun.itxdl.cn/online/js/index.php course? U = 5 CTO training camp http://yun.itxdl.cn/online/cto/index.php? U = 5