How does an express Web site join the SSL security transfer function?
How do you add SSL (secure Sockets Layer) security transfer to your Web site?
Information on the internet can be intercept cut, 竄 change. First, let's take a look at how to transfer data safely.
What is the Gold keys (Session key) method, the Open gold keys (public Key) method, SSL (Secure Sockets Layer)?
Symmetric Gold keys (Session Key) method
The simplest way, for the sender of the information to be sent to use a gold keys (session key) encryption, the transfer of the data in the code, not afraid to be intercept cut, the recipient received information using the same gold keys (session key) to decrypt.
The so-called Gold keys (key) is not really a keys key, but a cryptographic algorithm, such as the 2,2 of each of the information as a gold keys.
What is the problem with the Gold keys (Session Key) method for securely delivering the decrypted keys key on the Internet? This keys key on the Internet to send delivery, may also be intercept cut, 竄 change.
Open Gold keys (public Key) method
So, someone invented the keys (public Key) Law, the sender encrypts the data to be sent using the receiver's public-keys (common Key), sending the information in the code, not afraid of being intercept, the recipient receiving the information and using the private gold keys of the other recipient (private Key) to decrypt.
Since the public key is not afraid to know, it is suitable for the Internet to securely deliver this encrypted keys keys (public key).
Because the Gold keys (session key) method is more complex, the calculation speed than the gold keys (session key) method of the slow number of thousands of times.
SSL (Secure Sockets Layer)
SSL (Secure Sockets Layer) blends the advantages of the gold keys (session key) method and the Open gold keys (public Key) method.
The browser first produces a pair of gold keys (session Key), encrypt the information to be sent using this gold keys (session key), and then use the recipient's Open gold keys (public key) to encrypt this gold keys (session key). Sending the information in it as a password, the recipient receives the data and uses another recipient's private gold keys (private Key) to decrypt the gold keys (session key), and then use the Gold keys (session key) to decrypt the data.
The problem with the keys (public key) method is to confirm the correct nature of this cryptographic use of the public key of the receiver keys. The recipient's public-keys, which is sent to the Internet for delivery, may also be intercept cut and 竄.
So there must be a credible certification center, called a CA (certificate authority), a server verification is made to the recipient's Web server to verify that the encryption is keys by the public Key of the receiver to this server.
SSL (Secure Sockets Layer), the process of communicating through the Internet is as follows:
First, the browser presents https://SSL requirements.
The server is certified by the Web server, including the public Key of the server, the certification center CA and its digital signature, validity period, sequence number, and user, all of which are keys.
The browser will first produce a pair of gold keys (session key), and then use the server's Open gold keys (public key) to the gold keys (session key) encryption, the server received after the use of another server's private gold keys (private Key) First decrypt the gold keys (session key).
The browser encrypts the data to be sent using this gold keys (session key), and the server receives the information and then decrypts the data that was sent to the gold keys (session key).
Certificate Server Installation
The Windows NT Option Pack, which includes Microsoft Certificate Server, provides the ability to recognize a central CA. Server certification of servers to provide SSL security transfer function.
To install the Certificate Server, perform an installation of the Windows NT Option Pack, select [Add/Remove], and tick [Certificate Server].
The certificate serve can be installed by entering the library and the recorded installation path, and the description of the verification center.
The server acknowledges the claim
We talked about the need for a credible certification center CA to have a server verification of the Web server to verify that the keys (public Key) is guaranteed to be owned by this server.
You can select a credible certification center CA to have a server verification of the Web server. You can also use Microsoft Certificate Server with the Windows NT Option Pack to establish a certification center CA to enable server verification of the server to provide SSL security transfer capabilities.
Log on as "trustworthy" CA
Installed Certificate Server's server, the second step, for the browser to log the certification center CA as a "trusted" CA, perform http://localhost/certsrv/CertEnroll/cacerts.htm, press [ Certificate for Lisa\actif CA].
If you choose to open this file, you can add the Certificate Server's Certification center CA to the list of trusted developers, such as.
In the browser's [Internet options] [internal] certification [structure], you can see that the Certificate Server's Certification Center CA has been added to the trusted unit.
Using SSL (Secure Sockets Layer)
You can then use SSL (Secure Sockets Layer) to encrypt the data that is sent by the browser and use https://to perform it.
ASP code, as follows:
<% If UCase (Request.ServerVariables ("HTTPS") = "on" Then%>
<form action= "ssl2.asp" method= "Get" >
Users: <input type=text name=name1 value=<% =request ("name1")%>><br>
Password: <input type=text name=password1 value=<% =request ("Password1")%>>
<input type=submit value= "finished" >
</form>
<% Else%>
You must use the https://
<% End If%>
This uses UCase (Request.ServerVariables ("HTTPS")) = "On" To check whether HTTPS is used, and if it is not used, it is not allowed to enter.