HTTPS (full name: Hypertext Transfer Protocol over secure Socket Layer) is a security-targeted HTTP channel and is simply a secure version of HTTP. That is, the SSL layer is added under HTTP, the security base of HTTPS is SSL, so the details of encryption see SSL.
It is a URI scheme (abstract identifier system) with syntax similar to http: System. For secure HTTP data transfer. Https:url indicates that it uses HTTP, but HTTPS has a different default port than HTTP and an encryption/authentication layer (between HTTP and TCP). The initial development of the system, conducted by Netscape, provides an authentication and encryption method of communication, which is now widely used in security-sensitive communications on the World Wide Web, such as transaction payments.
1. Self-issued SSL certificates that are not trusted by the browser:
SSL certificates for HTTPS can be issued on their own, and the following steps are issued under Linux:
OpenSSL genrsa-des3-out Api.bz.key 1024
OpenSSL Req-new-key api.bz.key-out API.BZ.CSR
OpenSSL rsa-in api.bz.key-out Api.bz_nopass.key
Nginx.conf SSL certificate configuration, using Api.bz_nopass.key, in the boot Nginx is not required to enter the SSL certificate password, and use Api.bz.key need to enter the password:
Referencing the server
{
server_name sms.api.bz;
Listen 443;
Index index.html index.htm index.php;
root/data0/htdocs/api.bz;
SSL on;
Ssl_certificate API.BZ.CRT;
Ssl_certificate_key Api.bz_nopass.key;
......
}
Although the self-issued SSL certificate can implement the encrypted transfer function, but cannot get the trust of the browser, the following prompt appears:
2. STARTSSL free SSL Certificate trusted by the browser:
Like VeriSign, Startssl (website: http://www.startssl.com, company name: startcom) is also a CA organization whose root certificates have long been supported by browsers with open-source backgrounds (Firefox browser, Google Chrome browser, Apple Safari, etc.).
In September of this year, Startssl unexpectedly took care of Microsoft: Microsoft in the upgrade patch, updated the Windows root certification program (Windows root Certificate programs) vendor list, and for the first time StartCom company included in the certification list , this is the first time Microsoft will provide free digital authentication technology to the vendors to join the root certificate certification list. Now, in Windows 7 or the Windows Vista or Windows XP operating system with the upgrade patches installed, the system will fully trust digital certificates certified by startcom, a free digital certification authority, so that STARTSSL is also supported by IE browsers.
After registering as a Startssl (http://www.startssl.com) User and verifying the message, you can request a free, trusted SSL certificate. The steps are complex and are not described in detail, the main steps of the Application Wizard are as follows:
3, use case:
Example of an HTTPS (SSL) Web site that uses STARTSSL free SSL certificates:
Https://sms.api.bz
4. Episode:
Startssl Although the free SSL certificate is provided, but the service attitude is very good. Previously STARTSSL did not support. BZ end domain name, because I have a API.BZ domain name requires SSL certificate, so I sent an email to Startssl's administrator, asked to increase the. BZ domain name, the middle also because. bz domain name Registration agencies have limited WHOIS query, there are some more troublesome problems, the final STA Rtssl supports the. BZ domain name by modifying the program.
This article was reproduced from: http://www.linuxidc.com/Linux/2011-11/47478.htm
Thank you so much.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
