Http and Https

The default ports of the two protocols are generally configured with the IP address corresponding to the domain name. Then, when accessing this domain name, if it is a domain name, it will be resolved to the ip: 80 domain name by default, is not resolved to the ip: 443 certificate problem commercial certificate... default ports of the two protocols

Generally, the IP address corresponding to the domain name must be configured at the domain name you apply. Then, when accessing this domain name, if it is http: // domain name, it is resolved to http: // ip: 80 https: // by default, the domain name is resolved to https by default: // ip: 443

Certificate problems

Commercial certificates are charged, but in fact, commercial certificates only return a certificate. The customer service who made the commercial certificate said that the certificate they gave will not be blocked by the browser. how is this implementation mechanism? In addition, even for commercial certificates, the specific encrypted transmission process is implemented by apache and openssl?

Customer certificate

In addition, when was the client certificate installed? I am confused about this. can I tell you if I have mastered this item.

Reply: default ports of the two protocols

Generally, the IP address corresponding to the domain name must be configured at the domain name you apply. Then, when accessing this domain name, if it is http: // domain name, it is resolved to http: // ip: 80 https: // by default, the domain name is resolved to https by default: // ip: 443

Certificate problems

Commercial certificates are charged, but in fact, commercial certificates only return a certificate. The customer service who made the commercial certificate said that the certificate they gave will not be blocked by the browser. how is this implementation mechanism? In addition, even for commercial certificates, the specific encrypted transmission process is implemented by apache and openssl?

Customer certificate

In addition, when was the client certificate installed? I am confused about this. can I tell you if I have mastered this item.

1. (Used by HTTP (S) protocol) domain name resolution is to resolve the domain nameIP address. It is not related to the port. The default port is the behavior of the browser.
2. The certificate trusted by the browser is the root certificate it owns.Signature. No CA trusted by the browser/operating system, or self-signed certificate. If you import the root certificate of such a CA to the browser/operating system, the browser will also trust the (any valid) certificates signed by them.
3. A customer certificate is a certificate presented by a client (browser. Used when the server requires verification to verify the identity of the customer.

The default port of the two protocols is http. the default port of the https protocol is 80, and the default port of the https protocol is 443. of course, you can modify it in the configuration of the Web server or the forward/reverse proxy server, add the port during access. When using the https protocol, the browser uses TLS (Transport Layer Security) to encrypt the transmitted content. only the private key of the SSL certificate can be decrypted.

Certificate problems

Because the system includes a trusted root certificate issued by companies such as Verisign, GlobalSign, and Thawte, the domain name owner must purchase the certificate through some verification and obtain the user's approval and some services. Web server certificates can be divided into Domain Validation, Organization Validation, and Extended Validation. For example, in important fields such as online banking and electronic payment, Extended Validation (enhanced verification) is generally used, that is, the Green address bar, users can clearly see which company the website is accessed by the certificate authority. For example, PayPal: https://www.paypal.com/?american Bank: https://www.bankofamerica.com/organization Validation (institutional verification) is generally used by companies or some organizations. For example, QQ mail: Taobao. Domain Validation (Domain name verification) because the verification method is simple, you only need to verify WHOIS mailbox, generally used by individuals or some small and medium enterprises.

Client Certificate some software will also install the issued certificate to the system, such as the ssl vpn client program, online banking plug-in, and some OA systems. The global trusted root certificate is installed in the operating system or patched to the system. for example, the previous DigiNotar intrusion event, the operating system provider revokes the certificate issued by DigiNotar, which is forged by hackers, so that hackers cannot use those revoked certificates.

Https was involved in the previous login. this is really a troublesome thing. it is not difficult to configure, but it is not easy to understand the principle. I have read a lot of information and can't understand it too deeply, said simple and can not fully explain their questions, tangle for a while, so summed up a blog, is a stage of understanding: http://diaocow.iteye.com/blog/1743273 (only for the landlord's reference)

Answer the following questions:

1. 80 serves as the http service port by default, and 443 serves as the https service port by default. this is an agreement. when you do not specify the port, the browser will follow the protocol you use, use the default protocol port (but you can fully listen to other ports (such as: 8443) to provide https services. at this time, the user must use https: 8443 //...)

2. Security issues always require a trust base point (otherwise it will become a zombie problem and never end). The trust base point of the https transmission process is the certificate, only certificates issued by an authority can be trusted by browsers (for example, verisign, you can also manually add trusted certificates). In addition, the specific encryption and decryption process is implemented at the ssl layer (the ssl layer is located under the http layer)

3. Client Certificate I used only in the company intranet, like we generally visit the website only involves server certificate (such as access: https://accounts.google.com/), and client (browser) the installation of server certificates is carried out before the formal session starts, and you are not aware of this process (a bit like TCP data needs to be handshakes three times before transmission of TCP data, looks like an SSL Handshake ?)

I have said so much, and it seems that I am not very clear about it. this is too complicated and the landlord will forgive me.