1,When applying for a certificate, you must note that the public name is the website domain name or computer name orIPAddress. That is to say, the public name must beHttp: //.../virtualdirThe site addresses in are consistent (excluding virtual directories). Otherwise, a warning message is displayed when the certificate is accessed after it is installed. For exampleIPThe address must be a public name and must be used for access.IPAddress.
2. the essence of the certificate is to send a letter to any site from the certificate authority.
first, the Certificate Authority is the intermediary and reliable;
second, use SSL because the information is confidential and you do not want to be eavesdropped, you must ensure that the website you visit is authentic, reliable, and not disguised by others.
therefore, the website obtains a certificate from the intermediary, the user's browser also has the public key of the man-in-the-middle certificate. During user access, the browser verifies whether the certificate is issued by a trusted man-in-the-middle through the Public Key given by the man-in-the-middle. If yes, It is trusted.
3. for self-built certificates (using tools), a warning message is prompted because the client browser does not have its own root certificate or the public key of the superior certificate. The solution is to install the root certificate or superior certificate of the Organization on the browser.
there are two installation methods, one is installed on the website of the Certificate Authority (such as Microsoft's Certificate Server);
the other is to export certificate data without a private key from certificate data . pfx Import to your client browser. (Export a certificate with a private key . CER files are installed on the Web server ).