Misunderstanding of HTTPS (II.)

Hello everyone, we went on the misunderstanding of HTTPS (a) Then, often someone will say to replace or transfer the server to purchase a new certificate, the server SSL certificate price is very expensive, easy-dimensional letter (evtrust) to everyone to clarify the misunderstanding of these places, see the following article in detail.

Myth four: To purchase a new SSL certificate when transferring a server

Deploying an SSL certificate requires a few steps such as:

1. On your server, generate a CSR file (SSL certificate request file, SSL Certificate Signing requests).

2. Use the CSR file to purchase an SSL certificate.

3. Install the SSL certificate.

These steps are carefully designed to ensure the security of the transmission and to prevent anyone from intercepting or illegally obtaining a certificate. After the certificate is installed, Evtrust will remind you to back up the certificate's public key, private key, and certificate password file. If your server is re-installed, you do not need to reapply for the certificate, just restore the backed up certificate. If you are replacing webserver recommends that you use the easy-to-dimensional certificate format conversion tool, you must export the certificate in a different format, and you do not need to re-purchase a new certificate.

For example, the practice of IIS is to generate a. pfx file that can be transferred and password-protected. By passing this file on to another server, you will be able to continue using the original SSL certificate.

Misunderstanding five: HTTPS sites must have exclusive IP addresses

Since IPv4 will be allocated, many people are concerned about this problem. There is no doubt that only one SSL certificate can be installed per IP address. However, if you use the sub-domain wildcard SSL certificate (wildcard SSL certificate), you can deploy multiple HTTPS subdomains on one IP address. For example, https://www.evtrust.com and https://store.evtrust.com, share the same IP address.

In addition, UCC (Unified Communications Certificate, Unified Communications Certificate) supports a single certificate to match multiple sites simultaneously, which can be a completely different domain name. SNI (server name indicates, server named indication) allows multiple certificates to be installed on more than one domain name on an IP address. Server side, Apache and Nginx support this technology, IIS does not support, client, IE 7+, Firefox 2.0+, Chrome 6+, Safari 2.1+ and opera 8.0+ support.

Myth Six: Server SSL certificates are expensive

If you search the Internet, you will find a lot of cheap SSL certificate, also have a free SSL certificate. DV SSL certificate only need to verify domain name ownership, so there is no verification audit cost low price, of course, OV Ssl,ev SSL certificate to undergo strict authentication, so the price is more expensive.

In addition, in terms of brand awareness, the cheap certificate will certainly be less than the certificate issued by large organizations, but almost all mainstream browsers accept these certificates. We recommend that users purchase SSL certificates issued by well-known CAs, such as Symantec, GeoTrust and other CA agencies.

Misunderstanding of HTTPS (II.)