https基础连接已关闭
什么是HTTPS? (What is HTTPS?)
Hypertext Transfer Protocol Secure or Hypertext Transfer Protocol over SSL is used for secure communication over a network, or perhaps more importantly – over the Internet. You would see https:// in the URI and a lock icon in the browser when you access a page that uses HTTPS.
基于SSL的超文本传输协议安全或基于SSL的超文本传输协议用于通过网络或更重要的是通过Internet的安全通信。 当您访问使用HTTPS的页面时,您会在URI中看到https:// ,并在浏览器中看到一个锁定图标。
If you ever wondered whether and how to go HTTPS with your website, we’ll attempt to clear this up in this article by briefly describing what HTTPS is about, and why and how to implement it.
如果您想知道是否以及如何在您的网站上使用HTTPS,我们将在本文中通过简要介绍HTTPS的含义,实现原因和方式来尝试清除它。
为什么要使用HTTPS? (Why go HTTPS?)
Consider developing an e-commerce website that requires your users to enter sensitive information, such as credit card details, in order to proceed with an online transaction. If the information travels over the Internet as is and is intercepted by someone, it could be easily understood and misused. This is where HTTPS comes in – if you need to prevent these types of threats, you need to go HTTPS.
考虑开发一个电子商务网站,该网站要求您的用户输入敏感信息,例如信用卡详细信息,以便进行在线交易。 如果信息按原样通过Internet传播并被某人拦截,则很容易理解和滥用。 这就是HTTPS出现的地方–如果您需要防止这些类型的威胁,则需要使用HTTPS。
HTTPS promises you two things; first, the sensitive data is encrypted into gibberish by applying a cryptography mechanism which can be decrypted only by your server, the certificate owner. Now, if this information is intercepted with a man-in-the-middle attack, it will be meaningless. Secondly, HTTPS authenticates that the website is the website it claims to be. In your case, it will validate your website before sending your user’s encrypted credit card details so no one else can imitate you.
HTTPS向您承诺两件事: 首先,通过应用只能由您的服务器(证书所有者)解密的加密机制,将敏感数据加密为乱码。 现在,如果此信息被中间人攻击拦截,则将毫无意义。 其次,HTTPS验证该网站是它声称的网站。 对于您而言,它将在发送用户的加密信用卡详细信息之前验证您的网站,因此没有其他人可以模仿您。
Thus, going HTTPS authenticates your website and protects sensitive information being communicated over the Internet. This is made possible with the help of Certificates and Encryption.
因此,使用HTTPS可以对您的网站进行身份验证,并保护通过Internet通信的敏感信息。 借助证书和加密,可以做到这一点。
Certificates
证明书
In order for you to go HTTPS, you need a Certificate. It is a digital document that your website submits to proclaim your identity to the user, the web browser. The certificates are issued by companies known as Certificate Authorities (CA) which will encrypt your web related information such as your domain name, server platform and identity information such as company’s name address, phone number etc. within the certificate. You may wonder how a browser would trust a certificate. All browsers come with a set of pre-installed information letting them know of trusted certificate authorities. When you go HTTPS, you’ll have your certificate in your server which will be sent to your user whose browser will certify you.
为了使您能够使用HTTPS,您需要一个证书。 它是您的网站提交的数字文档,用于向用户Web浏览器声明您的身份。 证书由称为证书颁发机构(CA)的公司颁发,该证书颁发机构将对与Web相关的信息(例如域名,服务器平台)和身份信息(例如证书中的公司名称地址,电话号码等)进行加密。 您可能想知道浏览器如何信任证书。 所有浏览器都附带了一组预安装的信息,使它们知道受信任的证书颁发机构。 使用HTTPS时,您将在服务器中拥有证书,该证书将发送给浏览器将对您进行认证的用户。
Encryption
加密
We know that HTTPS encrypts data before sending it over the Internet and the server decrypts it. In the encryption-decryption scenario, a pair of keys is involved. One is public and the other is private. When your website wants your user to send information, your server instructs the user’s browser with a key (public) to encrypt the data which is to be sent over. Once the encrypted message is received, the server will use its private key to decrypt and understand the data. In HTTPS, any plain text encrypted with the public key can only be decrypted by the holder of the private key.
我们知道HTTPS在通过Internet发送数据之前先对数据进行加密,然后服务器将其解密。 在加密解密方案中,涉及一对密钥。 一个是公开的,另一个是私有的。 当您的网站希望您的用户发送信息时,服务器会使用密钥(公共)指示用户的浏览器对要发送的数据进行加密。 收到加密的消息后,服务器将使用其私钥解密和理解数据。 在HTTPS中,使用公钥加密的任何纯文本只能由私钥持有者解密。
So how do we get this implemented?
那么我们如何实现呢?
如何去HTTPS (How to go HTTPS)
For you to go HTTPS, you need a certificate installed in your server. A certificate can be either self-signed or third party signed. A self-signed certificate is a certificate signed by itself and not trusted by browsers. Users will see a warning when they access a secure web page which is from a server that has a self-signed certificate. However it will be useful in situations like if you want to test your application over a secured connection without any cost or if you want a secured connection in the Intranet. A third party signed certificate on the other hand is verified and issued by a CA trusted by browsers. This will cost you annually, and prices range from 10 dollars to several hundred, depending on certain features certificates provide.
要使用HTTPS,您需要在服务器中安装一个证书。 证书可以是自签名的,也可以是第三方签名的。 自签名证书是由其自身签名且不受浏览器信任的证书。 当用户访问具有自签名证书的服务器上的安全网页时,用户将看到警告。 但是,这在某些情况下很有用,例如您想通过安全连接测试应用程序而无需花费任何费用,或者想要在Intranet中使用安全连接。 另一方面,第三方签署的证书由浏览器信任的CA验证和颁发。 这将每年花费您,价格从10美元到几百美元不等,具体取决于证书提供的某些功能。
To get a certificate you need a Private Key and a Certificate Signing Request (CSR). These are generated in the server you’ll have your website hosted on. In the previous section under Encryption we saw what a Private Key does. A CSR is simply a request that needs to be submitted to get a certificate. When you generate a CSR, you will enter your identity information such as business name, location etc.
要获得证书,您需要一个私钥和一个证书签名请求(CSR)。 这些是在托管网站的服务器中生成的。 在上一节“加密”下,我们看到了私钥的作用。 CSR只是需要提交以获取证书的请求。 生成企业社会责任时,您将输入身份信息,例如公司名称,位置等。
Suppose you get a certificate signed by a CA that’s not trusted by a certain browser or a browser version. This occurs rarely, however if it happens your users would see a “connection not trusted” message. To prevent this, your CA will provide another certificate called chain certificate. This one has a chain of trusted CAs who can verify your CA and the certificate provided.
假设您获得由某个浏览器或浏览器版本不信任的CA签名的证书。 这种情况很少发生,但是如果发生这种情况,您的用户将看到“连接不受信任”消息。 为避免这种情况,您的CA将提供另一个证书,称为链证书。 这是一连串的受信任CA,可以验证您的CA和提供的证书。
安装自签名证书 (Installing Self-Signed Certificates)
An article in the SSLShopper website explains you how to install a Self-Signed Certificate in your Apache server. It also talks more about self-signed certificates. Look here if you want the certificate in IIS 7.
SSLShopper网站上的一篇文章介绍了如何在Apache服务器中安装自签名证书 。 它还讨论了有关自签名证书的更多信息。 如果要在IIS 7中使用证书,请查看此处 。
If your website is at a shared host, you can do the installation using front-end features. C Panel documentation explores how to do this using C Panel and WHM. Most of the times, hosting providers ask for a request from you to install the certificate, regardless of its type.
如果您的网站位于共享主机上,则可以使用前端功能进行安装。 C Panel文档探讨了如何使用C Panel和WHM做到这一点。 在大多数情况下,托管提供商会要求您提出安装证书的请求,而不管其类型如何。
安装由CA签名的证书 (Installing Certificates signed by CA)
You may also purchase a certificate from a CA like Verisign and install it in your server when you deploy your site for commercial use. This SSL installation guide will help with any server you’ve got. The CA also may send you installation instructions or a reference to their support pages via email along with the certificate.
您还可以从Verisign等CA购买证书,并在将网站部署为商业用途时将其安装在服务器中。 该SSL安装指南将帮助您使用任何服务器。 CA还可能通过电子邮件将您的安装说明或对其支持页面的引用与证书一起发送给您。
You may look at C Panel documentation and assistance from your hosting provider if your website is at a shared host.
如果您的网站位于共享主机上,则可以查看C Panel文档和托管提供商的帮助。
I would also like to show you how BlueHost explains on how to get a self-signed certificate and how to get a CA signed certificate in their host.
我还想向您展示BlueHost如何解释如何获取自签名证书以及如何在其主机中获取CA签名证书 。
安装了HTTPS,下一步是什么? (HTTPS installed, what is next?)
After HTTPS is ready you need to make certain modifications in your website and the server in order to make it work, this process is simple and straightforward.
准备好HTTPS之后,您需要在网站和服务器中进行某些修改才能使其正常运行,此过程非常简单明了。
Pages that need to be communicated securely have to read https:// at the beginning instead of http:// in your website. For example, if you want the page http://mydomain.com/checkout.php to load securely; you need to change all links to that page on your website to https://mydomain.com/checkout.php. In addition to this, you also need to add a server setup to automatically redirect users who try to access the secure pages via insecure URIs. For example, users who try to access the above page (checkout.php) using http:// should be routed to https://. Let’s see how we do this on Apache.
需要安全通信的页面必须在开始时阅读https://而不是您的网站中的http://。 例如,如果您希望页面http://mydomain.com/checkout.php安全加载; 您需要将网站上指向该页面的所有链接更改为https://mydomain.com/checkout.php 。 除此之外,您还需要添加服务器设置来自动重定向尝试通过不安全URI访问安全页面的用户。 例如,尝试使用http://尝试访问上述页面(checkout.php)的用户应被路由到https://。 让我们看看如何在Apache上执行此操作。
To do so, you add the following code to the .htaccess file,
为此,请将以下代码添加到.htaccess文件中,
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}This will however redirect all your webpages to https://. If you need only specific pages to be re-directed, the best way is to put those files in a folder or special route through your app’s router, and use a rule like this:
但是,这会将您的所有网页重定向到https://。 如果您只需要重定向特定页面,则最好的方法是将这些文件放置在通过应用路由器的文件夹或特殊路由中,并使用如下规则:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/?securepage/(.*) https://%{SERVER_NAME}/secureFolder/$1 [R,L]This rule redirects files in this folder with https:// if they are accessed using http://. This is of course a precaution even though users do not usually change the protocol manually unless their intentions are dishonorable.
如果使用http://访问,此规则将使用https://重定向此文件夹中的文件。 即使用户通常不手动更改协议,除非他们的意图不诚实,这当然是一种预防措施。
There’s one more thing we need to do. There can be resources (images, css files etc.) loaded insecurely on your secure page. To fix this, you simply replace http:// of those files with //, as an example:
我们还需要做一件事。 安全页面上可能不安全地加载了资源(图像,css文件等)。 要解决此问题,您只需将这些文件的http://替换为//,例如:
link rel="stylesheet" href="http://mysite.com/css/style.css"Should read as,
应该读为
link rel="stylesheet" href="//mysite.com/css/style.css"You’re done! As a best practice visit your secured pages with different browsers and make sure all are OK. You may see the lock icon in your browser. You may also click on it for addition information.
你完成了! 最佳做法是使用其他浏览器访问受保护的页面,并确保一切正常。 您可能会在浏览器中看到锁定图标。 您也可以单击它以获取其他信息。
结论 (Conclusion)
In this article, we went through what HTTPS is, why to go HTTPS and how to implement it. We also went through a few underlying technical aspects to understand how HTTPS works. Hope this helped you to get a clear understanding of what HTTPS is all about and how to work with it. Your feedback is highly welcome!
在本文中,我们介绍了什么是HTTPS,为什么要使用HTTPS以及如何实现它。 我们还研究了一些基础技术方面,以了解HTTPS的工作原理。 希望这有助于您清楚地了解HTTPS的全部内容以及如何使用它。 非常欢迎您提供反馈!
https基础连接已关闭
5856
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
