Seven misconceptions about HTTPS

This article discusses seven misconceptions about HTTPS in detail, including HTTPScannot be cached, SSLcertificates are expensive, HTTPS It’s too slow, wait, after reading this article, I hope you can have a more thorough understanding of HTTPS.

Myth 7: HTTPScannot be cached

Many people believe that for security reasons, browsers do not save locally HTTPS Caching. In fact, HTTPS is cacheable as long as you use specific commands in the HTTP header.

Microsoft’s IE Eric Lawrence wrote:

“Maybe it’s shocking to say that, just HTTP The header allows this, and all versions of IE cache HTTPS content. For example, if the header command is Cache-Control: max-age=600, then this The web page will be cached by IE for 10 minutes. The caching policy of IE has nothing to do with whether the HTTPS protocol is used. (Other browsers are at The behavior in this area is inconsistent, depending on the version you are using, so it will not be discussed here. )"

Firefoxdefault only caches in memoryHTTPS. However, as long as there is Cache-Control: Public in the header command, the cache will be written to the hard disk. The hard disk cache of Firefox contains HTTPS content, and the header command is exactly Cache-Controlublic.

Misunderstanding 6: SSLCertificates are expensive

If you search online, you will find a lot of cheap SSL certificates, about 10USD a year, which is the same as a .comdomain name The annual fee is about the same. And in fact, you can also find free SSL certificates.

In terms of effectiveness, cheap certificates will of course be a little worse than certificates issued by large organizations, but almost all major browsers accept these certificates.

Myth 5: HTTPSThe site must have an exclusiveIPaddress

Due to IPv4 is about to be allocated, so a lot People care about this issue. There is no doubt that only one SSL certificate can be installed per IP address. However, if you use a subdomain wildcard SSLcertificate (wildcard SSL certificate, the price is about $125USD per year), you can get a IP Deploy multiple HTTPSsubdomain names on the address.

In addition, UCC (Unified Communications Certificate, Unified Communications Certificate) supports one certificate to match multiple sites at the same time, which can be completely different domain names. SNI (Server Name Indication, Server Name Indication) allows multiple certificates to be installed for multiple domain names on one IP address. Server side, Apache and Nginx support this technology, IIS does not support it; client side, IE 7+ ,Firefox 2.0 + , Chrome 6+, Safari 2.1+ and Opera 8.0+ support.

Misunderstanding 4: You need to purchase a new certificate when transferring a server

DeploymentSSLcertificate requires the following steps:

的1.

On your server, generate a csr file (SSL Certificate request file, Ssl Certificate Signing Request).

2.

Use CSR file to purchase SSLcertificate.

3.

InstallSSLcertificate.

These steps are carefully designed to ensure the security of the transmission and prevent anyone from intercepting or illegally obtaining the certificate. As a result, the certificate you obtained in step 2 cannot be used on another server. If you need to do this, you must export the certificate in another format.

For example, IIS is to generate a transferable .pfx file and password-protect it.

Transfer the .pfx file to other servers, and you will be able to continue to use the original SSL certificate.

Get LAMP Brothers’ original PHP tutorial CD/"Essential PHP in Details" for free. For details, please contact the official website customer service: http://www.lampbrother.net

PHPCMS

Secondary development http:/ /yun.itxdl.cn/online/phpcms/index.php?u=5

WeChat development                                                     Mobile Internet Server Side Development

http://yun.itxdl.cn/online/server/index.php?u=5Javascript

Course http://yun .itxdl.cn/online/js/index.php?u=5CTO

Training Camp