Operation and maintenance work to do before, only heard SSL certificate, then do the operation and maintenance work, only heard SSL certificate, because do not do this work, it is unlikely to care about this. But now, it's time to learn about, add this knowledge of the time. Many articles online search information, but can feel easy to understand introduction of SSL certificates, easier to understand, hardly ah! I will follow their own understanding, write an article about SSL certificates now. If imperfect understanding, please correct me help, I will update over.
Let's take a look at what is SSL.
SSL = Secure Sockets Layer, a cryptographic protocol used for network traffic。
摘自https://en.wikipedia.org/wiki/SSL
SSL (Secure Sockets Layer Secure Sockets Layer), and its successor, Transport Layer Security (Transport Layer Security, TLS) to provide security and data integrity of a secure communications protocol for the network. TLS and SSL encrypted network connection between the transport and application layers.
Taken https://baike.baidu.com/item/ssl
So, you see, SSL is a security protocol that is simple to understand this stuff with your data transmitted on the network, then more secure, is encrypted. How to achieve specific, do not know, anyway, is a variety of encryption algorithms it.
Single SSL is nothing to talk about, it is to keep up with the use of other technologies, rely on its own, any thing can be accomplished. Mentioned SSL, it must say something HTTPS, that Shajiao HTTPS?
HTTPS (full name: Hyper Text Transfer Protocol over SecureSocket Layer), is safe for the target HTTP channel, on the basis of HTTP to ensure the security of the transmission through the transmission encryption and authentication. HTTPS is added to the HTTP lower layer SSL, HTTPS is SSL security infrastructure, thus requires detailed encrypted SSL.
Therefore, it can be simply understood: HTTPS = HTTP + SSL
HTTPS made lowercase: https, it is not very familiar with? Yes, you usually surf the web, many, many are based on the https. For example: https://www.taobao.com/
Use your browser to open Taobao home, here are open Taobao Home the way with Firefox and IE, different browsers, like seemingly not the same, but there is a small lock icon, usually have the small lock icon, and is green, it shows there is a certificate, is also relatively safe.
Firefox browser to open taobao Home:
Taobao Home Open with IE:
Then you move your mouse, click the little lock icon will pop up a small box, the following have a view the certificate and then point down. Then the real certificate information window will pop up, just like the following.
Genernal under this tab, you can see that this certificate is awarded to: *.tmall.com的is who issued it? Look Issued by: GlobalSign Organization Validation CA - SHA256 - G2 this institution.
It is valid: 10/25/2019 to 10/25/2020
It seems taobao certificate network is just two days before the renew. Old and spent much money, hey, Ali anyway, not bad money. Here you find a problem yet? This certificate is issued to: *.tmall.comWhy the browser address bar, enter taobao.com browser also think it is safe? Moji, cut listen to me slowly come.
咱们接着往下看,切到另外一个tab,details下来一探究竟。在Field下面,又有很多信息,你找到一个叫:Subject Alternative Name,点击一下,看看下面的信息发生了什么变化?一坨一坨的DNS Name出来了。你发现了麽?在开头的那一坨DNS Name的格式是以星号开头的,就是通配符的DNS Name,就是星号的地方你随便更改,只要后面是以.tmll.com, .1688.com, .3c.tmall.com等等等等结尾的,都可以用这个证书。
接着继续滚动鼠标,往下看,你会找到一个DNS Name = taobao.com,这也就是说地址栏里输入taobao.com,这个证书照样管用。
那现在,我们就聊聊,什么是Subject Alternative Name?
SAN(Subject Alternative Name) 是 SSL 标准 x509 中定义的一个扩展。使用了 SAN 字段的 SSL 证书,可以扩展此证书支持的域名,使得一个证书可以支持多个不同域名的解析。 详细信息可参考:https://support.dnsimple.com/articles/what-is-ssl-san/
所以,你现在知道了吧?taobao只搞了一张证书,而且证书是只颁发给*.tmall.com的,但是其它阿里巴巴公司下面的域名都可以使用这一张证书,就是用了这个。只维护一张证书,是不是很方便呢?一般人可不知道这个,现在告诉你了,麻烦给这篇文章点个赞或者转发一下吧!
Next, we continue to switch to Certificateion Path this tab. We Laikankana!
You will find this certification path, in fact, are nested, three-tier structure.
The first layer: GlobalSign Root CA -> this is the root certificate, you point the root certificate, and then click the Browse button that certificate, the certificate will then open a window, this is the detailed information of the root certificate. You can find a very interesting thing, TMD awarded to his own. Yes, you read that right, people is so fast hardware.
The second layer: GlobalSign Organization Validation CA - SHA256 - G2 -> They call this intermediate certificate is a middleman, or a profiteer. In the root certificate authority CA below, we have different brokers. For an inappropriate chestnuts, like Industry Authority, it is a certificate authority CA, the following agencies will be divided into different departments to manage the different types of certificates, for example, you want to open a restaurant, it would need to manage food and beverage department to send you a certificate; if you want to open a tobacco shop ×××, it is estimated that tobacco is responsible for the department to send you a certificate; you have to open the hotel, it is estimated that the hotel sector management. . .
Again, you tap an intermediate certificate, and then click the View Certificate button, you will find it is a certificate issued by a root certificate authority to it.
Third layer: *.tmall.com-> This is the real certificate, and a certificate issued to you. Details above in the General Certificate of this tab.
Today to write this now! Another day to continue. . .