SSL Certificate basics

Others 2020-02-26 10:46:11 views: null

The company should provide an upgrade from HTTP to HTTPS service for a British client, so the contact inquiries and learned the contents of the relevant aspects of the SSL certificate, and analyzed doubled.

 

I, SSL Certificate Description

 

SSL certificate generally be divided into categories by DV SSL, OV SSL, EV SSL certificate.

A, DV SSL certificates

The domain type (basic type) SSL certificates, the English name: Domain Validation SSL Certificate. To ensure that the site is a high-strength encryption of confidential information transmitted from the user's browser to the transmission between servers, not the illegal theft and tampering.

Review the content:

Verify your domain ownership

Issuing period:

Minutes - hours

Review the content:

That certificate enacted agencies only owner of the domain name for online examination, usually verify the contents of a specified file under the domain name, or verify a strip TXT records associated with the domain name;

Such as access [http | https]: // http: //www.domain.com/.../test.txt, file contents: 2016082xxxxx39w7b20nelfa;

Or add a TXT record in the DNS server associated with the domain name: http: //www.domain.com -> TXT -> 20170xxxxxqmkiby43hpvy8

Certificate Features:

The issue of speed, but can not prove the true identity of the website.

Applicable scene:

Personal site

prompt:

DV SSL certificate issued fast, able to guarantee the security of information transmission, cheap, for personal website is a good choice.

 

Two, OV SSL Certificates

Business type certificate, the English name: Organization Validation SSL Certificate. Need to verify the true identity of the website subordinate units of Standard SSL certificates, the site can not only play the role of encryption of confidential information, but also to prove the true identity of the site to the user.

Review the content:

The need for a critical review of the corporate identity and website domain ownership.

Issuing period:

3-5 business days

Review the content:

Buyers to submit information and organizational units authorized letters and other documents in the official registration, certification authorities before issuing an SSL certificate not only to verify domain ownership, must also be true multi-party inspection of the legality of such information, only through verification to issue a SSL certificate.

Certificate Features:

Trusted by all major browsers and mobile devices, free installation certificate status checking, certificate marking business organization details, strengthen trust.

Applicable scene:

Institutions site

prompt:

OV SSL Certificates can guarantee encrypted transmission, but also to prove the true identity of the website, higher security and trustworthiness, affordable, institutions site is a good choice.

 

Three, EV SSL Certificates

Also known as enhanced or extended SSL certificate, the English name: Extended Validation SSL Certificate. A new SSL certificate authentication standard strictly it is the authority and the major browser developers jointly developed by the digital certificate, is the industry's highest level of security the top SSL certificate.

Review the content:

Not only the need for ownership of the domain and website business identity scrutiny, but also increased the strict identity of third-party audits to ensure the authenticity of the certificate holders. The so-called third-party identity authentication, refers to the need authoritative third party guarantees.

Issuing period:

5-7 business days

Certificate Features:

If it is untrusted SSL certificates refused to show the browser address bar will turn red to warn the user.

Applicable scene:

Institutions site

   

II, common CA vendor comparison

 

 1, Comodo SSL certificates outstanding American provider, known for its rigorous product, which is characterized by low prices SSL certificate, issued by the fast, small and medium enterprises and individual users preferred brands ssl certificate.

Buy SSL Certificates Website: https://www.comodoca.com/

Comodo has now changed its name to Sectigo. URL is: https://sectigo.com/

 

2, Symantec (Symantec) is one of America's high-end ssl certificate provider, providing global authoritative and credible ssl digital certificates, compatible with most servers and browsers above, the use of strong encryption to protect the site and external networks to provide security for e-commerce and confidential communications. (August 2, 2017, DigiCert for $ 950 million cash and 30% equity DigiCert business acquisitions Symantec security certification business.)

Buy SSL Certificates Website: https://www.digicert.com/

 

3, Geotrust ssl digital certificate authority is also the leader in trusted identity authentication and certification in the field, the user can deploy low-cost SSL digital certificates to ensure the safety of institutions and enterprises of any size website.

Buy SSL Certificates Website: https://www.geotrust.com/

 

III, other items

First, whether it is DV, OV or EV certificates, encrypts the effect is the same!  The difference is that:

  • DV (Domain Validation), for individual users, the system is relatively weak security, authentication is the whois information to send messages to the mailbox to verify the message content by following;
  • OV (Organization Validation), for business users, DV certificate on the basis of certificate validation on the need to authorize the company, CA to verify the information by calling the library's telephone;
  • EV (Extended Validation), Github open a Web page, you'll see the URL address bar shows the information registered company, which will let users generate greater confidence to apply for such a certificate confirming addition to these two, the company also needs opening permit financial institutions to provide the required very strict.

OV and EV certificates are very expensive, the use of these certificates issued before that out of buying insurance, once the CA certificate provided by a problem, a certificate of compensation can reach 100w knife above.

 

Second, the single-domain SSL certificates and wildcard certificates define the difference between:

  Wildcard Certificates : Wildcard SSL certificates, also known as pan-domain SSL certificate to protect a domain name and domain name all lower-level domain, does not limit the number of lower-level domain name. For example: * anxinssl.com, blog.anxinssl.com, store.anxinssl.com, which does not limit the number of sub-domains, the follow-up to add a new sub-domains do not need to re-examine and additional cost.

  Single Domain SSL certificate : Single Domain SSL certificates protect a domain name may be a top-level domain (default and without the www www) domain may be two, for example: anxinssl.com single application domain SSL certificate may be www Protected. If you apply for the login.anxinssl.com, you can only protect this one.

Specific differences wildcard certificates and single domain SSL certificates:

  1) number of different domain name protection: Wildcard certificate can protect unlimited sub-domains under the same domain name, while the single-domain SSL certificates can only protect a domain name.

  2) support different authentication methods: Wildcard certificate authentication only DV SSL certificates and OV SSL certificate two kinds; and single-domain SSL certificates have a DV SSL certificates, OV SSL Certificates, EV SSL certificate three kinds.

  Notes: DV SSL Certificate: domain verification type; OV SSL certificates (proof-organization); EV SSL Certificate (Extended Validation type)

  3) different prices: single-domain SSL certificate is generally about as long as the hundred dollars, and cheap hair wildcard certificate is also required between 500 and 1000.

  4) applies different users: wildcard certificate for the domain name has a large number of two / child domain users for installation; single domain SSL certificates for a single application domain and a subsequent unplanned user to add a new domain.

 

Third, the conditions for the use of IP application for a certificate to be met as follows:

1, the public IP network (the IP network can not)

2, the applicant has administrative rights on this IP

3. The applicant must be an enterprise or organization (not individuals)

4, only ov ssl certificate can support IP applications

5, a single IP can apply for a certificate or a certificate IP, IP does not support wildcard segment

 

 

 Reference article:

https://www.barretlee.com/blog/2016/04/24/detail-about-ca-and-certs/

https://www.shuzizhengshu.com/html/zixun/mtbb/item-147.html

https://www.sohu.com/a/233532973_100086946

https://www.sslzhengshu.com/brand/index.html

https://www.sslzhengshu.com/article/post-838.html

https://www.zhihu.com/question/45395161

 

Guess you like

Origin www.cnblogs.com/suterfo/p/12365391.html
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com