https协议和SSL证书之间的区别 [英] Difference between https protocol and SSL Certificate

问题描述

我们在网络浏览器中使用的https协议和SSL证书有什么区别?

What is difference between https protocol and SSL Certificate that we use in web browser?

这两个都不都是用来加密客户端(浏览器)和服务器之间的通信的吗?

Aren't both of these used to encrypt communication between client (browser) and server?

推荐答案

HTTPS是HTTP(超文本传输​​协议)加上SSL(安全套接字层).您需要证书才能使用任何使用SSL的协议.

HTTPS is HTTP (HyperText Transfer Protocol) plus SSL (Secure Socket Layer). You need a certificate to use any protocol that uses SSL.

SSL允许任意协议进行安全通信.它使客户端能够(a)验证他们确实在与他们期望的服务器通信，而不是中间人；以及(b)加密网络流量，以使除客户端和服务器之外的其他各方都无法看到通信.

SSL allows arbitrary protocols to be communicated securely. It enables clients to (a) verify that they are indeed communicating with the server they expect and not a man-in-the-middle and (b) encrypt the network traffic so that parties other than the client and server cannot see the communication.

SSL证书包含公共密钥和证书颁发者.客户端不仅可以使用证书与服务器进行通信，还可以验证证书是否由官方证书颁发机构加密签名.例如，如果您的浏览器信任VeriSign证书颁发机构，并且VeriSign签署了我的SSL证书，则您的浏览器将固有地信任我的SSL证书.

An SSL certificate contains a public key and certificate issuer. Not only can clients use the certificate to communicate with a server, clients can verify that the certificate was cryptographically signed by an official Certificate Authority. For example, if your browser trusts the VeriSign Certificate Authority, and VeriSign signs my SSL certificate, your browser will inherently trust my SSL certificate.

这里有一些不错的读物: http://en.wikipedia.org/wiki/Transport_Layer_Security

There's some good reading here: http://en.wikipedia.org/wiki/Transport_Layer_Security

这篇关于https协议和SSL证书之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！