Firebase云功能/托管SSL固定 [英] Firebase cloud functions/ hosting ssl pinning
问题描述
我的支付网关要求将ssl证书固定在我这边的支付网关端点.
My payment gateway requires ssl certificate pinning for their payment gateway endpoint on my side.
Firebase是否支持针对云功能/托管的ssl固定?
Does Firebase support ssl pinning for cloud functions/hosting?
我在官方文档或网络上的任何其他地方都找不到此信息.
I can't find this information in the official documentation or anywhere else on the net.
在银行的技术要求表格中发布的详细信息:
Details published in the bank's technical requirements form:
- 响应URL和端口号
指定响应URL和端口号,以便我们向您发送付款通知. - SSL证书:
(用于与您的响应URL建立安全连接.)
标准SSL证书颁发机构是Comodo或Versign.
请为分别与UAT和生产URL关联的两种环境上载SSL证书.SSL证书可以采用.cer或.crt格式,也可以将其压缩为一个zip文件.注意:如果您提供的SSL证书不正确,付款通知将无法到达您.
推荐答案
这里描述的是一个非常奇怪的要求-听起来他们在告诉您必须向他们提供您的网站正在运行的特定SSL证书
What is described here is a really strange requirement -- it sounds like they're telling you you have to provide them with the specific SSL certificate your site is running.
对于几乎所有情况,这都是不现实的,因为SSL证书会在一年后过期,尤其是对于Firebase Hosting(证书仅持续三个月)而言,这是不现实的.
This is unrealistic for nearly all cases as SSL certificates expire after a year, and particularly unrealistic for Firebase Hosting where certificates only last for three months.
您应该能够为您的Firebase托管站点下载证书(请参见例如
You should be able to download the certificate for your Firebase Hosting site (see e.g. this ServerFault question) and upload it to your bank, but the certificate is going to change approximately every two months.
我很想与您的银行联系,向他们询问有关此要求的更多信息,因为这似乎很奇怪,而且负担太重.也许他们只是想在信任链中索要根证书?如果是这种情况,您可以提供Let's Encrypt根证书,并且暂时还可以(请注意:Firebase Hosting不能保证无限期地保留相同的证书颁发机构).
I'd reach out to your bank and ask them more about this requirement, as it seems bizarre and unduly burdensome. Perhaps they are merely trying to ask for the root certificate in the trust chain? If that's the case, you can provide the Let's Encrypt root certificate and it should be fine for the time being (note: Firebase Hosting does not make a promise of keeping the same certificate authority indefinitely).
这篇关于Firebase云功能/托管SSL固定的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
