使用自签名证书访问localhost Web服务器时解决浏览器安全警告的其他方法 [英] Other way to fix browser security warning when accessing localhost web server with self signed certificate
问题描述
我知道将证书导入浏览器信任库可以消除该警告,但这是唯一的解决方法吗?是否可以使用域(具有有效的SSL)来反向代理localhost Web服务器:将用户的请求重定向到localhost?
I know importing the certificate into browser trust store can dismiss the warning, but is it the only workaround? Is it possible using a domain (with a valid SSL) to reverse proxy the localhost web server: redirecting user's request to the localhost?
推荐答案
如果您有一个外部域和一个有效的证书(即证书和密钥),则可以将本地服务器配置为服务于该域并使用此证书.为了确保对该域的任何本地请求实际上到达本地服务器而不是外部IP,您需要适当的名称解析.例如,可以通过修改 hosts 文件(即UNIX上的/etc/hosts , c:\ Windows \ System32 \ Drivers \ etc \ hosts 在 Windows 上).
If you have an external domain and a valid certificate for it (i.e. both certificate and key) you could configure your localhost server to serve this domain and use this certificate. To make sure that any local requests to this domain actually reach your local server instead of the external IP you need the appropriate name resolution though. This can be done for example by modifying the hosts file (i.e. /etc/hosts on UNIX, c:\Windows\System32\Drivers\etc\hosts on Windows).
换句话说:
- 配置本地Web服务器以期望对
example.com而不是localhost的请求,即,为example.com ,然后将期望的名称配置为example.com. - 修改本地
hosts文件以使用127.0.0.1解析example.com. - 使用URL
https://example.com使用本地浏览器访问本地Web服务器.由于更改了本地hosts文件,它将使用127.0.0.1作为example.com的IP地址,从而访问本地Web服务器.这将为example.com提供公众信任的证书,以便浏览器不会抱怨(发出者CA受信任,并且证书的主题与URL匹配).
- Configure the local web server to expect requests for
example.cominstead oflocalhost, i.e. set certificate and key you have forexample.comand configure the expected name toexample.com. - Modify the local
hostsfile to resolveexample.comwith127.0.0.1. - Access the local web server with the local browser by using the URL
https://example.com. Due to the changed localhostsfile it will use127.0.0.1as the IP address forexample.comand thus access the local web server. This will provide the publicly trusted certificate forexample.comso that the browser will not complain (issuer CA is trusted and subject of certificate matches the URL).
如果要访问真实的(外部) example.com ,请记住将本地 hosts 文件改回原位.
Remember to change your local hosts file back if you want to access the real (external) example.com.
这篇关于使用自签名证书访问localhost Web服务器时解决浏览器安全警告的其他方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
