没有域的 SSL 证书 [英] SSL certificate without a domain
问题描述
我有一堆 node.js 应用程序通过 websockets (ws://) 向 apache 站点提供信息.网站本身没有域名,是通过其 IP 地址访问的(这是不可协商的,不幸的是...)
I have a bunch of node.js apps serving information to an apache site via websockets (ws://). The site itself doesn't have a domain name and is accessed through its IP address (that's non-negotiable, unfortunately...)
问题如下:
如果没有安全连接,浏览器将阻止 ws://流量,所以我必须使用 SSL 和安全的 websockets wss://
Without a secure connection, browsers will block the ws:// traffic, so I have to use SSL and secure websockets wss://
没有域名,我无法保护连接,除非通过生成自签名证书.
Without a domain name, I cannot secure the connection except by generating a self-signed certificate.
浏览器不信任自行生成的证书,并且显示错误证书不受信任...".最后一次 chrome 更新使通过消息变得更加烦人.
Self generated certificates are not trusted by browsers and display an error 'certificate not trusted...'. Last chrome update made it even more annoying to get through the message.
除此之外,IP 会定期更改,并在发生时发送给用户(2-3 人).因此,为特定 IP 颁发的证书并不理想(如果它是免费的,我可以处理刷新证书的麻烦).
In addition to that, the IP changes regularly and is sent to the users (2-3 people) when it happens. So a certificate issued for a specific IP wouldn't be ideal (if it's free I can deal with the hassle of refreshing the cert).
有没有人有解决办法?
推荐答案
如果您只有一两个用户,您可以创建自己的 CA,并让每个人在他们的浏览器上安装它.每次 IP 更改时,您仍然需要更新证书.google.ca/search?q=create+your+own+ca
If you only have a user or two, you could create your own CA, and have each person install it on their browser. You would still need to update the cert every time the IP changes though. google.ca/search?q=create+your+own+ca
这篇关于没有域的 SSL 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
