为什么不能在 HTTPS 中使用 CNAME 重定向 [英] Why isn’t it possible to use a CNAME redirect with HTTPS

问题描述

此 Google Storage 文档页面指出您只能将 CNAME 重定向用于 HTTP，而不是 HTTPS. 但我看不出有任何原因.谁能解释一下为什么?

This Google Storage documentation page states that You can use a CNAME redirect only with HTTP, not with HTTPS. But I cannot see any reason for that. Can anyone explain me why?

推荐答案

假设你有一个 CNAME 记录:

Assume you have a CNAME record:

travel-maps.example.com CNAME c.commondatastorage.googleapis.com.

浏览器解析名称 travel-maps.example.com 并获取 c.commondatastorage.googleapis.com 的 IP，然后连接到该地址的 443 端口.

Browser resolves name travel-maps.example.com and gets IP for c.commondatastorage.googleapis.com, then connects to port 443 of this address.

具有此 IP 的服务器不可能[1]为 travel-maps.example.com(以及所有其他具有此类 CNAME 记录的域名)提供适当的证书.只有 example.com 域所有者可以获得他自己域的可信证书.

Server with this IP couldn't possibly[1] have proper certificate for travel-maps.example.com (and all other domain names with CNAME records like this). Only example.com domain owner could get a trusted cert for his own domain.

[1] 除非您将证书上传到 CDN 网络，这是当今常见的功能.

[1] Unless you uploaded the certificate to the CDN network which is a common feature nowadays.

这篇关于为什么不能在 HTTPS 中使用 CNAME 重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！