为什么不能在 HTTPS 中使用 CNAME 重定向 [英] Why isn’t it possible to use a CNAME redirect with HTTPS
问题描述
此 Google Storage 文档页面指出您只能将 CNAME 重定向用于 HTTP,而不是 HTTPS.
但我看不出有任何原因.谁能解释一下为什么?
This Google Storage documentation page states that You can use a CNAME redirect only with HTTP, not with HTTPS.
But I cannot see any reason for that. Can anyone explain me why?
推荐答案
假设你有一个 CNAME 记录:
Assume you have a CNAME record:
travel-maps.example.com CNAME c.commondatastorage.googleapis.com.
浏览器解析名称 travel-maps.example.com
并获取 c.commondatastorage.googleapis.com
的 IP,然后连接到该地址的 443 端口.
Browser resolves name travel-maps.example.com
and gets IP for c.commondatastorage.googleapis.com
, then connects to port 443 of this address.
具有此 IP 的服务器不可能[1]为 travel-maps.example.com
(以及所有其他具有此类 CNAME 记录的域名)提供适当的证书.只有 example.com
域所有者可以获得他自己域的可信证书.
Server with this IP couldn't possibly[1] have proper certificate for travel-maps.example.com
(and all other domain names with CNAME records like this). Only example.com
domain owner could get a trusted cert for his own domain.
[1] 除非您将证书上传到 CDN 网络,这是当今常见的功能.
[1] Unless you uploaded the certificate to the CDN network which is a common feature nowadays.
这篇关于为什么不能在 HTTPS 中使用 CNAME 重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!