SSL证书 - 我需要为重定向到另一个域的域购买SSL [英] SSL Cert - Do I need to purchase SSL for a Domain that redirects to another Domain
问题描述
请指教。
谢谢,
Alpha
发布HTTP级重定向的能力是独立的原始或目标站点是否受HTTPS(SSL / TLS)保护和对应的证书。重定向可以以任何组合的形式发行,特别是所有这些都是允许的:
FROM TO
http:// www .example.com http://www.other.example
http://www.example.com https://www.other.example
https://www.example.com http: //www.other.example
https://www.example.com https://www.other.example
在发生任何这些HTTP重定向之前,客户端必须能够使用FROM服务器建立有效的HTTP请求。如果 www.example.com
是任何人都可以使用的互联网访问网站,和使用HTTPS,那么它必须使用证书;最好由认可的CA(认证机构)签署。但是,这个问题不是针对重定向主题的具体内容。它将适用于对该服务器的任何请求,应被视为单独的关注。
对OP的问题的解释是:不,重定向的来源不需要使用SSL / TLS进行安全,只是为了发布重定向到受保护的站点。(表2中的情况2
可能还有其他原因,为什么始发服务器应该使用HTTPS,但不是要求只是为重定向的能力。请注意,在某些情况下(例如情况3),浏览器可能会警告用户是否从HTTPS上下文重定向到不安全页面。
Quick dumb question but want to make sure. I need to redirect www.example.com to www.example1.com. www.example1.com is already secured with a SSL cert. Do i need to purchase a SSL cert for www.example.com? I am assuming 'No' because the redirect is landing on a page that is aready secured.
Please advise.
Thanks, Alpha
The ability to issue an HTTP-level redirect is independent of whether the original or destination sites are protected by HTTPS (SSL/TLS) and a corresponding certificate. Redirects may be issued in any combination, specifically all of these are allowed:
FROM TO
http://www.example.com http://www.other.example
http://www.example.com https://www.other.example
https://www.example.com http://www.other.example
https://www.example.com https://www.other.example
Before any of these HTTP redirects to take place, the client must be able to establish a valid HTTP request with the "FROM" server. If www.example.com
is an Internet-accessible site intended to be used by anyone, and it uses HTTPS, then it must use a certificate; preferably, one signed by a recognized CA (Certificate Authority). However, this concern is not specific to the topic of redirects; it would apply to any request to that server and should be treated as a separate concern.
The answer to my interpretation of the OP's question is: No, the source of a redirect does not need to be secured with SSL/TLS merely in order to issue a redirect to a protected site. (Case 2 in my table above.)
There may be other reasons why the originating server should use HTTPS, but it is not a requirement merely for the ability to redirect. Note that in some cases (e.g. case 3) a browser may warn the user if redirecting to an insecure page from an HTTPS context.
这篇关于SSL证书 - 我需要为重定向到另一个域的域购买SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!