如何在服务器上签名SSL [英] How to Sign ssl on server

问题描述

我正在使用mosquitto代理服务器.我已按照此处的说明启用了ssl: http://www.steves-internet-guide .com/mosquitto-tls/

I am using mosquitto broker server. I have enabled ssl as instructed here: http://www.steves-internet-guide.com/mosquitto-tls/

但这是自签名证书.我只读过有关将ssl添加到网站的信息.如何将ssl添加到mosquitto服务器，以便可以从https上的站点进行访问.

But this is self signed certificate. I have only read about adding ssl to websites. How do I add ssl to a mosquitto server so that it can be accessed from sites on https.

我应该从CA购买证书，然后按照链接中给出的步骤进行操作吗?

Should I buy a certificate from a CA and then follow the steps given in the link?

我不知道如何将ssl添加到服务器

I don't know how I would add ssl to a server

推荐答案

假定您希望任何人都可以使用您的站点，而不仅仅是可以直接控制浏览器的站点(可以在其中将自己的CA添加到受信任列表中).

Assuming you want your site to be used be anybody and not just browsers you have direct control over (where you could add your own CA to the trusted list).

您将需要获得由受信任的CA签名的证书(可以是已购买的证书，也可以从诸如LetsEncrypt的提供商那里获得)，以便浏览器将允许连接完成.

You will need to obtain a certificate signed by a trusted CA (this could be a purchased one or from a provider like LetsEncrypt) so the browser will allow the connection to complete.

浏览器不会像加载网页一样提示用户接受不可信(例如，自签名)的Websocket连接证书.

The browsers will not prompt a user to accept a untrusted (e.g. self signed) certificate for a websocket connection as it does for loading a webpage.

拥有受信任的证书后，您将需要遵循特定于要使用的代理的说明，将其配置为使用证书.

Once you have a trusted certificate then you will need to follow the instructions specific to the broker you are using to configure it to use the certificate.

这篇关于如何在服务器上签名SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！