前端和后端都需要ssl证书吗? [英] Do we need ssl certificate for both front end and backend?
问题描述
我们有2个Rails应用程序(一个用于前端,另一个用于后端(api)托管在2个不同的服务器上.用户来到我们的前端应用程序并填写订单).然后将json请求发送到后端,然后后端发送确认json对前端的响应.只能从我们的办公地址访问后端,并且将其设置为仅与我们的前端应用通信.
We have 2 Rails app (one for front end and other for backend(api) hosted on 2 different servers. User comes to our front end app and fills the order form. We then send json request to backend and backend send confirmation json response to front end. Backend is only accessible from our office address and is setup to communicate to only our front end app.
今天,我们从DigiCert购买了用于前端应用程序的EV ssl证书,一切正常.但是,由于我们的后端没有ssl证书,这是否意味着从前端到后端传递的所有数据都不会被加密?
Today we purchased EV ssl certificate for our front end app from DigiCert and everything is work fine. But since we don't have ssl certificate on backend, does that means that what ever data we are passing from our front end to backend will be unencrypted?
- 前端和后端服务器都需要ssl证书吗?
- 仅后端服务器向我们的前端应用程序发出请求,并且没有其他客户端连接到我们的后端吗?那么我可以将自签名或廉价的SSL证书用于后端吗?
- 还是我应该从
DigiCert购买另一份ssl证书? (有点贵)
- Do we need ssl certificate for both front end and back end servers?
- Our backend only servers request to our front end app and no other clients are connect to our backend? So can I use a self-signed or cheap SSL certificate for backend?
- Or shall I buy another ssl certificate from
DigiCert? (bit expensive)
我已经经历了几个堆栈溢出问题,并且似乎建议在两个服务器上都安装ssl.这是我第一次尝试在服务器上设置ssl证书,因此在我为后端应用程序购买另一个ssl证书之前,只想仔细检查一下即可.
I have already gone through couple of stack overflow questions, and looks like suggestion is to install ssl in both servers. This is my first time trying to set up ssl certificates on servers, so just want to double check before I buy another ssl certificate for our backend app.
更新
我发现几乎没有便宜的ssl证书提供,人们对像这样的便宜提供商的建议是什么 https://cheapsslsecurity.com .au/
I found few cheap ssl certificate provides, what are people suggestions towards cheaper provider like this one https://cheapsslsecurity.com.au/
推荐答案
是的,您将需要SSL作为后端.那是存储所有逻辑和数据的重要位置.在前端不是那么重要,但是如果您要处理付款或任何其他机密信息,是的,那么您确实需要在前端使用它.
Yes, you will need SSL for your backend. that is the important place where all the logic and data is being stored. On the front-end not so important, but if you are tackling with payment or any other confidential information yes, you do need it in front-end.
在公共网站上使用自签名的风险
Risk of Using Self-Signed on Public Sites
与自签名SSL证书关联的安全警告 担心网站不安全而驱赶潜在客户 他们的凭证.品牌声誉和客户信任都是 损坏的.
The security warnings associated with self-signed SSL Certificates drive away potential clients for fear that the website does not secure their credentials. Both brand reputation and customer trust are damaged.
我将完全同意此文章,请勿使用自签名SSL,尤其是在处理付款时.对于内部测试,您可以.但是在生产过程中,强烈建议不要使用它.相反,请使用证书颁发机构
I will totally agree with this article, not to use self-signed SSL, especially when dealing with payment. For internal testing, you may. But while in production, highly recommended not to use it. Instead go with SSLs that are with Certificate Authority
参考: https://www.thawte.com/ssl/
这篇关于前端和后端都需要ssl证书吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
