多域SSL? [英] Multi domain SSL?

问题描述

一位同事告诉我，当您通过SSL访问网站时，证书不再保证您实际上与预定的收件人打交道.这是由于称为多域SSL证书"的缘故.谷歌快速搜索似乎表明它们存在-但我始终对SSL提供的加密和身份验证印象深刻.不再是这种情况了吗?当然这是朝错误方向迈出的一步?

A co-worker told me that when you visit a website over SSL the certificate no longer guarantees that you're actually dealing with the intended recipient. This is due to something called "multi-domain SSL certificates". A quick google search seems to show these exist - but I was always under the impression SSL provided encryption and authentication. Is this no longer the case? Surely this is a step in the wrong direction?

推荐答案

有通配符证书，该证书允许一个域中的所有主机都被同一证书覆盖.它们的发行成本更高(因为CA不会像您订购多个单独的单域证书那样赚钱)，但是当您需要使用ssl覆盖域中的多个主机名时，可以相当节省.

There are wildcard certificates, which allow all hosts in one domain to be covered by the same cert. They're more expensive to get issued (since the CAs wouldn't make as much money as if you'd ordered multiple separate single-domain certs), but when you need to cover multiple hostnames in your domain with ssl, it can be quite a savings.

正确发行的证书将至少包含一个主机名，例如www.example.com.加上通配符，可以覆盖* .example.com.

A properly issued cert will cover at LEAST one host name, like www.example.com. And with wildcarding, can cover *.example.com.

SSL本身无法保证身份验证的任何内容-只是对链接进行了加密.任何证书都可以为您做到这一点-甚至是自签名证书.您从商业"证书中获得的是(从理论上)值得信赖的第三方，他说:我们已经证实该www.example.com证书的使用人确实是www.example.com".

SSL by itself guarantees nothing in the way of identification - simply that the link is encrypted. Any certificate will do that for you - even self-signed ones. What you get with the "commercial" certs is a (theoretically) trustworthy third party saying "we've verified that the person who this www.example.com certificate was issused to really is www.example.com"

这篇关于多域SSL?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！