没有域的SSL证书 [英] SSL certificate without a domain
问题描述
我有一堆node.js应用程序,它们通过websockets(ws://)将信息提供给apache网站.该网站本身没有域名,并且可以通过其IP地址访问(该地址不可转让,很不幸...)
I have a bunch of node.js apps serving information to an apache site via websockets (ws://). The site itself doesn't have a domain name and is accessed through its IP address (that's non-negotiable, unfortunately...)
问题如下:
-
在没有安全连接的情况下,浏览器将阻止ws://流量,所以我必须使用SSL 并保护网络套接字wss://
Without a secure connection, browsers will block the ws:// traffic, so I have to use SSL and secure websockets wss://
没有域名,我无法保护连接,除非通过生成自签名证书.
Without a domain name, I cannot secure the connection except by generating a self-signed certificate.
浏览器不信任自行生成的证书,并且显示错误证书不可信...".上次Chrome更新令消息更令人烦恼.
Self generated certificates are not trusted by browsers and display an error 'certificate not trusted...'. Last chrome update made it even more annoying to get through the message.
除此之外, IP会定期更改,并在发生时发送给用户(2-3人).因此,为特定IP颁发的证书不是理想的(如果免费,则可以解决刷新证书的麻烦).
In addition to that, the IP changes regularly and is sent to the users (2-3 people) when it happens. So a certificate issued for a specific IP wouldn't be ideal (if it's free I can deal with the hassle of refreshing the cert).
有人可以解决吗?
推荐答案
如果只有一个或两个用户,则可以创建自己的CA,然后让每个人都在其浏览器上安装它.但是,每次IP更改时,您仍然需要更新证书.google.ca/search?q=create+your+own+ca
If you only have a user or two, you could create your own CA, and have each person install it on their browser. You would still need to update the cert every time the IP changes though. google.ca/search?q=create+your+own+ca
这篇关于没有域的SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
