仅用于 API 的 SSL 证书还是客户需要它们? [英] SSL Certificates for just API or do clients need them to?

问题描述

我有一个 RESTFul API，我想使用 SSL 证书来保护它.如果我要获得一些 SSL 证书，我是否需要为使用我的 API 的每个 Web 客户端单独提供一个证书，还是 API 是唯一需要证书的东西?

I have a RESTFul API that I want to secure using SSL Certs. If I were to get some SSL certificates, would I need separate ones for each of my web clients that use my API or would the API be the only thing that needs the certificate?

推荐答案

SSL 证书安装在托管 REST API 的 Web 服务器上.客户端无需拥有证书即可与您的服务器安全地交换数据.

The SSL certificate is installed on your web server hosting your REST API. The clients don't need to have a certificate to securely exchange data with your server.

想想您可能使用的所有电子银行/电子购物网站.您无需在计算机上专门安装任何证书即可使用它们.只要您信任向这些网站颁发证书的证书颁发机构(由您的计算机透明处理)，您的计算机就可以通过 SSL 连接到它们.

Think about all the e-banking/e-shopping sites that you probably use. You don't specifically install any certificates on your computer to be able to use them. As long as you trust the certification authority that issued the certificates to those websites (handled by your computer transparently), your computer can connect to them over SSL.

因此，只要您自己服务器的 SSL 证书有效并由受信任的证书颁发机构颁发，您的客户端就能够通过 SSL 安全地连接，而无需单独的证书.

So, as long as your own server's SSL certificate is valid and issued by a trusted certification authority, your clients will be able to connect securely over SSL without needing separate certificates.

这篇关于仅用于 API 的 SSL 证书还是客户需要它们?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！