我需要在服务器A和服务器B上的SSL来处理cURL请求,或者我只需要在服务器B上? [英] would I need SSL on Server A and Server B for handling a cURL request or could I just have it on Server B?
问题描述
我需要从服务器A 到服务器B 执行CURL请求。
问题是,服务器A 将是MANY不同的服务器:
这将在类似于WordPress的项目中实现,其中用户下载软件并将其安装在他们的域(服务器持有用户域,将服务器A <强>)。因此,我希望我不需要在服务器A 上添加SSL,因为这意味着我必须强制我的用户购买SSL证书。
因此,在CURL请求中发送敏感信息时,我是否需要双方都需要SSL,或者我可以在服务器B 上放开它,它仍然安全吗? / p>
欢迎使用任何其他建议。 :)
对于从服务器A到服务器B的连接 em>,服务器A 不是服务器,而是客户。您需要使用cURL来编译SSL / TLS库以支持HTTPS连接,但cURL(或使用libcurl的任何内容)将作为客户端。
我怀疑最多现在的cURL的安装是针对OpenSSL或LibNSS编译的。大概,你可能通过PHP指的是cURL,在这种情况下你应该能够检查 phpinfo 。 (只是想连接到一个 https URL也可能给你一个指示:如果你得到一个错误,这不是编译SSL支持 ,您可能必须升级您的PHP / cURL安装。)
客户端可能需要做的是配置您愿意信任的CA证书类似于任何HTTPS连接)。 cURL作为设置CA文件/ CA路径的选项。
此外,虽然没有严格要求在服务器A上启用HTTPS (客户端),您可能需要考虑它,具体取决于您是否在由服务器A 提供的页面上显示从服务器B 获取的任何敏感信息。这是否需要真的取决于你对这些信息做什么。 (请注意,在这种情况下,在服务器A上启用SSL几乎与配置客户端完全分开。)
I need to do a CURL request from Server A to Server B.
Some sensitive information will be parsed from Server A, which I need to secure.
The problem is, Server A will be MANY different servers: This will be implemented in a project similar to WordPress, where users download the software and install it on their domain(s) (which ever server holds the users domain, will be Server A). So I'm hoping I don't need to have SSL on Server A, because that would mean I have to force my users to purchase an SSL certificate.
So, would I need SSL on both sides when sending sensitive information in a CURL request, or could I just get away with having it on Server B, with it still being secure?
Welcome to any alternative suggestions too. :)
As far as the connection from Server A to Server B is concerned, Server A isn't a server, it's a client. You will need cURL to have been compiled against SSL/TLS libraries to support HTTPS connections, but cURL (or whatever uses libcurl) will behave as a client.
I suspect most installations of cURL nowadays come compiled against OpenSSL or LibNSS. Presumably, you might be referring to cURL via PHP, in which case you should be able to check that in phpinfo. (Just trying to make a connection to an https URL might also give you an indication: if you get an error along the lines of "this wasn't compiled with SSL support", you may have to upgrade your PHP/cURL installation.)
What you may need to do on the client side is configure the CA certificates you're willing to trust (like for any HTTPS connection). cURL as options to set up a CA file/CA path.
In addition, while there is no strict requirement for enabling HTTPS on Server A (the client), you might want to consider it, depending on whether you display any of the sensitive information obtained from Server B on a page served by Server A. Whether this is required really depends on what you do with this information. (Note that, in this case, enabling SSL on Server A would almost be completely separate from configuring the client.)
这篇关于我需要在服务器A和服务器B上的SSL来处理cURL请求,或者我只需要在服务器B上?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
