SSL如何使用对称和非对称加密?我如何管理一个主机上的多个站点的认证? [英] How does SSL use symmetric and asymmetric encryption? And how do I manage certificated for multiple sites on one host?
问题描述
首先,Microsoft TechNet的管理Microsoft证书服务和SSL :
First, some quotation from Microsoft TechNet's Managing Microsoft Certificate Services and SSL:
要概述,使用以下技术确保SSL会话安全:
To recap, secure SSL sessions are established using the following technique:
-
用户的Web浏览器使用安全的URL联系服务器。
The user's Web browser contacts the server using a secure URL.
IIS服务器将浏览器发送给其公共密钥和服务器证书。
The IIS server sends the browser its public key and server certificate.
客户端和服务器协商用于
安全通信的加密级别。
The client and server negotiate the level of encryption to use for the secure communications.
客户端浏览器使用服务器的公共
密钥加密会话密钥,并将加密数据发回
到服务器。
The client browser encrypts a session key with the server's public key and sends the encrypted data back to the server.
IIS服务器使用其私人
密钥解密客户端发送的消息,并建立会话。
The IIS Server decrypts the message sent by the client using its private key, and the session is established.
客户端和服务器都使用会话密钥t o加密和解密
传输的数据。
Both the client and the server use the session key to encrypt and decrypt transmitted data.
,SSL使用不对称加密(公/私钥对)传递共享会话密钥,最后通过对称加密实现通信方式。
So, basically speaking, the SSL use the asymmetric encryption (public/private key pair) to deliver the shared session key, and finally achieved a communication way with symmetric encryption.
这是对吗?
我正在使用IIS托管我的网站。假设我的单机上有多个站点,我希望客户端浏览器使用SSL URL来连接我的站点。我需要多少证书?我应该采取以下哪种方法?
I am using IIS to host my websites. Suppose I have multiple sites on my single machine, and I want the client brower to use SSL URL to connect my sites. How many certificates do I need? Which of the following approach should I take?
1 - 申请单一证书并将其与托管多个站点的单机服务器相关联。
1 - Apply for a single certicate and associate it to my single server machine which hosts mutiple sites.
2 - 申请几个证书,并将每个网站与自己的证书关联。
2 - Apply for several certificates and associate each of my sites with its own certificate.
在IIS7中,似乎我只能做方法1。
In IIS7, it seems I could only do approach 1.
我想出来。我可以在我的服务器上安装多个证书,并根据需要使用单独的证书绑定每个站点。
I figure it out. I could install mutiple certificates on my server machine and bind each site with seperate certificate as necessary.
推荐答案
是的,没错。非对称加密是验证其他身份所必需的,然后对称加密被使用,因为它更快。
Yes, that's right. Asymmetric encryption is necessary to verify the others identity and then symmetric encryption gets used because it's faster.
这篇关于SSL如何使用对称和非对称加密?我如何管理一个主机上的多个站点的认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
