现代浏览器仍然支持自签名证书吗？ [英] Are self-signed certificates still supported in modern browsers?

问题描述

AFAIK，为mydomain.com购买生产SSL证书是一种常见的情况，并且在开发过程中使用CN localhost的自签名证书（例如使用java的keytool）。

为了安全起见，Firefox（33）和Chrome（39）的最新版本似乎禁止使用这种方法。

那对吗？如果是这样的话，那么这些浏览器希望你在开发过程中采取的新方法是什么？解决方案

是的，自签名证书仍然受到大多数市长网页浏览器的支持。但是，它必须安装在特定网络浏览器（例如Firefox，Opera）或系统证书存储区（例如Internet Explorer，Chrome，Safari）的信任存储中。

目前没有任何预期打破这种行为，因为许多网络管理设备（路由器，无线AP等）仍然使用自签名证书来保护通信。

AFAIK, it was a common scenario to buy a production SSL certificate for mydomain.com, and use a self-signed certificate (eg using java's keytool) for CN localhost to use during development.

In the interests of security, it seems that very recent versions of Firefox (33) and Chrome (39) may forbid this approach.

Is that correct? If so, what is the new-fangled approach these browsers expect you to take during development?

解决方案

Yes, self-signed certificates are still supported by most mayor web browsers. However, it must be installed in the trust store of particular web browser (e.g. Firefox, Opera) or in the system certificate store (e.g. Internet Explorer, Chrome, Safari).

And currently there is no expectations to break this behavior, because many network-managed devices (routers, wireless AP, etc.) still use self-signed certificate to protect the traffic.

这篇关于现代浏览器仍然支持自签名证书吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！