Basic principle and setting of omni-directional parsing HTTPS

Time:2021-10-16

We found that since 2017, Chrome browser has listed websites that can only be accessed through HTTP as “unsafe”, which forces website maintenance personnel to pay attention to HTTPS and gradually put the matter of configuring the website to be accessible through HTTPS on the agenda.

Differences between HTTP and HTTPS

There are countless articles on the comparison and technical description of the two on the Internet. Today, we put aside the complex technical terms and make a metaphor with war as an example to help you better understand.

What is HTTP?

It is simply understood as the communication transmission protocol between the local browser and the server to which the visited website belongs.

What is HTTPS?

It is simply understood as the connection between the local browser and the server to which the visited website belongsencryptionCommunication transmission protocol

In World War II, telephone and telegraph were the most common means of communication.

Telephone communication is clear text communication. The enemy or spy is easy to eavesdrop on the line, which will have disastrous consequences for the war.

Telegram communication is ciphertext communication. If both parties do not prepare a codebook in advance, it is difficult to understand the true meaning even after receiving the telegram signal.

agreement Communication subject Communication line encryption
website
HTTP Browser – Web server OSI application layer (virtual) port 80 nothing
HTTPS Browser – Web server OSI transport layer (virtual) 443 port CA certificate (also known as SSL certificate)
army
Telephone Superior subordinate Suppose wired telephone nothing
telegraph Superior subordinate radio Codebook

Conclusion: compared with ordinary communication, encrypted communication mainly includes a password scheme (CA certificate or password book) negotiated by both communication parties.

What are the benefits of HTTPS?

Since it is encrypted transmission, it plays a great role in scenes with high security requirements such as website login, payment and e-mail, which can prevent data from being stolen and changed during transmission and ensure data integrity.

In some scenarios, HTTPS is unnecessary, such as watching news and videos.

How HTTPS works

Just like telegraph communication, HTTPS works as follows:

1.Prior consultation: the browser manufacturer and the CA certificate manufacturer negotiate some excellent encryption schemes and form the regulations after reaching an agreement.

2.Domain name Association: since domain name is the most common access method of the website, it is necessary to apply for the corresponding CA certificate for domain name. The certificate applied for domain name a does not work for domain name B.

3.Encrypted connection: an encrypted transmission mode is established between the browser and the CA certificate on the server to realize HTTPS access.

Common browser manufacturers include Chrome / Firefox / ie, and Ca manufacturers include Symantec, Symantec, GeoTrust, etc

How to set HTTPS access?

1. Apply for a CA certificate for the website domain name (there may be 1-3 documents);

2. Download the CA certificate to the website server;

3. Set the path and HTTPS items related to the certificate in the Vhost configuration file corresponding to the website domain name.

The following is a typical setting of HTTPS under lamp:

<VirtualHost *:443>
ServerName  www.mydomain.com
DocumentRoot "/data/wwwroot/default"
#ErrorLog "logs/www.mydomain.com-error_log"
#CustomLog "logs/www.mydomain.com-access_log" common
<Directory "/data/wwwroot/default">
Options Indexes FollowSymlinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile  /data/cert/server.crt
SSLCertificateKeyFile  /data/cert/server.key
SSLCertificateChainFile  /data/cert/server-ca.crt
</VirtualHost>

This paper consists ofWebsoft9Original release, reprint, please indicate the source.