Asked by duncanb7
at 2024-05-12 21:36:57
Point:500 Replies:4 POST_ID:828554USER_ID:11059
Topic:
Miscellaneous Web Development;PHP Scripting Language;JavaScript
I hava concept and questions on HTTPS , hope you can help on it
1) Question-1 I know HTTPS using 443 port and HTTP using 80, could I use it on my share-server ?
But I try it before for my website but it didn't work such as
https//www.mysite.com instead of http://www.mysite.com. Is that
because my hosting company not allow me to do so ?
2) Question-2 If I get other PC for linux server, how can I let my sever
to accepte HTTPS ?
3) Question-3 I check it on wiki abotu server setup for HTTPS
-------Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol (HTTP) with the SSL/TLS protocol. It provides encrypted communication to prevent eavesdropping and to securely identify the web server with which you are actually communicating. Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems.
Server setupTo prepare a web server to accept HTTPS connections, the administrator must create a public key certificate for the web server. This certificate must be signed by a trusted certificate authority for the web browser to accept it without warning. The authority certifies that the certificate holder is the operator of the web server that presents it. Web browsers are generally distributed with a list of signing certificates of major certificate authorities so that they can verify certificates signed by them.
[edit] Acquiring certificatesAuthoritatively signed certificates may be free[6][7] or cost between US$8[8] and $1,500[9] per year. However, in the case of free certificate authorities such as CACert, popular browsers (e.g. FireFox, Internet explorer) may not include the trusted root certificates, which may cause untrusted warning messages to be displayed to end users. StartSSL is an example of a service offering free certificates with extensive browser support.
Organizations may also run their own certificate authority, particularly if they are responsible for setting up browsers to access their own sites (for example, sites on a company intranet, or major universities). They can easily add copies of their own signing certificate to the trusted certificates distributed with the browser.
There also exists a peer-to-peer certificate authority, CACert.
[edit] Use as access controlThe system can also be used for client authentication in order to limit access to a web server to authorized users. To do this, the site administrator typically creates a certificate for each user, a certificate that is loaded into his/her browser. Normally, that contains the name and e-mail address of the authorized user and is automatically checked by the server on each reconnect to verify the user's identity, potentially without even entering a password.
I must have SSL Cerification and put it on my server by server administor(myself) before
server up for HTTPS , is that Right ? Where I get the Cerification ? What
is different betweeen Cerification and Authenority Key ?
Question-4, On Client side browser such as on user PC window xp computer,
suppose All browser automatically accept all HTTPS coming stream data by default, is it
Right ? Can I switch my browsers to accept HTTPS or NOT ?
Please Advise
Duncan
1) Question-1 I know HTTPS using 443 port and HTTP using 80, could I use it on my share-server ?
But I try it before for my website but it didn't work such as
https//www.mysite.com instead of http://www.mysite.com. Is that
because my hosting company not allow me to do so ?
2) Question-2 If I get other PC for linux server, how can I let my sever
to accepte HTTPS ?
3) Question-3 I check it on wiki abotu server setup for HTTPS
-------Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol (HTTP) with the SSL/TLS protocol. It provides encrypted communication to prevent eavesdropping and to securely identify the web server with which you are actually communicating. Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems.
Server setupTo prepare a web server to accept HTTPS connections, the administrator must create a public key certificate for the web server. This certificate must be signed by a trusted certificate authority for the web browser to accept it without warning. The authority certifies that the certificate holder is the operator of the web server that presents it. Web browsers are generally distributed with a list of signing certificates of major certificate authorities so that they can verify certificates signed by them.
[edit] Acquiring certificatesAuthoritatively signed certificates may be free[6][7] or cost between US$8[8] and $1,500[9] per year. However, in the case of free certificate authorities such as CACert, popular browsers (e.g. FireFox, Internet explorer) may not include the trusted root certificates, which may cause untrusted warning messages to be displayed to end users. StartSSL is an example of a service offering free certificates with extensive browser support.
Organizations may also run their own certificate authority, particularly if they are responsible for setting up browsers to access their own sites (for example, sites on a company intranet, or major universities). They can easily add copies of their own signing certificate to the trusted certificates distributed with the browser.
There also exists a peer-to-peer certificate authority, CACert.
[edit] Use as access controlThe system can also be used for client authentication in order to limit access to a web server to authorized users. To do this, the site administrator typically creates a certificate for each user, a certificate that is loaded into his/her browser. Normally, that contains the name and e-mail address of the authorized user and is automatically checked by the server on each reconnect to verify the user's identity, potentially without even entering a password.
I must have SSL Cerification and put it on my server by server administor(myself) before
server up for HTTPS , is that Right ? Where I get the Cerification ? What
is different betweeen Cerification and Authenority Key ?
Question-4, On Client side browser such as on user PC window xp computer,
suppose All browser automatically accept all HTTPS coming stream data by default, is it
Right ? Can I switch my browsers to accept HTTPS or NOT ?
Please Advise
Duncan
