HTTP - transferring data by text (When router highjacked, data can be stolen)
HTTPS - encrypt text data by SSL/TLS.
Requires server to have a certificate signed by Certificate Authority. The certificate contains public key of server, CA Name, CA signature, client such as browser , GIT CURL, Tortois SVN has preinstalled CA Names, and CA public key to decrypt CA signature, once verified, symmetric key will be create on Client and use server public key to encrypt, sever decrypts this symmetric key using server private key and data exchange is done through encryption decryption using symmetric key.
Certificate is only assigned to domain or public IP.
https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name
The short answer is yes, as long as it is a public IP address.
Issuance of certificates to reserved IP addresses is not allowed, and all certificates previously issued to reserved IP addresses were revoked as of 1 October 2016.
According to the CA Browser forum, there may be compatibility issues with certificates for IP addresses unless the IP address is in both the commonName and subjectAltName fields. This is due to legacy SSL implementations which are not aligned with RFC 5280, notably, Windows OS prior to Windows 10.
Two major cert authority lets encrypt and digi cert. digi cert is paid but works on windows. lets encrypt is free but only works on windows
No comments:
Post a Comment