付费 SSL 证书与免费 SSL 证书
Paid SSL certificate vs Free SSL Certificate
购买自定义 SSL 证书与从 Let's Encrypt 提供的免费证书中获取证书之间的主要区别(可能是 pro/con 列表)是什么。
这就是在我们的 Web 应用程序
中使用简单的 https
P.S相信你明白我在做什么。
主要的实际区别是在所有浏览器和第三方系统中都受信任,例如 Android、iOS 或 Windows。
Lets encrypt 已考虑到此限制并提出了一个解决方案,您可以在其网站上阅读 https://letsencrypt.org/certificates/
Our intermediate is signed by ISRG Root X1
. However, since we are a very new certificate authority, ISRG Root X1
is not yet trusted in most browsers. In order to be broadly trusted right away, our intermediate is also cross-signed by another certificate authority, IdenTrust
, whose root is already trusted in all major browsers. Specifically, IdenTrust has cross-signed our intermediate using their DST Root CA X3.
也就是说,事实上,他们的证书是由受信任的 'usual' CA 签署的。所以实际上没有区别
看一下letsencrypt自带的web证书,是由DST Root CA X3
(IdenTrust)签名的
我检查了 CA 是否存在于某些密钥库中:
- Chrome, IExplorer, Edge (使用 windows 10): OK
- Mozilla Firefox:好的
- Android(Nexus 5x -android 7):好的
完整列表在这里:https://letsencrypt.org/docs/certificate-compatibility/
购买自定义 SSL 证书与从 Let's Encrypt 提供的免费证书中获取证书之间的主要区别(可能是 pro/con 列表)是什么。 这就是在我们的 Web 应用程序
中使用简单的 httpsP.S相信你明白我在做什么。
主要的实际区别是在所有浏览器和第三方系统中都受信任,例如 Android、iOS 或 Windows。
Lets encrypt 已考虑到此限制并提出了一个解决方案,您可以在其网站上阅读 https://letsencrypt.org/certificates/
Our intermediate is signed by
ISRG Root X1
. However, since we are a very new certificate authority,ISRG Root X1
is not yet trusted in most browsers. In order to be broadly trusted right away, our intermediate is also cross-signed by another certificate authority,IdenTrust
, whose root is already trusted in all major browsers. Specifically, IdenTrust has cross-signed our intermediate using their DST Root CA X3.
也就是说,事实上,他们的证书是由受信任的 'usual' CA 签署的。所以实际上没有区别
看一下letsencrypt自带的web证书,是由DST Root CA X3
(IdenTrust)签名的
我检查了 CA 是否存在于某些密钥库中:
- Chrome, IExplorer, Edge (使用 windows 10): OK
- Mozilla Firefox:好的
- Android(Nexus 5x -android 7):好的
完整列表在这里:https://letsencrypt.org/docs/certificate-compatibility/