Current location - Quotes Website - Personality signature - There is a red line on https. What does this mean?
There is a red line on https. What does this mean?
1. The website has not applied for a global trusted SSL certificate.

What is the SSL certificate of global trust? If the SSL certificate deployed by the website is a certificate issued by Wotong CA, a trusted CA institution, the browser will trust and recognize such SSL certificate. For a popular analogy, a credible SSL certificate is like an ID card issued by your public security organ. This kind of ID card will be recognized by hotels, ticket offices and banks whether you are going to buy a train ticket or go to the bank for business.

Further reading: Link to websites that buy SSL certificates around the world.

2. This website uses a self-signed SSL certificate.

The website "https certificate is not trusted" may be that the website used a self-signed certificate. Self-signed certificate is a self-generated https certificate, which can be generated by anyone (including phishing websites) without being examined and issued by a legitimate third-party CA organization. It is easy to be counterfeited, attacked by middlemen and has great security risks. At the same time, the browser does not trust the self-signed certificate, so the website with the self-signed certificate will appear "https certificate is not trusted"

3. The website uses SSL certificates with poor compatibility.

Not all https certificates issued by CA institutions are generally supported by all browsers. If the CA organization fails to pass the international WebTrust certification, then many browsers, such as IE browser, don't trust the https certificate issued by it. When a website applies for purchasing an https certificate, it must choose a CA organization that has passed the international WebTrust certification. At present, among domestic CA, Wotong CA has obtained international and domestic double certification, and its https certificate is globally credible, supporting all browsers.

4. The certificate is no longer valid.

We know that all ID cards have a valid start time, and so do SSL certificates. Moreover, SSL certificates are more strictly controlled in the validity period. At present, the longest validity period of SSL certificate is 27 months, so when the SSL certificate deployed on your website has expired, the browser will also prompt the website that "SSL certificate is not trustworthy".

5. The website refers to the wrong SSL certificate.

Let's take the ID card as an example. Zhang San used Li Si's ID card to handle business, and the result was the same. It will be recognized immediately, so the SSL certificate is the same. If website A uses the certificate of website B, the browser will also remind you that "SSL certificate cannot be trusted".

We have been in contact with digital certificates for a long time, and few publishers will directly issue end-user certificates with their own root certificates. This may be for security reasons, but it does not rule out that some certification bodies support this (but the price is amazing).

6.SSL certificate chain is incomplete.

SSL certificates generally include server certificates, intermediate certificates, root certificates, and some require cross certificates. In many cases, if the operating system only has the default built-in root certificate of the issuing authority, and you directly install your own domain name server certificate, the certificate chain will be incomplete at this time, and the operating system will not be able to determine who the real issuer of the SSL certificate is. Therefore, we need to check the integrity of the certificate chain when configuring the server to install SSL certificates to ensure the normal use of SSL certificates.

7. The client does not support the SNI protocol.

I have to say that there are still a few old systems below Windows XP SP2 and Android4.2, because these operating systems are too early, and the system manufacturers at that time did not support this SNI protocol. SNI protocol is a technology that allows multiple domain names supporting SSL certificates to share the same independent IP address. Now it has been supported by almost all mainstream operating systems and browsers. Many years ago, SSL certificates needed to be bound to independent IP addresses. SNI technology came into being due to the gradual shortage of IPv4 address pool allocation.

Related articles
  • Animated animal stories broadcast by Jade TV when I was a child.
  • What are the requirements for judicial authentication of documents?
  • 202 1 short and attractive signature (30 sentences selected)
  • Quoted from a famous saying in Su Shu.
  • Protection mode of CD encryption
  • How to realize batch electronic signature of CAD?
  • Isn't the Masters a ranking match?
  • Douyin typing line break key cannot be found
  • The signature of the invoice cannot be verified, and the signature format is not supported.
  • Hello, my name is Li Yanan. Can you help me design my signature?

    • copyright 2024 Quotes Website All rights reserved