What's SSL Certificate?
Total Page:16
File Type:pdf, Size:1020Kb
SSL Certificates FAQ Product Introduction FAQ Product Introduction Copyright Notice ©2013-2017 Tencent Cloud. All rights reserved. Copyright in this document is exclusively owned by Tencent Cloud. You must not reproduce, modify, copy or distribute in any way, in whole or in part, the contents of this document without Tencent Cloud's the prior written consent. Trademark Notice All trademarks associated with Tencent Cloud and its services are owned by Tencent Cloud Computing (Beijing) Company Limited and its affiliated companies. Trademarks of third parties referred to in this document are owned by their respective proprietors. Service Statement This document is intended to provide users with general information about Tencent Cloud's products and services only and does not form part of Tencent Cloud's terms and conditions. Tencent Cloud's products or services are subject to change. Specific products and services and the standards applicable to them are exclusively provided for in Tencent Cloud's applicable terms and conditions. ©2013-2017 Tencent Cloud. All rights reserved. Page 2 of 17 FAQ Product Introduction Contents Documentation Legal Notice ............................................................................................................................................ 2 FAQ ............................................................................................................................................................................................. 4 Can the Certificate Be Revoked? ....................................................................................................................................... 4 Why Would Security Review Fail? ..................................................................................................................................... 5 The Site Prompts "Connection Is Untrusted"? ................................................................................................................ 6 What's OpenSSL? ................................................................................................................................................................. 7 What's SSL Certificate?...................................................................................................................................................... 10 What's Private Key? ......................................................................................................................................................... 11 What's CSR? ........................................................................................................................................................................ 12 Is DV Certificate Permanently Free? ............................................................................................................................... 14 Chrome Browser Prompts "Your Connection Is Not Private Key Connection"? ..................................................... 15 Forgot Your Private Key Password?................................................................................................................................ 17 ©2013-2017 Tencent Cloud. All rights reserved. Page 3 of 17 FAQ Product Introduction FAQ Can the Certificate Be Revoked? Now, only offline certificate revocations are supported. Please submit a ticket to contact Tencent Cloud engineers for certificate revocation. For more information on revocation processes of domain validation (DV) certificates, see DV Certificate Revocation ©2013-2017 Tencent Cloud. All rights reserved. Page 4 of 17 FAQ Product Introduction Why Would Security Review Fail? If the following prompt appears when applying for a Domain Validation (DV) SSL certificate, it indicates that the domain name failed to pass the security verification. DV SSL certificates cannot be issued via the rapid review process of Symantec CA for the domain name. Please purchase paid certificates. The specific reasons for failed security verification: According to the anti-phishing mechanism of CAs, sensitive words contained in domain names, such as bank and pay, can cause failed security verifications. Specific sensitive words are defined by CAs. And some less commonly used root domain names may also fail to pass verifications. For example, root domain names with .pw suffix, such as www.qq.pw and www.qcloud.pw , will fail to pass the verification. Because DV SSL certificates are quickly issued through automatic authentication without manual intervention, the verification standards are strengthened with more stringent sensitive words. ©2013-2017 Tencent Cloud. All rights reserved. Page 5 of 17 FAQ Product Introduction The Site Prompts "Connection Is Untrusted"? After the SSL certificate is deployed, the accessed site prompts "Connection is not secure". Is the certificate deployment failed? A: The certificate has been successfully deployed. This problem occurs because that the browser considers the sites unsafe if they use HTTPS protocol and their pages contain unencrypted HTTP contents. In this case, the code needs to be modified. For frontend modification, here are the references: 1. Reference resources with relative paths; 2. When referencing the absolute path, use // to reference resources. For example: //img.qcloud.com/example.png indicates compliance with the protocol of the current page, and the browser will automatically complete it. ©2013-2017 Tencent Cloud. All rights reserved. Page 6 of 17 FAQ Product Introduction What's OpenSSL? OpenSSL is a well-known open source cryptography toolkit for secure communications, and contains cryptographic algorithms, common passwords, and certificate packaging feature. 1. Official Website of OpenSSL Official download address. 2. Installation Method on Windows Installation package for windows is not provided on OpenSSL official website. You can choose tools provided by other open source platforms, for example: http://slproweb.com/products/Win32OpenSSL.html Taking this tool as an example, the installation steps and usage are as follows: 2.1 Download a 32-bit or 64-bit version, for example, Win64OpenSSL_Light-1_0_2h.exe: 2.2 Set environment variables. If the tool is installed in C:\OpenSSL-Win64, copy ©2013-2017 Tencent Cloud. All rights reserved. Page 7 of 17 FAQ Product Introduction C:\OpenSSL-Win64\bin; to Path 2.3 Open the command line program cmd (run as an administrator), enter the directory where 2_www.domain.com.key and 1_www.domain.com_cert.crt are stored, and run the command below openssl pkcs12 -export -out www.domain.com.pfx -inkey 2_www.domain.com.key -in 1_www.domain.com_cert.crt ©2013-2017 Tencent Cloud. All rights reserved. Page 8 of 17 FAQ Product Introduction For example, if the key and crt files are stored in D:\, it runs as follows: Ps: Export Password is not required, so press Enter directly without inputting. 2.4 www.domain.com.pfx is generated in D:. You can continue to complete the certificate installation in IIS Manager. ©2013-2017 Tencent Cloud. All rights reserved. Page 9 of 17 FAQ Product Introduction What's SSL Certificate? Secure Sockets Layer (SSL) is a security protocol designed to ensure security and data integrity for Internet communications. Based on the SSL protocol, an SSL certificate can be installed on the server to achieve encrypted data transfer. Certificate authorities (CAs) are third-party authorities that verify the validity of public keys. They are responsible for specifying policies and procedures to verify users' identities, sign SSL certificates, and ensure the identity of a certificate holder and ownership of a public key. CAs issue SSL certificates for each user using the public key. A SSL certificate is used to certify that individuals/businesses listed in the certificate lawfully own the public key listed in the certificate. Digital signatures from CAs can prevent certificates from being forged and tampered. An SSL certificate actually represents the verification of the public key from an CA, which contains digital certificate-signing authority information, user information of the public key, the public key, authority signature, and expiration date. ©2013-2017 Tencent Cloud. All rights reserved. Page 10 of 17 FAQ Product Introduction What's Private Key? SSL certificates are developed based on public-key cryptography, which encrypts information with digital keys so that the information can only be read by intended recipients after decryption. A key pair consists of a public key and a private key. The public key may be publicly distributed by a user, while the private key is kept by the user. Information that is encrypted with the public key can be decrypted only with the corresponding private key, and vice versa. An SSL certificate actually represents the verification of the public key from an CA, which contains digital certificate-signing authority information, user information of the public key, the public key, authority signature, and expiration date. ©2013-2017 Tencent Cloud. All rights reserved. Page 11 of 17 FAQ Product Introduction What's CSR? CSR is short for Certificate Signing Request. To obtain an SSL certificate, you need to generate a CSR file first and submit it to a certificate authority (CA). The CSR includes a public key and a distinguished name. CSR is typically generated from a web server and a public/private key pair for encryption and decryption will be created at the same time. Relevant organization information is required to create a CSR. The web server creates a distinguished name based on the information