想要使用https但不想花钱/时间? 借助CloudFlare为网站提供免费的SSL认证
Categories: Development Notes; Tagged with: https • SSL; @ February 26th, 2017 22:09相信很多个人站长都希望通过https向读者提供服务, 要提供https服务, 就首先需要一个通过CA认证的certificate, 可以掏钱买, 也可以通过Let’s Encrypt免费获得. 如果站点用的是github pages静态内容 + 自己的域名, 那么可能这两者可能都不合适.
CloudFlare是一家DNS, CDN等服务供应商, 同时面向个人提供免费的DNS, CDN等服务, 并且提供SSL服务:
如果要求不高, 只是希望内容通过https分发, 那么可以选择默认的Flexible SSL. 该选项会使最终读者通过https建立与CloudFlare之间的联系. 而CloudFlare与你的server之间会通过http连接.
SSL配置生效后, 你将可以通过http访问你的网站, 并且可以看到https的认证信息.
原理
CloudFlare会自动生成一个包含有你的域名*.example.com的共享认证, 最终用户的浏览器会辨识该认证并与CouldFlare建立https连接.
- Introducing Universal SSL
- Secure and fast GitHub Pages with CloudFlare
- How can CloudFlare provide a valid SSL certificate for domains not under its control?
HttpsURLConnection ignore SSL Certificate Error / Accept all Certificate
Categories: Java; Tagged with: Java • SSL; @ April 2nd, 2014 22:47Requirement: HttpsURLConnection ignore SSL Certificate Error / Accept all Certificate
package com.test;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public final class SSLUtils {
public static void trustCertificate () throws KeyManagementException, NoSuchAlgorithmException {
System.setProperty ( "https.protocols", "SSLv3" );
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] arg0,
String arg1) throws CertificateException {
System.out.println ( "checkClientTrusted()" );
}
@Override
public void checkServerTrusted(X509Certificate[] arg0,
String arg1) throws CertificateException {
System.out.println ( "checkServerTrusted()" );
}
@Override
public X509Certificate[] getAcceptedIssuers() {
System.out.println ( "X509Certificate()" );
return new X509Certificate[0];
}
}
};
final SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier ( new HostnameVerifier () {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
} );
}
}
Usage:
before url.openConnection() call trustCertificate ();
ActionScript
Adobe
AIR
ANT
Apache
ApacheFlex
Apache Flex
Better Developer
BlazeDS
Cloud Computing
CMD
DataGrid
DataGridColumn
DB2
Derby
DTSX
Eclipse
ETL
Event
Excel
Flash Builder
Flex
Google
Java
JDBC
JDK
JIRA
Life@SG|新加坡
Linux
MySQL
Oracle
PHP
Python
RegEx
Servlet
SQL
SQL Server
SSIS
SVN
T-SQL
Tools
Tree
Ugly
WordPress
XML
dev-notes
side-projects