域名s加密

A. 域名密钥

这是一项基于PKI但又不属于传统的PKI加密解密的新技术，还没成为全球的安全标准。所以，我也难说明它是怎么样的VERIFY DIGITAL SIGNATURE。
还是给你一个官方的解说吧。就当是为混2分
Yahoo!雅虎 Anti-Spam Resource Center反垃圾邮件资源中心
Home FAQs Tools Tips Fun Facts Spam and the Law DomainKeys家居常见工具小费训事实和法律domainkeys邮件
DomainKeys: Proving and Protecting Email Sender Identitydomainkeys:电子邮件寄件人身份证明和保护
Email spoofing - the forging of another person's or company's email address to get users to trust and open a message - is one of the biggest challenges facing both the Internet community and anti-spam technologists today.电子邮件欺骗-伪造他人或公司的电子邮件信箱得到了用户的信任与公开的信息,是双方面临的最大挑战之一,网上社区反垃圾邮件技师. Without sender authentication, verification, and traceability, email providers can never know for certain if a message is legitimate or forged and will therefore have to continually make ecated guesses on behalf of their users on what to deliver, what to block, and what to quarantine, in the pursuit of the best possible user experience.无寄件人认证、审核、追踪、电子邮件提供商如果能永远不知道某些讯息是合法或伪造,因而必须不断的猜测,代其向用户提供什么,什么座什么检疫,在追求最佳的用户经验.
DomainKeys is a technology proposal that can bring black and white back to this decision process by giving email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent (i.e,. that they were not altered ring transit).domainkeys是技术方案,可以使黑白回到这一决定的过程给予核查机制电子邮件提供商都属于每个电子邮件发送者发出的信息和诚信(醋酸.他们没有改变过境期间). And, once the domain can be verified, it can be compared to the domain used by the sender in the From: f ield of the message to detect forgeries.而一旦域可以验证,就好比是用域的由寄件人:六油田的发现是伪造的讯息. If it's a forgery, then it's spam or fraud, and it can be dropped without impact to the user.如果是伪造的,那就邮件或欺诈行为,而且可以减少对用户没有影响. If it's not a forgery, then the domain is known, and a persistent reputation profile can be established for that sending domain that can be tied into anti-spam policy systems, shared between service providers, and even exposed to the user.如果不是伪造的,那么,已知域,概况声誉与执着,可设立派出域可以捆扎成反垃圾邮件政策体系服务提供商之间共享,甚至暴露用户.
For well-known companies that commonly send transactional email to consumers, such as banks, utilities, and ecommerce services, the benefits of verification are more profound, as it can help them protect their users from "phishing attacks" - the fraulent solicitation for account information, such as credit card numbers and passwords, by impersonating the domain and email content of a company to which users have entrusted the storage of these data.对于知名公司共同向消费者发出电子邮件交易,如银行、公用事业、商贸服务、好处核查更深刻,因为它可以帮助他们保护其用户从"钓鱼攻击"的欺骗性劝帐户信息如信用卡号码和密码,冒充域和电子邮件的内容,用户纷纷向公司委托这些资料储存. For these companies, protecting their users from fraud emails translates directly into user protection, user satisfaction, reced customer care costs, and brand protection.对于这些企业,保护其用户直接翻译成诈骗电子邮件用户保护,用户满意,降低客户服务成本、品牌保护.
For consumers, such as Yahoo!对于消费者来说,如雅虎 Mail users or a grandparent accessing email through a small mid-western ISP, instry support for sender authentication technologies will mean that they can start trusting email again, and it can resume its role as one of the most powerful communication tools of our times.邮箱用户通过电子邮件或外祖父母存取小中西部商、工业支援寄件人认证技术将意味着他们可以信任的电子邮件后再次启动,它可以恢复其作为世界上最强大的通信工具的时代.
Standardization and License Terms标准化与许可条件
DKIM is the result of the ongoing commitment from numerous instry players to develop an open-standard e-mail authentication specification, and instry collaboration has played a critical role in the process.dkim是由于许多业者正在承担发展开放标准电子邮件认证规格和产业合作起到了关键的作用. Instry leaders who played a valuable role in furthering the development of the DKIM specification include, Alt-N Technologies, AOL, Brandenburg Internetworking, Cisco, EarthLink, IBM, Microsoft, PGP Corporation, Sendmail, StrongMail Systems, Tumbleweed, VeriSign and Yahoo!.业领导者的角色,发挥了宝贵的发展更进一步的dkim规格包括,竞标氮技术,美国在线、勃兰登堡互联思科,earthlink,IBM公司、微软公司、中Pgp总公司Sendmail的,strongmail系统tumbleweed,但Verisign和雅虎. The participation of these companies has been instrumental in creating this single, signature-based e-mail authentication proposal.参与这些公司一直在制造这种单一签名的电子邮件认证提案. The authoring companies will continue to work with these organizations and the IETF on the standardization of the DomainKeys Identified Mail (DKIM) specification so that instry-wide agreement on the best method for validating the identification of email senders can be reached.该公司将继续致力于创作与这些团体和有关IETF工作的规范化domainkeys确定邮件(dkim)规格,使整个行业的协议的最佳方法验证电子邮件发送者身份才能达成. DomainKeys Identified Mail has begun advancing through the IETF Internet standards process to be ultimately approved as an IETF Internet Standard.domainkeys确定邮件已经开始通过因特网因特网标准过程进最终被批准为国际标准IETF工作.
For historical reference, Yahoo!为历史借鉴,雅虎! has submitted the DomainKeys framework as an Internet-Draft entitled " draft-delany-domainkeys-base-03.txt .已将domainkeys框架作为因特网决议题为"导流delany-domainkeys基地-03.txt. Yahoo!'s DomainKeys Intellectual Property may be licensed under either of the following terms:雅虎国domainkeys知识产权牌可以以下其中一条规定:
Yahoo!雅虎 DomainKeys Patent License Agreementdomainkeys专利许可协议
GNU General Public License version 2.0 (and no other version).GNU通用公共许可证2.0版(无其它版).
Yahoo!'s DomainKeys Intellectual Property includes the following patent(s) and patent application(s).雅虎国domainkeys知识产权包括以下专利申请专利(S)和(S)号.
U.S. Patent Number 6,986,049, issued January 10, 2006美国专利数量6,986,049发布2006年1月10日
U.S. Patent Application Serial Number 10/805,181, filed March 19, 2004美国专利申请序号八百○五分之一十○,181,立案2004年3月19日
PCT Application PCT/US2004/007883, filed March 15, 2004厘应用pct/us2004/007883,立案2004年3月15日
PCT Application PCT/US2005/008656, filed March 15, 2005厘应用pct/us2005/008656,立案2005年3月15日
In accordance with RFC2026, Yahoo!按照rfc2026雅虎! has also submitted the above license statement to the IETF as an IPR Disclosure.上述许可,也已向IETF工作作为知识产权声明披露. Have license feedback?有执照的反馈?
Reference Implementation实施范围
In addition to the Internet-Draft, Yahoo!除了因特网草案,雅虎! has developed a reference implementation for DomainKeys that can be plugged into Message Transfer Agents (MTAs), such as qmail.制定了实施范围,可为domainkeys诱惑讯息传递代理(多边),例如qmail邮件. A version of this software has been released and is available at http://domainkeys.sourceforge.net/ .这个软件版本已经获释,现已在http://domainkeys.sourceforge.net/. Sendmail has developed a DomainKey implementation for their popular MTA (both the commercial and freeware versions).Sendmail的执行他们制定了domainkey热门甲硫(包括商业、免费版本). In fact, Sendmail, Inc. has released an open source implementation of the Yahoo!事实上,Sendmail的华硕已公开发表的消息<雅虎 DomainKeys specification for testing on the Internet and is actively seeking participants and feedback for this Pilot Program.domainkeys规格测试于互联网和反馈,并积极寻求参与这项试办计画.
How DomainKeys Works如何domainkeys工程

How it Works - Sending Servers它如何送服务器
There are two steps to signing an email with DomainKeys:有两个步骤,签署了与domainkeys电子邮件:
Set up: The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed).成立:域所有者(通常队办起了公司的电子邮件系统或服务提供商)产生公共/私人钥匙使用所有签字离任讯息(多重关键双双获准). The public key is published in DNS, and the private key is made available to their DomainKey-enabled outbound email servers.公钥刊登的DNS,关键是提供给私人的domainkey驱动游电子邮件服务器. This is step "A" in the diagram to the right.这一步的"A"在图的权利.
Signing: When each email is sent by an authorized end-user within the domain, the DomainKey-enabled email system automatically uses the stored private key to generate a digital signature of the message.签字:每发送电子邮件特准终端用户的领域<domainkey驱动系统自动用电子邮件储存私钥产生数字签名的信息. This signature is then pre-pended as a header to the email, and the email is sent on to the target recipient's mail server.这是当时签字前彩超对电子邮件作为头、而电子邮件发送给目标收件人的邮件服务器. This is step "B" in the diagram to the right.这是一步"乙"在图的权利.
How it Works - Receiving Servers它如何接收服务器
There are three steps to verifying a signed email:有三个步骤,核实签名电子邮件:

Preparing: The DomainKeys-enabled receiving email system extracts the signature and claimed From: domain from the email headers and fetches the public key from DNS for the claimed From: domain.准备:domainkeys-接收电子邮件系统,使提取签名并声称来自:从电子邮件、绿头域公钥来自声称来自域名为:域. This is step "C" in the diagram to the right.这一步的"C"的图权.
Verifying: The public key from DNS is then used by the receiving mail system to verify that the signature was generated by the matching private key.验证:公共密钥则用来从域名系统的接收邮件核实签字私钥产生配对. This proves that the email was truly sent by, and with the permission of, the claimed sending From: domain and that its headers and content weren't altered ring transfer.这证明,真正的电子邮件发送、许可,由派出称:域,其头和内容都没有改变,在转让.
Delivering: The receiving email system applies local policies based on the results of the signature test.运送:适用土政策接收电子邮件系统基于签名测试结果. If the domain is verified and other anti-spam tests don't catch it, the email can be delivered to the user's inbox.如果域验证和其他反垃圾邮件测试也没有渔获,电子邮件可交付给用户的inbox. If the signature fails to verify, or there isn't one, the email can be dropped, flagged, or quarantined.如果未能核实签名,或有没有一个能降的电子邮件、国旗或查封. This is step "D" in the diagram on the right.这一步的"D"在正确的图.
In general, Yahoo!一般来说,雅虎! expects that DomainKeys will be verified by the receiving email servers.预料将经domainkeys接收电子邮件服务器. However, end-user mail clients could also be modified to verify signatures and take action on the results.但是,最终用户的邮件客户还可改装核实签字并采取行动的结果.

Frequently Asked Questions常见问题
How will this help stop spam?如何帮助阻止垃圾邮件?
How will this help stop fraud/phishing attacks?如何帮助制止欺诈/网络钓鱼攻击?
Won't spammers just sign their messages with DomainKeys?刚刚签署的电文不会与domainkeys滥发电邮?
What does DomainKeys verify?什么domainkeys查证?
Why sign the entire message?所以整个标志信息?
Does DomainKeys encrypt each message?是否每个domainkeys加密信息?
What public/private key technology is used for DomainKeys?什么公/私钥用于科技domainkeys?
Who issues the public/private key pairs required by DomainKeys?谁的问题公/私钥双双要求domainkeys?
Does DomainKeys require signing of the public key by a Certificate Authority (CA)?domainkeys是否需要签署的公钥证书管理局(星期六)?
How are DomainKeys revoked?如何domainkeys撤销?
Why not just use S/MIME?为什么不能用收盘/默?
How does DomainKeys work with mailing lists?如何domainkeys与邮寄名单?
Who implements DomainKeys?实行domainkeys谁?
Which mail transfer agents (MTAs) support DomainKeys?其中邮件传递代理(多边)支持domainkeys?
How do I deploy DomainKeys?我如何部署domainkeys?
I don't use my domain's SMTP server to send email.我不使用我的域的SMTP服务来电子邮件. How do I use DomainKeys?domainkeys我该如何使用?
How can I send you feedback?我如何送你的反馈?
How will this help stop spam?如何帮助阻止垃圾邮件?
Several ways.几种方式. First, it can allow receiving companies to drop or quarantine unsigned email that comes from domains that are known to always sign their emails with DomainKeys, thus impacting spam and phishing attacks.一是它可以让公司接收电子邮件签名下降或检疫来自已知的领域,总是与domainkeys签名电子邮件、垃圾邮件、钓鱼攻击从而冲击. Second, the ability to verify sender domain will allow email service providers to begin to build reputation databases that can be shared with the community and also applied to spam policy.二能力验证电子邮件发送者域将使服务提供商开始建造名声数据库是可以共享的社会,也适用于垃圾邮件的政策. For example, one ISP could share their "spam vs. legit email ratio" for the domain www.example.com with other ISPs that may not yet have built up information about the credibility and "spamminess" of email coming from www.example.com.例如一商可以分享他们的"滥发电邮的比率比legit"www.example.com域与其他供应商可能尚未建立起资料的可信度和"spamminess"的电子邮件来自www.example.com. Last, by eliminating forged From: addresses, we can bring server-level traceability back to email (not user-level - we believe that should be a policy of the provider and the choice of the user).最后,从消除伪造:地址我们能够把服务器级别可追踪回电子邮件(不用户级,我们相信应该是一个政策的提供者和用户的选择). Spammers don't want to be traced, so they will be forced to only spam companies that aren't using verification solutions.滥发电邮不想追查,所以他们将被迫只能利用邮件企业不核查办法.
Back to Questions回到问题
How will this help stop fraud/phishing attacks?如何帮助制止欺诈/网络钓鱼攻击?
Companies that are susceptible to phishing attacks can sign all of their outgoing emails with DomainKeys and then tell the world this policy so that email service providers can watch and drop any messages that claim to come from their domain that are unsigned.公司易受钓鱼攻击的迹象都能够打出自己的电子邮件与domainkeys然后告诉全世界,使这一政策能够收看电子邮件服务提供商和落任何讯息,声称是来自域签名. For example, if the company www.example.com signs all of its outgoing email with DomainKeys, Yahoo!举例来说,如果公司www.example.com打出招牌,其所有的电子邮件同domainkeys雅虎! can add a filter to its SpamGuard system that drops any unsigned or improperly signed messages claiming to come from the domain www.example.com, thus protecting tens of millions of example.com's customers or prospective customers from these phishing attacks.它可以增加一个过滤系统,spamguard滴签名或摆放任何讯息签名自称来自域www.example.com,保护千百万example.com的客户或准客户从这些网络钓鱼攻击.
Back to Questions回到问题
Won't spammers just sign their messages with DomainKeys?刚刚签署的电文不会与domainkeys滥发电邮?
Hopefully!但愿! If they do, they'll make it easier for the Internet community to isolate and drop/quarantine their messages using the methods described above in "How will this help stop spam?"否则,人家较易互联网社会孤立和落/检疫信息的利用上述方法在"如何帮助阻止垃圾邮件"? Eliminating the uncertainty of "did this email really come from the domain example.com?" will facilitate a whole range of anti-spam solutions.消除不确定性"这真是电子邮件来自example.com域?"方便了一系列反垃圾邮件解决方案.
Back to Questions回到问题
What does DomainKeys verify?什么domainkeys查证?
DomainKeys examines the From: and Sender: headers' domain to protect the user and deliver the best possible user experience.domainkeys审核:与发货:头'域维护用户和用户提供最佳的体验. Desktop mail clients like Microsoft Outlook show these headers in their user interfaces.微软Outlook邮件客户桌面显示这些头象的用户界面. If the user establishes their trust based on the these domains, then so should any system built to verify whether that trust is warranted.如果用户信任的基础上,确立了这些领域系统建成后,应查证是否有值得信任.
Back to Questions回到问题
Why sign the entire message?所以整个标志信息?
DomainKeys signs the entire message to allow the receiving server to also verify that the message wasn't tampered with or altered in transit.domainkeys迹象整个服务器接收到的讯息,让讯息,也未核实篡改变造过境. By signing the headers and the body, DomainKeys makes it impossible to reuse parts of a message from a trusted source to fool users into believing the email is from that source.签订箱与身体domainkeys它无法再用部分贺词信靠欺骗用户们相信,电子邮件是从源头.

Back to Questions回到问题
Does DomainKeys encrypt each message?是否每个domainkeys加密信息?
DomainKeys does not encrypt the actual message - it only pre-pends a "digital signature" as a header.domainkeys不加密的实际消息只是预未决的"数字签名"为标题.
Back to Questions回到问题
What public/private key technology is used for DomainKeys?什么公/私钥用于科技domainkeys?
DomainKeys currently uses an RSA public/private key method.domainkeys目前使用的RSA公/私钥方式. The key length is decided by the domain owner.关键是由长度域所有者.
Back to Questions回到问题
Who issues the public/private key pairs required by DomainKeys?谁的问题公/私钥双双要求domainkeys?
The domain owner, or an agent or service provider acting on their behalf, should generate the key pairs that are used for their DomainKeys-enabled mail system.域所有者或代理人或服务提供商代表他们行事产生的关键,应该是用于对它们domainkeys-使邮件系统.
Back to Questions回到问题
Does DomainKeys require signing of the public key by a Certificate Authority (CA)?domainkeys是否需要签署的公钥证书管理局(星期六)?
DomainKeys does not require a CA.domainkeys不需要证. Much like a trusted Notary Public, Certificate Authorities are used in public/private key systems to sign, or "endorse," public keys so that the external users of public keys can know that the public keys they receive are truly owned by the people who sent them.犹如信赖公证,公证书使用部门/私钥签制度、或"赞同",使外部用户公共密钥公共密钥公共密钥可以知道他们是否真正拥有的人送. Since DomainKeys leverages DNS as the public key distribution system, and since only a domain owner can publish to their DNS, external users of DomainKeys know that the public key they pull is truly for that domain.自domainkeys杠杆作为公钥分配域名系统由于只有一个域可以拥有自己的DNS出版、外部用户domainkeys知道公钥是真正为他们牵到域. The CA is not needed to verify the owner of the public key - the presence in that domain's DNS is the verification.证不需要验证公钥主人-驻留在该领域的域名是核实. However, it is possible that Certificate Authorities may become a valuable addition to the DomainKeys solution to add an even greater level of security and trust.但是证机关也有可能会成为一项宝贵的domainkeys除了增添更大程度地解决安全和信任.
Back to Questions回到问题
How are DomainKeys revoked?如何domainkeys撤销?
DomainKeys allows for multiple public keys to be published in DNS at the same time.domainkeys允许多种公共钥匙刊登的DNS在同一时间. This allows companies to use different key pairs for the various mail servers they run and also to easily revoke, replace, or expire keys at their convenience.这使公司对使用不同的重点,对各邮件服务器,也能轻易地撤销他们来说,代替,或在方便的钥匙届满. Thus, the domain owner may revoke a public key and shift to signing with a new pair at any time.因此,车主可撤销公钥域,转向以新签署一双随时.
Back to Questions回到问题
Why not just use S/MIME?为什么不能用收盘/默?
S/MIME was developed for user-to-user message signing and encryption and by design should be independent of the sending and receiving servers.收盘/默研制用户对用户的信息加密和签署了设计和应该独立于发送和接收服务器. We believe that DomainKeys should be a natural server-to-server complement to S/MIME and not a replacement.我们相信应该是一个天然domainkeys服务器对服务器补充收盘/默不更换. Additionally, since S/MIME is used by many security-conscious instries, we need to ensur

B. 网络域名带s什么意思

协议不同吧。带S的安全些。例如银行等网站都带S。

C. 什么是SSL加密

SSL是一个安全协议，它提供使用 TCP/IP 的通信应用程序间的隐私与完整性。因特网的 超文本传输协议（HTTP）使用 SSL 来实现安全的通信。

在客户端与服务器间传输的数据是通过使用对称算法（如 DES 或 RC4）进行加密的。公用密钥算法（通常为 RSA）是用来获得加密密钥交换和数字签名的，此算法使用服务器的SSL数字证书中的公用密钥。有了服务器的SSL数字证书，客户端也可以验证服务器的身份。SSL 协议的版本 1 和 2 只提供服务器认证。版本 3 添加了客户端认证，此认证同时需要客户端和服务器的数字证书。

非对称加密

那么什么是SSL使它对在线安全如此重要？应该探索的一个方面称为非对称加密。当您访问网站时，浏览器会与网站建立连接。目标是在站点和浏览器之间的任何数据流之前确定SSL证书是否有效。所有这一切发生得如此之快，以至于您没有发现延迟。

换句话说，连接的加密是在您看到任何内容之前确定的。如果出现问题，浏览器会阻止您进入您的轨道并让您有机会从网站迁移。

什么是非对称加密很重要？它使用私钥和公钥。公钥加密数据，而私有密钥解密数据。只有在两个键确定功能后才能继续。

对称加密

那么对称加密呢？这对验证SSL证书的过程也很重要。在安全会话建立后，一旦浏览器和站点相互通信，这就是保持连接的原因。

由于使用了这种类型的加密，会话密钥能够加密和解密数据。你看到的是来回的数据流畅，仍然是安全的。

他们如何共同合作形成SSL

将非对称加密视为检查，确认和验证浏览器和网站可以通信的手段。从某种意义上说，它会检查SSL证书并确保通信安全。从那里开始，对称加密接管并允许通信流动不减，直到一方或另一方结束对话。

深入挖掘：RSA和ECC

当您了解有关SSL和加密的更多信息时，您可能会听到两个术语。其中之一称为RSA加密。

这个名字基于提出这种加密理念的三个人：Rivest，Shamir和Adelman。它侧重于公钥加密，并且只要使用浏览器连接网站，就会使用特定的数学公式生成两个大的素数。素数在任何时候都是保密的，最终导致公钥和私钥的发展。一旦完成该过程，就不再需要两个素数。

这是浏览器和站点之间“握手”的另一层保护。与一般的加密一样，它发生得如此之快，以至于您没有时间看到它发生。它做的是保持连接安全。

您还将听到ECC加密。这代表Elliptic Curve Cryptography。它已经使用了十多年，通常被认为比SSL的其他方面更复杂。它是如何参与建立连接的验证过程的。

与RSA一样，ECC也是关于评估和确定站点与浏览器之间的连接是安全可靠的。一旦验证，就会有来回沟通的基础。将其视为防止第三方闯入用户与您访问的网站之间的对话的另一种方式。

D. 如何给网站免费添加Https加密

首先没有免费的。
1、需要准备好域名、独立服务器或云服务器，支持HTTPS加密的服务器才可以。
2、淘宝Gworg获取证书。
3、对应自己的服务器环境拿到教程安装到服务器完成。
4、测试网站后台源码是否正常，如果地址栏没有出现小锁，删除HTTP普通协议调用数据就可以了。

E. 网站前面加s和不加s有什么区别

不加s的是使用HTTP协议，加s的是使用HTTPS协议。二者的主要区别是：

1、安全性不同

HTTP 明文传输，数据都是未加密的，安全性较差；HTTPS（SSL+HTTP） 数据传输过程是加密的，安全性较好。

2、是否需要CA证书

使用 HTTPS 协议需要到 CA（Certificate Authority，数字证书认证机构） 申请证书，一般免费证书较少，因而需要一定费用。而使用 HTTP 协议是不需要用到CA证书的。

3、响应速度不同

HTTP 页面响应速度比 HTTPS 快，主要是因为 HTTP 使用 TCP 三次握手建立连接，客户端和服务器需要交换 3 个包，而 HTTPS除了 TCP 的三个包，含腊还要加上 ssl 握手需要的 9 个包，所以一共是 12 个包。

4、端口不一样

HTTP的URL由“http://”起始且默认使用80端口；HTTPS的URL由“https://”起始且默认使用443端口。

参考敬老羡亮拍资料来源：网络-http

参考资料来源：网络-https

F. 网站域名前面有s加密是什么意思为什么工商银行，农业银行人民银行都没有急急急！

加密是旅老指你在这个网址上操作并不会被浏览器记忆！普通操作都会被浏览拆旦升器记忆迟悄！那些银行的网址没有s是因为你没有进入网银或者是登录页面！进入后也有的!

G. 如何开启https给自己的网站加密

1、确定需要HTTPS的域名，当然这个域名是独立的，可以正常解析。

2、拥有一台独立服务器，通常适应的是云服务器（虚拟主机通常都不支持的）。

3、网站程序源码，这个很重要不是所有源码都支持HTTPS，不过通常主流都是支持的，不支持的也是稍微修改一下就可以了。

4、HTTPS是要办理认证的，这一点需要登陆：Gworg 获取信任的证书，当然需要验证的域名的，不过Gworg会指导完成验证。网页链接

5、需要把认证好的证书安装到独立服务器，可以根据Gworg提供安装文档。

6、最后一步打开网页，预览就看到地址栏显示HTTPS了。

H. 域名用https加密的具体操作急用啊！！！

域名进行https加密需要申请并安装SSL证书。SSL证书申请流程如下：

第一步，生成并提交CSR（证书签署请求）文件
CSR文件一般都可以通过在线生成（或服务器上生成），申请人在制作的同时系统会产生两个秘钥，公钥CSR和密钥KEY。选择了SSL证书申请之后，提交订单并将制作生成的CSR文件一起提交到证书所在的CA颁发机构。
第二步，CA机构进行验证
CA机构对提交的SSL证书申请有两种验证方式：
第一种是域名认证。系统自动会发送验证邮件到域名的管理员邮箱（这个邮箱是通过WHOIS信息查询到的域名联系人邮箱）。管理员在收到邮件之后，确认无误后点击我确认完成邮件验证。所有型号的SSL证书都必须进行域名认证。
第二种是企业相关信息认证。对于SSL证书申请的是OV SSL证书或者EV SSL证书的企业来说，除了域名认证，还得进行人工核实企业相关资料和信息，确保企业的真实性。
第三步，CA机构颁发证书
由于SSL证书申请的型号不同，所验证的材料和方式有些区别，所以颁发时间也是不同的。
如果申请的是DV SSL证书最快10分钟左右就能颁发。如果申请的是OV SSL证书或者EV SSL证书，一般3-7个工作日就能颁发。

I. 如何设置在IIS中只允许使用域名通过SSL加密访问

IIS强制使用SSL加密访问只要方法有2个。

一、强制SSL访问：是指用户输入域名后自动跳转到HTTPS，操作步骤：网页链接

二、服务器存在IP或者域名，必须要求域名访问SSL，这种情况下需要IIS配置SSL证书绑定这个域名。可以参考IIS6文档：网页链接、IIS7文档：网页链接。

如果是IIS8以上服务器可以直接绑定：

J. 怎么使用域名通过SSL加密

使用域名申请SSL证书就可以实现域名SSL加密。安信证书提供Symantec、GeoTrust、Comodo、RapidSSL、Globalsign、AlphaSSL等多家全球权威CA机构的SSL数字证书，SSL证书种类齐全，而且提供免费安装、免费重签、30 天无条件退款等服务。