CN112702175A - Method and system for one-key application and deployment of target server certificate - Google Patents
Method and system for one-key application and deployment of target server certificate Download PDFInfo
- Publication number
- CN112702175A CN112702175A CN202011586495.2A CN202011586495A CN112702175A CN 112702175 A CN112702175 A CN 112702175A CN 202011586495 A CN202011586495 A CN 202011586495A CN 112702175 A CN112702175 A CN 112702175A
- Authority
- CN
- China
- Prior art keywords
- certificate
- server
- verification
- target server
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000012795 verification Methods 0.000 claims abstract description 63
- 238000012545 processing Methods 0.000 claims abstract description 23
- 230000004044 response Effects 0.000 claims description 9
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 1
- 238000013502 data validation Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method for applying and deploying a server certificate by one key, which replaces manual series work of a user by a series of automatic processes to proxy a user to complete the steps of certificate application, certificate verification and certificate deployment and achieves the aim of applying and deploying the server certificate by one key. The invention also discloses a system for applying and deploying the server certificate by one key, which comprises a first processing module and a second processing module, wherein the first processing module is used for processing and responding to the user request to complete the automatic application and deployment of the target server certificate; a second processing module: for completing the automatic verification of the certificate. The method and the system of the invention can obviously improve the efficiency of the application of the server certificate and reduce the cost of the user, thereby having obvious technical advantages and beneficial effects.
Description
Technical Field
The invention relates to the field of content distribution networks, in particular to a method and a system for one-key application and deployment of an HTTPS certificate based on a content distribution network.
Background
In a content distribution network, an HTTPS protocol has more secure network connection based on HTTPS due to its identity authentication and data security protection, and thus its application is becoming more and more widespread. And the application and deployment of the HTTPS certificate are the basis for the HTTPS protocol to work.
Generally, in a content delivery network, HTTPS certificate application and HTTPS certificate deployment to a CDN network are two completely independent processes, a user needs to switch between a certificate authority and a CDN provider's system multiple times, and manually participate in complex operations such as copying and submitting a file multiple times, in this process, the user needs to prepare a corresponding hardware environment, for example, an independent target server, to ensure deployment of certificate verification information, and specifically includes the following steps:
step 1: a user applies for a certificate to a certificate authority and submits information of a target server;
step 2: the user receives the certificate verification information returned by the certificate authority;
and step 3: the user deploys the certificate verification information to a target server;
and 4, step 4: a user waits for a certificate authority to verify whether the certificate verification information of a target server is deployed successfully, and waits for the issuance of a certificate;
and 5: after the certificate is issued successfully, the user acquires the certificate and deploys the certificate to a CDN provider;
the above operation steps not only require the user to participate in the complicated application deployment steps, but also have certain professional quality requirements on the user in the operation process, non-professional personnel are difficult to smoothly complete without training, and the usability is poor.
Disclosure of Invention
The invention provides a solution for one-key target server certificate application and deployment, aiming at solving the defects of complex certificate application and deployment process and poor usability in the prior art, and aiming at simplifying the processes of target server certificate application and deployment in a CDN (content delivery network) and improving the user experience.
In order to achieve the purpose, the invention provides a method for applying and deploying the server certificate by one key.
The method is applied to a content distribution network, and specifically comprises the following implementation steps: step S11: receiving and analyzing a server certificate request instruction, wherein the server certificate request instruction comprises information of a target server; step S12: sending a certificate application instruction to a third-party certificate authority based on the information of the target server, and receiving certificate verification data returned by the third-party certificate authority; step S13: according to the received certificate verification data, configuring a certificate verification service, and sending a certificate verification instruction to a third-party certificate authority; step S14: receiving a response of the certificate verification instruction, and acquiring target server certificate data from a third party certificate authority; step S15: the target server certificate is deployed to the content distribution network.
Further, the information of the target server includes a domain name of the target server.
Further, step S12 specifically includes the following implementation steps: constructing a certificate application instruction according to the information of the target server; submitting the certificate application instruction to a third party certificate authority; and receiving the certificate verification data returned by the third party certificate authority.
Further, in step S13, the specific implementation of the configuration certificate verification service includes the following steps: connecting a verification server, wherein the verification server is used for responding to a certificate verification instruction of a third-party certificate authority; sending the certificate verification data to a verification server; and setting the information of the verification server as the information of the target server.
Further, the specific implementation step of the authentication server responding to the certificate authentication instruction of the third-party certificate authority includes: receiving and analyzing a certificate verification instruction of a third party certificate authority; returning locally stored certificate verification data to the third party certificate authority.
The invention also discloses a system for applying and deploying the server certificate by one key, which comprises a first processing module and a second processing module, wherein the first processing module: the system is used for processing and responding to a user request, completing one-stop application of a target server certificate, processing the response of a third-party certificate authority, and automatically deploying a certificate file to a content distribution network; a second processing module: the certificate authority is used for constructing a verification server environment and responding to a certificate verification instruction of a third-party certificate authority.
The invention also discloses an electronic device, which is characterized in that the system comprises a processor and a memory, wherein the memory is used for storing the executable program; the processor is configured to execute the executable program to implement any one of the above methods for one-touch application and deployment of a target server certificate.
In practical applications, the modules described in the method and system disclosed by the present invention may be deployed on one target server, or each module may be deployed on a different target server independently, and particularly, in order to provide a stronger computing processing capability, the modules may be deployed on a cluster target server as needed.
By utilizing the method, the system and the equipment disclosed by the invention, the proxy user completes the steps of certificate application, certificate verification and certificate deployment through a series of automatic processes, and replaces the manual series work of the user to realize the purpose of applying and deploying the server certificate by one key, so that the following obvious advantages are at least realized in the process of applying and deploying the server certificate:
1. the whole process is automatically completed, and the user can obtain the certificate to automatically complete signing, verification and deployment only by submitting an application once, so that the user steps are simplified, the system complexity is reduced, and the user experience is better;
2. the authentication server used for authenticating the certificate can be repeatedly used, so that the user side is prevented from deploying the authentication server by self, and the cost of resources of the user side is reduced.
Therefore, the method can obviously improve the efficiency of the application of the server certificate and reduce the cost, thereby having obvious technical advantages and beneficial effects.
In order that the invention may be more clearly and fully understood, specific embodiments thereof are described in detail below with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments will be briefly introduced below. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a flow diagram illustrating a one-key application and deployment of a server certificate in an embodiment.
FIG. 2 shows a flow diagram for configuring certificate verification services in one embodiment.
Fig. 3 is a schematic structural diagram of a system for applying for and deploying a server certificate by one key in an embodiment.
Detailed Description
Referring to fig. 1, fig. 1 shows a schematic flow chart of one-key application and server certificate deployment in an embodiment, which specifically includes steps S11 to S15:
step S11: and receiving and analyzing a server certificate request instruction.
Wherein the server certificate request instruction includes information of the certificate subject target server.
Step S12: and sending a certificate application instruction to a third-party certificate authority based on the information of the target server, and receiving certificate verification data returned by the third-party certificate authority.
In this embodiment, the specific implementation process includes:
firstly, a certificate application instruction is constructed according to the information of the target server, the certificate application instruction conforms to the instruction specification of a third-party certificate authority, the certificate application instruction comprises the information of the target server to be applied for a certificate, and specifically comprises the domain name information of the target server.
And secondly, submitting the certificate application instruction constructed in the previous step to a third-party certificate authority, and waiting for the processing and response of the third-party certificate authority.
And under normal conditions, receiving the certificate verification data returned by the third party certificate authority.
Step S13: and configuring a certificate verification service according to the received certificate verification data, and sending a certificate verification instruction to a third-party certificate authority.
Please refer to the flowchart shown in fig. 3 for a specific implementation process of this step.
Step S14: and receiving a response of the certificate verification instruction, and acquiring target server certificate data from a third party certificate authority.
Compared with the prior art, in the embodiment, after the certificate is successfully verified, the substitute user side acquires the target server certificate data from the third-party certificate authority.
Step S15: the target server certificate is deployed to the content distribution network.
In this embodiment, after the target server certificate is obtained, the target server certificate is deployed to the content distribution network.
Referring to fig. 2, fig. 2 is a flowchart illustrating a configuration certificate verification service in an embodiment, which specifically includes steps S21 to S23.
Step S21: and connecting the authentication server.
In the prior art, a user is required to deploy a separate server for responding to a certificate verification instruction of a third-party certificate authority, and in this embodiment, at least one verification server is built in a default server for responding to the certificate verification instruction of the third-party certificate authority. When a server certificate is newly applied, the information of the authentication server needs to be configured according to the information of the server.
Step S22: sending the certificate verification data to a verification server;
and sending the certificate verification data to a verification server, and storing the certificate verification data to a fixed position after the verification server receives the certificate verification data.
Step S23: and setting the information of the verification server as the information of the target server.
In this embodiment, by this step, the authentication server is configured as the configuration of the target server, and then, the authentication server may replace the target server in response to the certificate authentication instruction of the third party certificate authority in place of the process of the user building the authentication server.
Referring to fig. 3, fig. 3 is a schematic structural diagram illustrating a system for applying for and deploying a server certificate by one key in an embodiment, where the system for applying for and deploying a server certificate by one key includes a first processing module 10 and a second processing module 11. Wherein:
the first processing module 10: the system is used for processing and responding to a user request, completing one-stop application of a target server certificate, processing a response of a third-party certificate authority, and automatically deploying a certificate file to a content distribution network.
The second processing module 11: the certificate authority is used for constructing a verification server environment and responding to a certificate verification instruction of a third-party certificate authority.
In addition to the system, a third party certificate authority is included which is responsible for providing services for issuing certificates and certificate data validation for the present system.
An embodiment of the present application further provides an electronic device, where the electronic device includes a processor and a memory, where the memory stores an executable program, and when the executable program runs on a computer, the computer executes the method and the system described in any of the above embodiments.
It should be noted that, all or part of the steps in the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, which may be stored in a computer-readable storage medium, which may include, but is not limited to: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (7)
1. A method for one-key application and server certificate deployment is applied to a content distribution network, and is characterized by comprising the following steps:
step S11: receiving and analyzing a server certificate request instruction, wherein the server certificate request instruction comprises information of a target server;
step S12: sending a certificate application instruction to a third-party certificate authority based on the information of the target server, and receiving certificate verification data returned by the third-party certificate authority;
step S13: according to the received certificate verification data, configuring a certificate verification service, and sending a certificate verification instruction to a third-party certificate authority;
step S14: receiving a response of the certificate verification instruction, and acquiring target server certificate data from a third party certificate authority;
step S15: the target server certificate is deployed to the content distribution network.
2. The method of one-touch application and deployment of target server certificates of claim 1, wherein the information of the target server comprises a domain name of the target server.
3. The method for requesting and deploying a target server certificate by one key as claimed in claim 1, wherein the step S12 specifically comprises the following implementation steps:
constructing a certificate application instruction according to the information of the target server;
submitting the certificate application instruction to a third party certificate authority;
and receiving the certificate verification data returned by the third party certificate authority.
4. The method for one-touch application and deployment of a target server certificate as claimed in claim 1, wherein in step S13, the implementation of the configuration certificate verification service includes the steps of:
connecting a verification server, wherein the verification server is used for responding to a certificate verification instruction of a third-party certificate authority;
sending the certificate verification data to a verification server;
and setting the information of the verification server as the information of the target server.
5. The method of claim 4 in which said authentication server in response to a certificate authentication command from a third party certificate authority comprises:
receiving and analyzing a certificate verification instruction of a third party certificate authority;
returning locally stored certificate verification data to the third party certificate authority.
6. A system for one-touch application and deployment of server certificates, comprising:
a first processing module: the system is used for processing and responding to a user request, completing one-stop application of a target server certificate, processing the response of a third-party certificate authority, and automatically deploying a certificate file to a content distribution network;
a second processing module: the certificate authority is used for constructing a verification server environment and responding to a certificate verification instruction of a third-party certificate authority.
7. An electronic device, wherein the system comprises a processor and a memory,
the memory is used for storing an executable program;
the processor is configured to execute the executable program to implement the method of one-touch application and deployment of target server certificates as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011586495.2A CN112702175A (en) | 2020-12-28 | 2020-12-28 | Method and system for one-key application and deployment of target server certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011586495.2A CN112702175A (en) | 2020-12-28 | 2020-12-28 | Method and system for one-key application and deployment of target server certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112702175A true CN112702175A (en) | 2021-04-23 |
Family
ID=75511368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011586495.2A Pending CN112702175A (en) | 2020-12-28 | 2020-12-28 | Method and system for one-key application and deployment of target server certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702175A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115460084A (en) * | 2021-06-09 | 2022-12-09 | 贵州白山云科技股份有限公司 | Security acceleration service deployment method, device, medium and equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103825906A (en) * | 2014-03-14 | 2014-05-28 | 网宿科技股份有限公司 | Enterprise private key self-encryption and self-arrangement method based on content distribution network |
| CN106302476A (en) * | 2016-08-19 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Network node encryption method and network node encryption device |
| CN109818946A (en) * | 2019-01-11 | 2019-05-28 | 网宿科技股份有限公司 | The method and system of CA certificate application and deployment |
| CN111865992A (en) * | 2020-07-23 | 2020-10-30 | 亚数信息科技(上海)有限公司 | ACME centralized management system and load balancing method thereof |
-
2020
- 2020-12-28 CN CN202011586495.2A patent/CN112702175A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103825906A (en) * | 2014-03-14 | 2014-05-28 | 网宿科技股份有限公司 | Enterprise private key self-encryption and self-arrangement method based on content distribution network |
| CN106302476A (en) * | 2016-08-19 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Network node encryption method and network node encryption device |
| CN109818946A (en) * | 2019-01-11 | 2019-05-28 | 网宿科技股份有限公司 | The method and system of CA certificate application and deployment |
| CN111865992A (en) * | 2020-07-23 | 2020-10-30 | 亚数信息科技(上海)有限公司 | ACME centralized management system and load balancing method thereof |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115460084A (en) * | 2021-06-09 | 2022-12-09 | 贵州白山云科技股份有限公司 | Security acceleration service deployment method, device, medium and equipment |
| CN115460084B (en) * | 2021-06-09 | 2024-05-24 | 贵州白山云科技股份有限公司 | Security acceleration service deployment method, device, medium and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112291178B (en) | Service providing method and device and electronic equipment | |
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| CN109862605B (en) | Networking method and equipment for terminal equipment | |
| CN106161496B (en) | The remote assistance method and device of terminal, system | |
| CN111147526B (en) | Security authentication method for realizing multi-cloud control across public network | |
| CN110958118A (en) | Certificate authentication management method, device, equipment and computer readable storage medium | |
| JP6931608B2 (en) | Two-dimensional code scan interaction method, system and non-temporary computer readable medium | |
| CN105991565B (en) | Method, system and the database proxy server of read and write abruption | |
| CN110677383B (en) | Firewall wall opening method and device, storage medium and computer equipment | |
| CN107147496A (en) | Under a kind of service-oriented technological frame between different application unified authorization certification method | |
| US9065818B2 (en) | Toggle between accounts | |
| CN105450582A (en) | Business processing method, terminal, server and system | |
| CN108022100B (en) | Cross authentication system and method based on block chain technology | |
| CN110535665B (en) | Method, device and system for signing and issuing same-root certificate on line | |
| CN106375442A (en) | Cross-platform device information management method and apparatus | |
| CN107872445A (en) | Access authentication method, equipment and Verification System | |
| CN107274182B (en) | Service processing method and device | |
| CN112702175A (en) | Method and system for one-key application and deployment of target server certificate | |
| CN113784354A (en) | Request conversion method and device based on gateway | |
| CN108228280A (en) | The configuration method and device of browser parameters, storage medium, electronic equipment | |
| CN116996305A (en) | Multi-level security authentication method, system, equipment, storage medium and entry gateway | |
| CN115277001B (en) | Certificate distribution method, device, system and medium for co-building shared network | |
| CN115190483B (en) | Method and device for accessing network | |
| CN109861982A (en) | A kind of implementation method and device of authentication | |
| CN113411771B (en) | Bluetooth control method and device for vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210423 |