{"id":5989,"date":"2021-10-31T13:56:00","date_gmt":"2021-10-31T06:56:00","guid":{"rendered":"https:\/\/kiencang.net\/?p=5989"},"modified":"2022-02-12T22:55:37","modified_gmt":"2022-02-12T15:55:37","slug":"chung-chi-ssl-la-gi","status":"publish","type":"post","link":"https:\/\/kiencang.net\/chung-chi-ssl-la-gi\/","title":{"rendered":"Ch\u1ee9ng ch\u1ec9 SSL l\u00e0 g\u00ec?"},"content":{"rendered":"\n
M\u1ed9t trong c\u00e1c th\u00e0nh ph\u1ea7n quan tr\u1ecdng nh\u1ea5t c\u1ee7a vi\u1ec7c kinh doanh online l\u00e0 t\u1ea1o ra m\u00f4i tr\u01b0\u1eddng tin c\u1eady n\u01a1i c\u00e1c kh\u00e1ch h\u00e0ng ti\u1ec1m n\u0103ng c\u1ea3m th\u1ea5y t\u1ef1 tin, tho\u1ea3i m\u00e1i th\u1ef1c hi\u1ec7n \u0111\u1eb7t h\u00e0ng. <\/p>\n\n\n\n
Ch\u1ee9ng ch\u1ec9 SSL (SSL certificates) t\u1ea1o n\u1ec1n t\u1ea3ng cho ni\u1ec1m tin b\u1eb1ng c\u00e1ch thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i an to\u00e0n (secure connection). \u0110\u1ec3 \u0111\u1ea3m b\u1ea3o ng\u01b0\u1eddi gh\u00e9 th\u0103m trang web c\u00f3 k\u1ebft n\u1ed1i an to\u00e0n, tr\u00ecnh duy\u1ec7t cung c\u1ea5p d\u1ea5u hi\u1ec7u bi\u1ec3u th\u1ecb, b\u1ea1n s\u1ebd th\u1ea5y m\u1ed9t icon d\u1ea1ng kh\u00f3a nh\u1ecf ho\u1eb7c thanh m\u00e0u xanh.<\/p>\n\n\n\n
Ch\u1ee9ng ch\u1ec9 SSL c\u00f3 g\u1ed3m c\u1eb7p kh\u00f3a: m\u1ed9t kh\u00f3a c\u00f4ng khai (public key) v\u00e0 m\u1ed9t kh\u00f3a ri\u00eang t\u01b0 (private key). Nh\u1eefng kh\u00f3a n\u00e0y l\u00e0m vi\u1ec7c c\u00f9ng nhau \u0111\u1ec3 thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i m\u00e3 h\u00f3a (encrypted). Ch\u1ee9ng ch\u1ec9 c\u0169ng bao g\u1ed3m c\u00e1i \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 “\u0111\u1ed1i t\u01b0\u1ee3ng”, ch\u00ednh l\u00e0 th\u1ee9 x\u00e1c \u0111\u1ecbnh ch\u1ee7 s\u1edf h\u1eefu trang web.<\/p>\n\n\n\n
\u0110\u1ec3 t\u1ea1o m\u1ed9t ch\u1ee9ng ch\u1ec9, b\u1ea1n ph\u1ea3i t\u1ea1o m\u1ed9t Y\u00eau c\u1ea7u Ch\u1eef k\u00fd Ch\u1ee9ng ch\u1ec9 (CSR – Certificate Signing Request) tr\u00ean m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n. Qu\u00e1 tr\u00ecnh n\u00e0y t\u1ea1o m\u1ed9t kh\u00f3a ri\u00eang v\u00e0 kh\u00f3a c\u00f4ng khai tr\u00ean m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n. <\/p>\n\n\n\n
File d\u1eef li\u1ec7u CSR m\u00e0 b\u1ea1n g\u1eedi cho nh\u00e0 ph\u00e1t h\u00e0nh Ch\u1ee9ng ch\u1ec9 SSL (c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 CA – Certificate Authority) bao g\u1ed3m kh\u00f3a c\u00f4ng khai. Nh\u00e0 ph\u00e1t h\u00e0nh ch\u1ee9ng ch\u1ec9 SSL s\u1eed d\u1ee5ng d\u1eef li\u1ec7u CSR \u0111\u1ec3 t\u1ea1o ra c\u1ea5u tr\u00fac d\u1eef li\u1ec7u nh\u1eb1m kh\u1edbp v\u1edbi kh\u00f3a ri\u00eang t\u01b0 m\u00e0 kh\u00f4ng l\u00e0m \u1ea3nh h\u01b0\u1edbng \u0111\u1ebfn ch\u00ednh n\u00f3. Nh\u00e0 ph\u00e1t h\u00e0nh ch\u1ee9ng ch\u1ec9 SSL kh\u00f4ng bao gi\u1edd th\u1ea5y kh\u00f3a ri\u00eang.<\/p>\n\n\n\n
M\u1ed9t khi b\u1ea1n nh\u1eadn \u0111\u01b0\u1ee3c ch\u1ee9ng ch\u1ec9 SSL, b\u1ea1n c\u00e0i \u0111\u1eb7t n\u00f3 tr\u00ean m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n. B\u1ea1n c\u0169ng c\u00e0i \u0111\u1eb7t m\u1ed9t ch\u1ee9ng ch\u1ec9 trung gian thi\u1ebft l\u1eadp \u0111\u1ed9 tin c\u1eady c\u1ee7a ch\u1ee9ng ch\u1ec9 SSL b\u1eb1ng c\u00e1ch bu\u1ed9c n\u00f3 v\u00e0o ch\u1ee9ng ch\u1ec9 g\u1ed1c c\u1ee7a CA. C\u00e1c h\u01b0\u1edbng d\u1eabn c\u00e0i \u0111\u1eb7t v\u00e0 ki\u1ec3m tra ch\u1ee9ng ch\u1ec9 s\u1ebd kh\u00e1c nhau t\u00f9y thu\u1ed9c v\u00e0o m\u00e1y ch\u1ee7 b\u1ea1n d\u00f9ng.<\/p>\n\n\n\n
Trong h\u00ecnh b\u00ean d\u01b0\u1edbi, b\u1ea1n c\u00f3 th\u1ec3 th\u1ea5y c\u00e1i g\u1ecdi l\u00e0 chu\u1ed7i ch\u1ee9ng ch\u1ec9 (certificate chain). N\u00f3 k\u1ebft n\u1ed1i ch\u1ee9ng ch\u1ec9 m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n v\u1edbi ch\u1ee9ng ch\u1ec9 g\u1ed1c c\u1ee7a nh\u00e0 cung c\u1ea5p ch\u1ee9ng ch\u1ec9 SSL th\u00f4ng qua ch\u1ee9ng ch\u1ec9 trung gian.<\/p>\n\n\n\n