堆栈内存溢出
  简体   繁体   English

我如何获得ssl证书才能与django应用程序一起使用

[英]How do I get ssl certificate to work with my django app

 原文  2011-12-11 13:44:36       django/ ssl/ apache2/ ssl-certificate

问题描述

I have purchased an ssl certificate and installed it on my ubuntu apache2 server as directed by the issuer. 我已经购买了ssl证书,并按照发行人的指示将其安装在我的ubuntu apache2服务器上。 I then then added the following to /etc/apache2/sites-available/ssl-[mysite]: 然后,我将以下内容添加到/ etc / apache2 / sites-available / ssl- [mysite]: 

<VirtualHost *:443>
    ServerAdmin [me]@[mysite]
    ServerName  www.[mysite]
    ServerAlias [mysite]

    # Indexes + Directory Root.
    # DirectoryIndex index.html index.htm index.php
    DocumentRoot [mysite htdocs]

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/[mysite].crt
    SSLCertificateKeyFile /etc/apache2/ssl/[mysite].key
    SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt

    WSGIScriptAlias /[myapp] /[myapp location]

</VirtualHost>

The ssl certificate is working like a dream for my base url, giving my the green lock symbol, but when I go to my app directory the lock symbol has a big red cross over it and I get this worrying message: ssl证书对我的基本URL像一个梦一样工作,给了我绿色的锁符号,但是当我进入我的应用程序目录时,锁符号上有一个很大的红叉,并且我得到以下令人担忧的消息:

Your connection to [mysite] is encrypted with 256-bit encryption. 您与[mysite]的连接已使用256位加密进行了加密。 However, this page includes other resources which are not secure. 但是,此页面包括其他不安全的资源。 These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page. 这些资源可以在传输过程中被其他人查看,并且可以被攻击者修改以更改页面的行为。

This obviously will scare away practically anyone, is this an issue with Django or with my apache config or what? 显然,这几乎会吓跑任何人,这是Django还是我的apache配置问题还是什么?

I have know idea where to start with this, so suggestions are welcomed 我知道从哪里开始,所以欢迎提出建议

1 个解决方案

解决方案1
 1 已采纳  2011-12-11 14:02:17

This warning means that you even though you are redirecting to an HTTPS link you are sending parts of your page over plain HTTP. 此警告意味着即使您重定向到HTTPS链接,您也将通过纯HTTP发送页面的一部分。
You should make sure that everything is over HTTPS to avoid this warning and pottential vulnerability. 您应该确保一切都通过HTTPS进行以避免该警告和潜在的漏洞。

I can't give you any hints on how to fix this since you haven't said much on your application and I don't know the apache2 configuration but hopefully you now have a starting point to see what to fix. 由于您对应用程序的讨论不多,而且我不了解apache2配置,因此我无法为您提供任何解决方法的提示,但希望您现在有一个起点来查看要解决的问题。

Usually you will see this warning on sites that have advertisments or embedded images 通常,您会在具有广告或嵌入图像的网站上看到此警告

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Nginx如何获取Django应用的SSL证书 - Nginx how to get an SSL certificate for a Django app 如何让Phusion Passenger与Django for App Engine一起使用? - How do I get Phusion Passenger to work with Django for App Engine? 如何在 Python 中更新 SSL 证书? - How do I update an SSL certificate in Python? 如何在不受信任的 Django 应用程序上修复 Comodo SSL 证书? - how to fix Comodo SSL certificate on Django app not trusted? 我需要为我的新域购买 SSL 证书吗? - Do I need to buy an SSL certificate for my new domain? 如何在Django中检索SSL证书? - how to retrieve a ssl certificate in django? 如果 Django 不提供我的前端应用程序,我如何为 Django 的 auth contrib 视图获取 CSRF 令牌? - How do I get a CSRF token for Django's auth contrib views if my frontend app is not served by Django? 我如何使 djangoCMS url 与我的 django 应用程序 url 一起使用? - How do i make djangoCMS urls to work with my django app urls? 在 Heroku 上运行 Django/React 应用程序时,如何让 collectstatic 工作? - How do I get collectstatic to work when running a Django/React App on Heroku? 我已经将一些 mysql 数据导入到 Django mysql db 中。 如何让 Django 模型与我现有的数据一起工作? - I've imported some mysql data into the Django mysql db. How do I get Django models to work with my existing data?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM