About SSL certificates

Preface

stay HTTPS The agreement is popular today , What it needs for communication SSL Certificates are also indispensable , If access does not SSL Certificate website , It's like this ：

that , What exactly is SSL certificate ？ What does it do ？ What are the types of ？

today , Here is a brief summary .

SSL Concept of certificate

SSL Certificates are issued by a trusted digital certification authority CA, Issue... After verifying the identity of the server , It also has the functions of server authentication and data transmission encryption . Simply put, let your website pass HTTPS A necessary file for encrypted transport protocol access .

Digital certification authority CA

CA It's the certification authority , It is the core of the public key infrastructure .CA Is responsible for issuing certificates 、 Certification certificate 、 Managing the authorities that have issued certificates . It needs to develop policies and concrete steps to verify 、 Identify the user , And sign the user certificate , To ensure the identity of the certificate holder and the ownership of the public key .

CA The certificate of the user also contains the public key and private key . Public users on the Internet are authenticated CA To trust CA, Anyone can get CA Certificate （ With public key ）, For verification CA The certificate issued .

SSL Role of certificate

SSL The certificate contains the identification information of the public key and private key owners of the key pair , The authentication of the certificate holder is realized by verifying the authenticity of the identification information .

HTTPS One of the core parts is the handshake before data transmission , The password for data encryption is determined during the handshake , During the handshake , The website will send SSL certificate .

SSL The certificate is similar to our daily ID card , It's a support HTTPS Identification of the website , It contains ：

• Domain name of the website
• The certificate is valid for
• Certification authority
• The public key used to encrypt the transmission password

Because the public key encrypted password can only be decrypted by the private key generated when applying for the certificate , Therefore, the browser needs to check whether the domain name currently accessed is consistent with the domain name bound on the certificate before generating the password , At the same time, the certification authority should be verified , If the verification fails, the browser will give a certificate error prompt .

SSL Access to certificates

If you want to get SSL certificate , There are the following ways ：

1. towards CA Apply for a certificate ： If a user wants to obtain a certificate , We should go first to CA Apply ,CA After identifying the applicant , Assign it a public key , And bind the public key with its identity information , Sign the whole , The signed whole is the certificate , Return it to the applicant .
2. Make your own test certificate ： See the previous article for specific methods 《Mac Top production SSL certificate 》, It is mainly used for development and testing .

SSL The type of certificate

SSL Certificates are classified according to different functions and brands , but SSL Certificate as an international product , The most important thing is product compatibility （ That is, the embedded technology of document root ）, Because he solved the trust problem that netizens log in to the website , Internet users can go through SSL Certificate easily identify the real identity of the website .SSL Certificates are divided into the following categories ：

• Domain type SSL certificate （DV SSL）
• Enterprise type SSL certificate （OV SSL）
• Enhanced SSL certificate （EV SSL）

Domain type SSL certificate （DV SSL）

Simple type that only verifies the ownership of website domain name SSL certificate , This kind of certificate can only be used to encrypt confidential information of the website , Can't prove the real identity of the website to users . For personal websites 、 A small organization or business website 、 Various encryption applications （ Such as database and instant messaging protocol ）.

Enterprise type SSL certificate （OV SSL）

Standard type that needs to verify the true identity of all units on the website SSL certificate , The buyer is required to submit the official registration certificate such as the organization information and the unit authorization letter , It can not only encrypt the confidential information of the website , And can prove the true identity of the website to users . therefore , It is recommended to use in all e-commerce websites , Because what e-commerce needs is online trust and online security .

Enhanced SSL certificate （EV SSL）

Again based on SSL/TLS Security protocols , Both are used for authentication of websites and encryption of information transmission on the Internet , But the verification process is more specific , More validation steps , The website bound by the certificate is more reliable , trusted , It's like normal SSL The difference between certificates is also obvious , More information will be displayed on the certificate , It's not just the information of the company that the website belongs to , And the company address and so on ; After deploying the certificate , When a user opens a web site , The browser address bar will display green , The address bar will also display the name of the organization to which the website belongs , Especially suitable for Finance 、 insurance 、p2p、 Online retailers 、 Online payment and other industries .

summary

1. SSL Certificates are mainly used for encryption and decryption in the process of data transmission ;
2. Installed SSL The certificate does not mean that the website is absolutely safe ;
3. When used to develop tests , You can make it yourself SSL certificate .

~ The end of this paper , Thank you for reading ！