Catalog

What is? CA certificate

CA Certificate establishment

CA Certificate in HTTPS How is it applied in

CA Certificate in HTTPS The role of

What is? CA certificate

        CA certificate , Is the core of the public key infrastructure , yes CA Identification certificate issued by the institution . If the web page does not apply CA certificate , When you visit, you will be prompted that there is no certificate .

CA Certificate establishment

First, the server will generate its own public and private keys , Server application CA certificate , You need to give the public key to CA Institutions .

The next step is to create... For this server CA certificate .CA The certificate structure is as follows ： Content and signature part I ： The public key of the server , Server name 、 Name of authorization center 、 The period of validity 、 Serial number, etc ： digital signature .

The first part is compressed with hash encryption algorithm , This is irreversible , The original data cannot be obtained from the compressed data .

CA The organization assigns a set of... To the server CA The public and private keys of . Of course “ Distribute ” Private key to the server , Not to the server , Only for encryption .CA The organization uses the private key to encrypt the compressed content , Get a digital signature .

CA The certificate is sent to the server .

CA Root certificate CA The root public key is built into the browser ,CA The root certificate is built into the client's operating system .

CA Certificate in HTTPS How is it applied in

now https Request flow ： First, three handshakes are established TCP Connect .

TCP Three handshakes , Establishing a connection .

The server sends the certificate to the client .

Client receives Certificate , Put the... On the certificate CA Root certificate and operating system built-in CA Root certificate matches .

If the match fails , The certificate is illegal . The match is successful , Continued to .

The client gets a piece of data by hashing the contents of the certificate .

The client uses the browser built-in CA Public key decryption digital signature , Get a piece of data .

Comparison of two sections of data , If the same , It means no problem .

If different , The certificate may have been modified or not used CA Public key encryption .

Actions after matching certificates , It's protection CA Of the certificate itself .

The client generates a random symmetric key , Use the public key of the server （ Get by certificate ） Encrypt this key , Send it to the server .

Then, the symmetric key generated by the client is used http signal communication .

CA Certificate in HTTPS The role of

stay https in CA The role of the certificate is to judge whether the website is legal , By the way, bring the public key of the server to the client .

Be careful ：

        CA The certificate confirms whether the website is legal .

        HTTPS The data encryption of is the random key generated by the client and the public key of the server 、 Private key completed .

Keep early hours , A thousand li a day