, &NB Sp , &NB Sp  TSL/SSL protocol netscape the first SSL (secure Socke TS layer Secure Sockets Layer). As a security protocol, SSL encrypts the network at the transport layer. Layer Seven (physical-data Link-network-transport-session-presentation-application) The encryption and decryption process has been completed before the application layer. Later Iete standardized it, calling it TLS (Transport Layer Security Transport Layer Protocol) TSL/SSL is a public/private key asymmetric structure, both the client and the server store their private key and the opposite public key, when sending the data will be encrypted with the opposite public key , the data will be decrypted with your private key after it is received. However, there is a problem in the process of exchanging public keys between the client and the server, there is the possibility of a man-in-the-middle forgery to obtain the public key of both, so that the data can be forged, and the fake site will respond to the user. At this time Tls/ssl introduced a digital certificate. The digital certificate includes: server name host name Server public key Name of the signing authority signatures from signature authorities. Wikipedia above on the explanation of the certificate: The contents of the certificate include: information of the electronic visa office, public key user information, public key, signature and expiration date of the authority, etc. Currently, certificate formats and validation methods generally follow x.509 international standards. The signature in the certificate confirms that the received public key is from the target server before the connection is established, resulting in a trust relationship. But there is a problem, the certificate how to come, you need a third-party agency, CA (Certificate authority, digital Certificate Certification center), Its role is to issue certificates to our site. How to get a signing certificate???? The server will first generate a CSR (certificate athourity request) certificate signing requests file from its own private key, and the CA issues a signed certificate that belongs to the service based on this file. The CA generates a digital certificate based on its own private key of the digital certificate Authentication center and the public key of the requesting digital certificate authority and some information encryption. [Excerpt from RUANYF blog] client when initiating a secure connection, it willFirst go to get the server certificate, and verify with the CA certificate, because the certificate contains the public key information of the server . reference: http://www.ruanyifeng.com/blog/2011/08/what_ is_a_digital_signature.html Pauling: nodejs &NBS P  IF You is goods at 中文版. u can read this:http://www.youdzone.com/signature.html
[Excerpt]tsl/ssl protocol