The following article is called what happened in the first few milliseconds of the HTTPS connection, is a translation, well written, and very helpful for understanding HTTPS.
http://blog.jobbole.com/48369/
The following link is Baidu Library digital certificate of the composition and principle of good!
Http://wenku.baidu.com/link?url= Ltd6w7rvwcjltpmq0737tndyov-mvkwa5dioi3qo3lhswew4l-zfiigm7dmffqc-gipkaenacqc0im86x8vsq8shmju1q63nf5dlvj0zgaq
After reading the article, I simply say the following understanding, the general HTTPS, is to prepare a CA certified certificate on the server, to indicate their identity, and with their own public key. The client uses this public key to encrypt the key of the symmetric algorithm to be used next, so that the key of the symmetric algorithm can safely reach the server side. In fact, the encryption process behind the CA or not, as long as there is a self-generated by the use of tools to complete the encryption task, CA certification role, is to ensure the authenticity of the website. Because the certificate contains a piece of data encrypted by the CA's private key, this data only the CA's public key can be decrypted, and the CA's public key, the fame is very large, is installed in the operating system in advance! CA public key security and correctness, by the operating system maintenance, so if the system can be decrypted correctly, then the certificate must be issued by the CA, it will ensure that the server's unique identity!
In iOS and Android, if the address of the access is HTTPS, and the certificate is not issued by the CA, then there will be problems, inaccessible, need to join the Ignore certificate error settings! For example, when using afnetworking manager.securityPolicy.allowInvalidCertificates = YES;
Some essential knowledge about HTTPS and digital certificates