SSL and digital certificates

SSL (Secure Socket Layer ):

It is a security transfer protocol designed by Netscape mainly for web. From the name, we can see that it is responsible for implementing the encryption layer mentioned above in the HTTPS protocol stack. Therefore, an HTTPS protocol stack is roughly like this:

In HTTP, for the Client/Server mode, the SSL encryption process is as follows:
1. The client initiates an HTTPS request (such as https://www.google.com/) to the server /).
2. the server sends its digital certificate to the client, which contains the public key of the server. The certificate is described below.
3. The client verifies the digital certificate of the server. If there is no error, continue the following. If there is an error, disconnect and warn the user.
4. The client generates its own key pair and uses the server's public key to encrypt its own key information (the client's public key) and send the ciphertext to the server.
5. The server is decrypted by the client's ciphertext and obtains the client's public key.
6. encrypted communication can be performed between C/S.

 

The server can also require the client to provide digital certificates for two-way authentication. However, in HTTPS applications, the server ignores client authentication.

 

About the digital certificate, here is a brief description of his application. I have not studied its implementation principle, so I will not mention it. General applications can also be ignored. As an HTTPS site, you always need to bind a certificate. The source of the certificate is usually an internationally recognized organization, or other organizations authorized by the organization, that is, the so-called trust chain. Whether the client trusts the certificate of the CA depends on whether the client imports the root certificate of the CA. View