Recently, various AEP projects are in full swing, and some external ISVs have begun to be connected;
Wen Bodhisattva also wrote a lot of articles about WS-S and https, as well as some experience in the isV debugging process; so, I also learned something about Web application interaction security, mainly about digital certificates and their extensions;
This article briefly introduces the basic concepts of digital certificates and plays an interesting role. If you are interested, you can follow the learning roadmap below;
I wanted to sort out all the knowledge points in the process. When I went to the system and learned everything, I found that everything was huge and complicated. I could not just say it clearly in a few words, so I decided to post a road map for the moment;
About digital certificates
Digital Certificates are a series of data that mark the identity information of network users. They are used to identify communication parties in network communication, that is, to resolve "who am I? "The problem is as if in reality each of us has an ID card or driver's license to prove our identity.
Digital certificates are issued by an authoritative and impartial third-party organization, namely the CA center, encryption technology with digital certificates as the core can encrypt and decrypt the information transmitted over the network, digital signatures and signature verification to ensure the confidentiality and integrity of information transmitted over the Internet, as well as the authenticity of the transaction entity identity and the non-repudiation of signature information, thus ensuring the security of network applications.
Digital Certificates mainly adopt public key cryptography (asymmetric encryption algorithms), that is, they use a pair of matching keys for encryption and decryption. For more information about the algorithm principles and trial scenarios of the public key cryptography system, see the Technical Forum http: // 10.0.32.22: 8080/confluence/pages/viewpage. Action? In pageid = 5787, "Introduction to common encryption algorithms & Alibaba login-free solutions" is provided. At present, the most popular RSA Algorithms are used in certificates. Of course, the applications of hash and symmetric encryption algorithms are also involved in communication with digital certificates;
The digital certificate format follows the CCITT X.509 standard and mainly contains the following information:
Certificate version
The serial number of the Certificate. Each certificate has a unique serial number.
Signature Algorithm Used by the certificate
Name of the Certificate Issuer. The naming rules are generally in the X.500 format.
The validity period of the Certificate. Currently, general certificates generally use the UTC time format. The time range is 1950-2049.
Name of the certificate owner. The naming rules are generally in the X.500 format.
Public Key of the certificate owner
Certificate Issuer's signature to the certificate
You can select a certificate from Internet option-content-certificate to view its details, which includes the above basic information;
After learning about the basic concepts of digital certificates, you can learn more;
1. Understand the standards of X.500 And X.509.
2. Understand Ca and CRL
3. Understand the CA authentication process, including CSR, CRT, and pfx.
4. Understanding about PKI
5. Understand https, SSL/TLS
6. use SSL handshake to master the working principle of the digital certificate.
7. LDAP (optional, which is good for consolidating PKI and certificate formats)
At this point, you should have a comprehensive understanding of Web Security Communication (Digital Certificate) after learning the above items;
PS: You can refer to the following articles during your learning process and write well.
PKI technology and application development guide
Introduction to PKI
PKI standards
LDAP Introduction