This is the seventh day of my participation in the First Challenge 2022. For details: First Challenge 2022.
preface
Nowadays, HTTPS protocol is very popular, and SSL certificate is also necessary for communication. If you visit websites without SSL certificate, it is like the following:
So what exactly is an SSL certificate? What is its role? What are the types?
Today, here is a brief summary.
Concepts of SSL certificates
An SSL certificate is issued by a trusted digital certificate authority (CA) after authenticating the identity of the server. The SSL certificate provides the server authentication and data transmission encryption functions. Simply put, it is a file necessary for your site to be accessed over HTTPS.
Digital Certificate Authority (CA)
The CA is the certificate issuing authority, which is the core of public key infrastructure. CA is responsible for issuing certificates, certifying certificates, and managing issued certificates. It establishes policies and specific steps to verify, identify, and sign user certificates to ensure the identity of certificate holders and ownership of public keys.
The CA also owns the user’s certificate containing the public and private keys. Public users on the Internet trust CA by verifying CA’s signature. Anyone can obtain CA’s certificate (including public key) to verify the certificate issued by CA.
The function of the SSL certificate
An SSL certificate contains the identification information of the public and private key owners of the key pair. The identity of the certificate owner can be verified by verifying the identification information.
A part of HTTPS’s core is the handshake before the data is transferred, during which the password to encrypt the data is determined, and during which the site sends an SSL certificate to the browser.
SSL certificates are similar to our daily ID cards. They are an IDENTITY certificate for HTTPS enabled sites. They contain:
- Domain name of the website
- Validity of certificate
- Certificate issuing authority
- The public key used to encrypt the transmission password
Because of public-key encryption password can only be decrypted generated when applying for a certificate, so the browser in the generated password before need to check the current access and binding on the certificate of domain name is consistent, but also to validate the certificate issuing authority, if validation fails the browser will give a certificate error prompt.
How to obtain the SSL certificate
If you want to obtain an SSL certificate, you can:
- Apply for a certificate from the CA: The user applies for a certificate from the CA. After identifying the identity of the applicant, the CA assigns a public key to the applicant, binds the public key to the identity information, and signs the signed whole. The signed whole is the certificate and sends it back to the applicant.
- Make your own test certificates: See the previous article “Making SSL Certificates on Mac” for more information on developing test requirements.
Type of the SSL certificate
SSL certificates vary according to their functions and brands. However, as an international product, the most important aspect of SSL certificates is product compatibility (certificate root embedded technology), because SSL certificates solve the problem of trust of web users when they log in to websites. Internet users can easily identify the real identity of websites through SSL certificates. SSL certificates are classified into the following types:
- Domain name SSL Certificate (DV SSL)
- Enterprise SSL Certificate (OV SSL)
- Enhanced SSL Certificate (EV SSL)
Domain name SSL Certificate (DV SSL)
Simple SSL certificates that only verify the ownership of a website’s domain name. These certificates only encrypt confidential information about the site and do not prove the site’s true identity to the user. It is suitable for personal websites, websites of small organizations or enterprises, and various encryption applications (such as databases and instant messaging protocols).
Enterprise SSL Certificate (OV SSL)
The standard SSL certificate is required to verify the real identity of all units of the website. It requires the buyer to submit the information of the organization and the authorization letter of the unit and other certificates registered in the official register. It can not only encrypt the confidential information of the website, but also prove the real identity of the website to the user. Therefore, it is recommended to use on all e-commerce sites, because e-commerce requires online trust and online security.
Enhanced SSL Certificate (EV SSL)
It is also based on SSL/TLS security protocol, which is used for website authentication and information transmission encryption on the Internet, but the authentication process is more detailed, authentication steps are more, the certificate bound to the website is more reliable, reliable, it is different from ordinary SSL certificate is obvious, the certificate will display more information. Not only the company information, but also the company address and so on; After the certificate is deployed, when the user opens the website, the browser address bar will show green and the name of the organization to which the website belongs will be displayed in the address bar, which is especially suitable for finance, insurance, P2P, e-commerce, online payment and other industries.
conclusion
- The SSL certificate is used to encrypt and decrypt data during transmission.
- Having an SSL certificate does not necessarily mean that a site is completely secure;
- You can make your own SSL certificates for development tests.
~
Thanks for reading!
~
Learn interesting knowledge, meet interesting friends, shape interesting soul!
Hello everyone, I am the author of “programming Samadhi”, I am king Yi, my public account is “programming Samadhi”, welcome to pay attention, I hope you can give me more advice!
You come, with expectations, I have ink to welcome! You return, no matter gain or loss, only to yu Yun give each other!
Knowledge and skills should be paid equal attention to, internal force and external power should be repaired simultaneously, theory and practice should grasp both hands, both hands should be hard!
~