Shulou(Shulou.com)06/01 Report--

People have long been indispensable Internet technology, and firmly believe that everyone has already had a basic understanding of Dynamic Web Transfer Protocol certificates, so how to remind SSL Certificates risk? In the case of similar situations, when you log in to the website address at ordinary times, you will find that some are http and some lack https. There are differences between the two, but what should I do when browsing https certificate errors?

The solution to https certificate errors is simply to authenticate two challenges:

1, the certificate is not a reasonable certificate of trust. Trust: The computer browser embeds a root certificate of trust, which means to see if the certificate of the web server is issued by this root of trust or granted by the second level certificate organization of the root of trust. To put it bluntly, it is reasonable to look at whether the web server certificate is within the validity period and whether it has been cancelled.

2. Whether the other party is the reasonable and lawful holder of the certificate. This approach can also be used in response to a reminder of how SSL Certificates risk is handled. Simply verify that the other party has the matching public key for the certificate. There are two ways to authenticate, one is to sign the other party's name, I use the certificate to authenticate the signature; in addition, one is to use the certificate to make an envelope bag to see if the other party can lift it. All the authentication around, except whether the certificate must be cancelled and CA relationship, everything else can be carried out by itself.

This is to say that browsing https certificate error how to do the solution, authentication declaration is not to cancel can choose the credit blacklist method or OCSP method. Credit blacklist is to download a roster directory from CA on time, which has the serial number of cancelled certificates, and check it locally. The advantage is efficiency. Defects are not immediate. OCSP is instant connection CA to authenticate, the advantage is instant, the defect is high efficiency.

So how to deal with the risk of computer browser certificates

Unless it is necessary, you do not have to install a root certificate. When installing the root certificate, be sure to establish the origin of the certificate.

2. For enterprise websites such as online banking, online payment, key e-mail, etc., we must ensure that SSL Certificates are free of problems, and we must refuse to access computer browsers to get warnings that SSL Certificates are wrong. Some community broadband customers must pay attention to this point.

3. Because it is more cost-effective for individuals to apply for SSL Certificates nowadays, we must pay attention to fraudulent websites with reasonable and legal SSL Certificates (more common overseas). Less fraud website, less to deal with browsing https certificate error how to do this kind of problem, for fraud website, must recognize the website domain name, in addition do not believe which award-winning information, in addition to install protection software containing fishing safety protection role.

Left and right are responses about how computer browser certificate risks are handled. Now our daily life is increasingly indispensable to the convenience of the Internet, the rapid development trend of Internet technology will promote the vast universe into a global village, the communication between the north and the south will not be limited, but with the network information security has gradually become the most important part of the Internet, some hacker technology to make full use of the network to infringe on the privacy protection of others, https certificate as http website protection layer thickness, to maintain network security is particularly important.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.