Shulou(Shulou.com)06/01 Report--

With the increasingly serious situation of network security, the entire Internet community seems to have reached a consensus: to do everything possible to improve the security of the website. There are many security technologies, among which SSL/TLS asymmetric encryption technology and the corresponding PKI public key architecture is one of the most important technologies. Because of its technical branch is more complex, here only a few knowledge points to do, in order to help readers better understand SSL.

Terms: SSL, TLS and HTTPS, although they have different exact meanings, as representative terms of asymmetric encryption, they can be replaced with each other in many contexts.

What is the process of applying for a https certificate to a website?

Before moving on to this topic, let's review the PKI architecture. User, server, and CA are the three roles in PKI. The user party receives the certificate issued by server and verifies it through the list of trusted CA (root certificates) contained in user's own client (browser or other APP programs). Only when it is confirmed that the https certificate provided by the server is signed by trusted CA can https communication continue.

So our https certificate must be issued by mainstream CA. Why emphasize "mainstream"? Because the list of trusted CA used by different browsers may be different. IE,firefox,chrome, each with its own collection of root certificates. Large e-commerce sites are bound to use the best-known CA institutions, such as verisign (which has been acquired by symantec), enTrust, and so on.

When applying for a certificate, you need to provide the CA institution with the certificate issuance application CSR document (certificate sigining request). Most web services that support https can generate CSR files. The steps are as follows:

1. Generate public and private key pairs according to RSA algorithm. The private key is a file with the suffix .key that needs to be kept in secret, and the public key is in the .csr file. The csr file also includes the organization name, domain name, contact mailbox and other information entered in the process of generating CSR.

two。 Send the CSR file to the certificate provider, such as verisign. The supplier processes the CSR file, sets the expiration date, and does the most critical action: sign the certificate with the supplier's own private key. This generates a valid SSL certificate.

3. After the user receives the certificate, on the web server (or load balancer and other devices), use the previous private key file and the received public key certificate as the key pair to generate the SSL configuration file and bind it to the corresponding web site.

How does the client validate https certificates and ensure that encrypted communications are secure?

Take web access as an example:

1. The customer launches a browser program to visit an https encrypted site.

two。 The browser tries to shake hands with SSL, sends a list of the various encryption algorithms it supports, and obtains the list of supporting algorithms and the certificate of the site from the site.

3. The browser reads the digital signature part of the certificate and decrypts it with the corresponding public key certificate in its root certificate list. If the decryption is successful and the hash value of the certificate matches the hash value in the signature, it can be proved that the certificate provided by the site was indeed issued by the CA root certificate. This so-called "non-repudiation".

Because the browser's own root certificate is obtained by default with the installation of the browser program, its security depends on the security supervision mechanism of the browser provider. No wonder companies such as google strictly monitor possible CA fraud on internet. For specific cases, please see the next section.

What's with the intermediate certificate?

SSL supports certificate chains, so you can issue an intermediate certificate from a root certificate (you may continue to issue second-and third-level intermediate certificates), and finally to terminal certificates. The main considerations are as follows:

1. Scalability: according to different service levels, the terminal certificate is issued using the private key of different intermediate certificate.

two。 Risk isolation: if the private key of any intermediate certificate is stolen, the intermediate certificate can be revoked immediately (revoke), while other intermediate certificates can keep their security unaffected.

3. Commercial authorization: the root certificate manufacturer issues an intermediate certificate to the secondary certificate manufacturer (that is, authorization), and the secondary manufacturer can issue the terminal certificate to its own customers. There is a problem of safety supervision. Last year and this year, there have been major security incidents in which French Information Systems Security Agency (ANSSI) and intermediate certificate manufacturers authorized by China's CNNIC maliciously (claiming to be "unintentional") issued certificates for google domain names.

The ANSSI incident, which claimed to be "improper use, used its own public network CA root certificate to issue the google domain name certificate to the internal private network environment for internal test use". But it is clear that this excuse is untenable. Whether this certificate can be used on the public network depends entirely on which CA root certificate is used to issue it. If you use the public network CA root certificate (that is, the root certificate set that belongs to the default configuration of the browser) for signing, you can definitely use it on the public network. As long as you set up a phishing site to bind this fraud certificate, coupled with DNS hijacking (which is easy to do), all users' google encrypted information can be stolen. I'm really scared. No wonder Microsoft, Google and other companies quickly revoked this fraud certificate (revoke) through various channels.

The CNNIC event is similar. It issued an intermediate certificate to an Egyptian company that illegally issued a certificate for the google.com domain name. Because of the design of the SSL certificate chain, as long as the users who trust the CNNIC root certificate, they will also trust this Egyptian company's fraud certificate. Of course, CNNIC was also expelled by browsers such as chrome.

Friends, the intermediate certificate is as important as the root certificate.

Example of intermediate certificate:

In addition, mention the EV (extended validation) certificate. This is also an intermediate certificate and is more "secure" in terms of browser performance. Take the chrome browser as an example, the security icon on the left side of the site name of the site using the EV certificate is green with a box, which is slightly different from the site issued by the ordinary intermediate certificate (green without a box). EV is exactly the same as other intermediate certificates in algorithm. Whether it can reflect the "more secure" icon also depends on the support of the browser. It can be understood that the website has purchased the VIP service of the CA vendor, but it does not mean that the certificate is necessarily more secure in algorithm. As for the security of the algorithm, please read on.

Why do I upgrade my SSL certificate to SHA256 algorithm, but still show SHA1 in my browser?

-- the difference between the security of the certificate algorithm and the SSL/TLS algorithm of the site

There are many schools of encryption algorithms, which is really easy to be confused. Even experienced IT engineers can't tell which algorithms are provided by certificates and which are provided by the site itself.

RSA: certificate is provided. Asymmetric encryption algorithm. Most SSL certificates use this algorithm to generate public and private key pairs. Used to encrypt / decrypt symmetric keys in a SSL/TLS session. The RSA2048bit algorithm is secure and does not need to be upgraded or replaced at this time.

MD5/SHA1/SHA2: certificate is provided. Hash / hash / digest algorithm. Used to verify the authenticity of the signature. Sort by security, MD5

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.