Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

The working mechanism of SSL certificate

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

In recent years, network security is becoming more and more important for the development of the Internet. So far, HTTP plaintext protocols have turned to HTTPS encryption protocol, because SSL certificate in HTTPS is the simplest and fastest network security solution on the Internet. SSL in SSL certificate refers to secure socket layer (secure soket layer), which can encrypt the information between the client and the server to ensure the security of the information between them.

When a user visits a website with a SSL certificate deployed through a browser, the browser automatically recognizes the type of SSL certificate, and then the SSL certificate sets up a secure link (session) between the WEB server and the browser. This process is called the "SSL handshake". The SSL handshake occurs instantly and cannot be viewed by the user and does not require user intervention.

The work of a SSL certificate involves three keys: a public key, a private key, and a session key. Data encrypted by the public key can only be decrypted with a matching private key, and vice versa. Both public and private keys exist in pairs, and we also call them asymmetric key pairs.

In general, using private and public keys to encrypt and decrypt the reality requires a large process, so it is used to create a symmetric session key during the SSL handshake. After a secure connection is established, the session key is used to encrypt all transmitted data, because the symmetric key encrypts the data much more efficiently than the asymmetric key.

Functions of SSL certificates

SSL certificate has two important functions

1) SSL encryption, which allows users to securely transmit data over the Internet

2) Authentication to verify whether the server is secure and legal.

Server browser communication-understand how SSL certificates work

When a user visits a SSL secure website

The browser attempted to connect to the SSL encrypted website.

The browser then asks the Web server to identify itself.

For identification, the server sends a copy of the SSL certificate to the browser.

Now the browser analyzes the certificate and verifies that it is trusted.

If the browser trusts the certificate, a message is sent to the server

After that, the SSL encryption session is started and the server sends back a digital signature to confirm it to the browser.

Data shared between the browser and the server is being encrypted and HTTPS and associated security identities appear.

How do I enable HTTPS encryption?

Obtain the SSL certificate:

First, you must have an SSL certificate to enable HTTPS encryption. There are three types of SSL certificates: (1) domain authentication, (2) organizational authentication, and (3) extended authentication. Server users can apply for the appropriate SSL certificate type from the digital certificate authority (CA) according to their own needs.

Generate CSR and private key: after selecting the SSL certificate type, the next step is to generate the CSR and private key. CSR refers to the certificate signing request, which can be generated through the CSR tool provided by the CA institution or the CSR tool in the server management tool. In the process of CSR generation, you need to fill in the correct information to obtain the CSR file and private key in encoded (encrypted) format. Then the CSR contains server information and unit information, and submitted to the CA organization. The private key is saved in a secure location on the server or local drive.

Domain name verification: after the CSR and private key are generated, the certificate will require the applicant to submit multiple relevant documents for verification. In general, the domain name verification process will be completed by email or uploading files to check the information of the domain name registrar.

Organizational verification (OV), extended verification (EV) and code signing certificates: related business document verification is mandatory. When applying for these certificates, the user needs to submit the documents required by the digital certificate authority. After verification, a certificate can be obtained if the document meets the requirements of CA.

Note: the documents required for CA may change from one permission to another.

SSL installation: after the relevant information of the application is verified by the CA organization, CA will issue the relevant SSL certificate to the applicant. Applicants can install SSL certificates based on the server system type. This site also provides a guide to install the SSL certificate server. For more information, please see the SSL certificate deployment guide.

When the server correctly installs the SSL certificate, the website can launch HTTPS. When visitors visit a SSL encrypted website through a browser, a secure link is established with the WEB server.

How do I find the identity of a deployed SSL certificate for a website in a browser?

Domain Authentication SSL (DV) certificates-Web sites protected with DV SSL certificates will only display HTTPS with green locks.

Organization verifies SSL (OV) certificates-SSL certificates secured with OV SSL certificates will display HTTPS with a green lock and display business information in the website seal.

Extended validation of SSL (EV) certificates-sites that use EV SSL certificates will display HTTPS, the green address bar and the organization name in URL, and business information will also be displayed in the website seal.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report