Shulou(Shulou.com)06/01 Report--

This article mainly introduces the principle of SSL certificate introduction, the sample code introduced in this paper is very detailed, has a certain reference value, interested friends must read!

The use of SSL certificates makes the web address more secure as a technology of encrypted transmission protocol. SSL's waving agreement allows customers and cluster servers to authenticate each other.

The principle of SSL certificate is as follows:

The ① mobile phone client pleads with the network server for HTTPS connection

The mobile client transmits to the network server the firmware version of the SSL protocol of the mobile client, the type of encryption technology, the natural number caused, and all kinds of information necessary for communication between other network servers and mobile clients.

The ② network server checks and returns the certificate

The network server transmits the firmware version of the SSL protocol, the type of encryption technology, natural number and other basic information to the mobile client. In addition, the network server will also transmit its own certificate to the mobile client.

The ③ mobile client verifies the certificate sent by the network server.

The mobile client uses the information sent from the network server to verify the legality of the network server, which includes whether the certificate expires, whether the CA of the publishing server certificate is reliable, whether the public key of the issuer certificate can properly remove the "issuer's electronic signature" of the server certificate, and whether the domain name on the server certificate matches the actual domain name of the network server. If the legal verification is unfounded, the communication will be cut off; if the verification is passed, it will be carried out again.

The content of the ④ message is verified, and the mobile client is converted into any key A, which is encrypted with public key data and sent to the network server.

The public key of the network server can be obtained from the certificate verified in step ③. Any key converted by the mobile client uses this public key to encrypt the data. After the data is encrypted, only the network server (with the private key) can be deciphered to ensure security.

The ⑤ network server deciphers any key A with a private key, and then the communication uses this arbitrary key A to encrypt the data.

The whole process of waving does not include the logic of verifying the identity of the mobile client. Because in most cases, HTTPS only verifies the identity of the web server. If you want to verify the identity of the mobile client, the mobile client must have a certificate, which must be sent to the certificate when waving, and this certificate must be cost.

After talking about the principle of SSL certificate, let's take a look at the SSL certificate workflow:

1. The customer connects to your Web site name, which is maintained by the server certificate. (you can start by inquiring whether the URL is used for "https:", or the computer browser will show you the relevant information.)

2. Your server does not respond and automatically transmits the ca certificate of your URL to the customer to identify your URL.

3. The browser tool program flow of the customer creates a unique "session key code", which is used to encrypt data in the whole process of communication with the URL.

4. Use the person's computer browser to encrypt the communication key code with the public key of the URL, so that you can only give your web address enough to read the article this communication key code.

The above is all about the brief introduction of the principle of SSL certificate, thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.