Shulou(Shulou.com)06/02 Report--

What is the https certification? in view of this problem, this article introduces the corresponding analysis and solutions in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

There are three roles in using https:

CA certification authority: certification authority (CA, Certificate Authority) is the authority that issues digital certificates. Is the authority responsible for issuing and managing digital certificates, and as a trusted third party in e-commerce transactions, bears the responsibility for verifying the legitimacy of the public key in the public key system.

Client (client), which is replaced by browser

Server side (server), which is replaced by nginx

CA:

Certificate authority, which also has its own public and private keys CA.pub, CA.rsa

Server, take nginx as an example:

The configuration of nginx is as follows

Server {listen 443 ssl default_server; server_name _; ssl_certificate / data/ssl_keys/aa.pem; ssl_certificate_key / data/ssl_keys/aa.key; return 403}

The server also has its own public and private keys, S.rsa and S.pub

Ssl_certificate is a certificate, which contains info (public key S.pub, and site information, including authority, validity period, domain name, etc.). Message digest is generated by hash algorithm and sent to CA. CA uses its private key CA.rsa message digest encryption to get a signature, plus info to form a certificate.

Ssl_certificate_key is the private key of the server (S.rsa)

Client access process, the client system or browser will have a built-in trusted CA, or you can install your own CA (homemade certificate)

Client requests to the above nginx, and nginx sends the certificate (including signature and info) assigned by ssl_certificate to client,client and uses CA.pub to decrypt the signature in the certificate (obtained by encrypting info hash with CA.rsa). Compare with the summary after info hash to confirm whether CA is legal (asymmetric encryption).

After the verification is passed, client generates a random symmetric key, encrypts the symmetric key with the server public key S.pub in info, and sends it to nginx

Nginx is decrypted with private key (S.rsa, ssl_certificate_key)

Client and nginx use symmetric key encryption to communicate with http.

The answer to the question about https certification is shared here. I hope the above content can be of some help to everyone. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.