Shulou(Shulou.com)06/01 Report--

The digital certificate also contains an authorization chain information, for example: if you want to apply for a week off, you need your boss's approval, your boss needs his boss's consent, and eventually the big boss agrees, then this layer of authorization forms an authorization chain, the big boss is the root of the authorization chain, and these links are authorized by people who are closer to root.

For example, Apple developer's APP signature certificate, which can be used to sign APP, is actually signed by Apple's Worldwide Developer Relations Certificate Authority (WDRCA) authority, while it is signed by Apple Certificate Authority authority. Apple's CA is the root in this relationship chain. Apple's CA root certificate is built into Apple's system by default, so the credibility of WDRCA can be verified by Apple's built-in CA root certificate.

The CA root at the top of the Web-related SSL certificate is the recognized issuing agencies mentioned above. When we need Web to do the SSL certificate, we can apply to the above-mentioned institutions. The fee to apply to the root organization is usually relatively high, and we can also apply to some second-level authorized institutions. The advantage of choosing to issue the root organization certificate is that most browsers currently have built-in public key certificates with these authoritative CA certificates pre-installed. Browsers generally do not report risk alerts when using certificates issued by these authoritative CA.

Summary

The foundation of digital certificate signature is asymmetric encryption algorithm, which makes use of the identity authentication of asymmetric encryption and the characteristics of preventing information tampering. In some other aspects, such as HTTPS, key exchange is realized by the security feature of asymmetric encryption, and RSA is the most widely used in asymmetric encryption algorithms. Although asymmetric encryption is good, it has a drawback, that is, encryption and decryption is time-consuming, so it is generally used with symmetric encryption.

This article is only an overview of the digital certificate, many details are not involved, if you are interested in some details, you can enter more in-depth study according to the knowledge points involved in this article. At the same time, this paper does not involve the introduction of the management of digital certificates and the format of digital certificates, which will be sorted out and introduced for you in the following articles.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.