SSL protocol, why should root certificate stored in the client

Others 2020-03-27 16:16:27 views: null

1. curious, why the client needs to save a root certificate

In SSL, there are client, server, CA Certification Center (an agency)

First determine a tone, the client is fully trusted CA Certification Center. CA Certificate Authority server to send a digital certificate, CA Certification Center, said trust server, then the final, client download a digital certificate from the server, go to CA Certification Center check (check, CA Certification Center whether to trust the server).

Kefuduan trust the CA Certification Center, CA trusted Certificate Authority server, the client trusts the server. Then this is a chain of trust.

2. These are the basic principles, it is more complicated to implement specific

Client certification process:

(1) server generates a pair of keys, a private key in my possession, to the public Certificate Authority (CA)
(2) CA for review, and to generate a digital signature with a public key of your own CA private key provided by the server certificate
(3) connection is established the client, the client obtains from the server a digital certificate, to verify the CA's public key with a digital certificate (root certificate), compared to the same, indicating that the certificate was actually issued by the CA (this too Conclusion there is a premise is this: the client's public key is really CA CA's public key, private key that is, the CA's public key and the public key server provided by CA to sign indeed a pair), while CA and as authority. ensure that the public key really is to provide a server-side, so you can verify that the certificate is indeed a legitimate public key server provides.
To ensure the prerequisites mentioned in step 3, CA's public key must be safely transferred to the client (CA root certificate must be installed on the client side), therefore, CA's public key in general by the browser developers built-in internal browser. Thus, the prerequisite of trust on a variety of mechanisms to guarantee the basic set up.

3. To sum up the above

CA Certification Center has a root certificate, is the starting point of the chain of trust, is that we all believe CA Certification Center.

Client download from the CA root certificate authentication center.

CA Certification Center gave the server a digital certificate.

When a client connection to the server, download the digital certificate.

Digital certificates do not equal the root certificate.

Guess you like

Origin www.cnblogs.com/429512065qhq/p/12581941.html
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com