What is Certificate Transparency?
https://www.cnblogs.com/sslwork/p/6193260.html
Basic concepts of SSL
What is encryption?
Encryption is a new type of electronic information protection, just like the use of safes and combination locks to protect information on paper in the past. Encryption is a technical realization of cryptography: information is converted into an incomprehensible form (ie, encoding) so that only a key can be used to translate it into an understandable form (ie, decoding). Taking device encryption as an example, you need to use a clear code provided by the program or device to use a PIN code that can decipher information or use a complex algorithm to crack the password. Encryption actually relies on mathematics to encode and decode information.
What is HTTPS?
HTTP (Hypertext Transfer Protocol) is a technical method used when a browser connects to a website. HTTPS is an encrypted HTTP connection, which is more secure and reliable. If you see HTTPS instead of HTTP in the URL section, the connection to the website is secure. For secure connections, most browsers will also display a secure connection icon, for example Chrome will display a green padlock icon.
Why use HTTPS?
Even if your website does not process sensitive information, you should use HTTPS to protect your website. HTTPS helps to ensure the integrity of the website and defend the privacy and security of users. In addition, only websites that provide HTTPS can use some of the most powerful network platform features recently introduced.
Why is encryption important?
Our message has to pass through a complex network system to get from point A to point B. In this process, messages are easily intercepted by unintended recipients who know how to manipulate the network. In addition, portable devices (not just mobile phones) have become an indispensable part of our lives, including not only our photos, message records, emails, but also private data stored in the application (for convenience, we generally Set to always log in to these apps). Once the device is lost or stolen, the founder or thief can easily obtain our most private information, thus putting us at risk of identity theft, money fraud and even personal injury.
In these cases, the encryption mechanism can provide us with protection. Even if the encrypted message is intercepted during network transmission, the interceptor cannot understand the content. Such messages are called "ciphertext", while unencrypted messages are transmitted in "plaintext". For device encryption, if there is no PIN or password required to decrypt the encrypted device, the perpetrator cannot obtain the content on the phone, and can only completely empty the device. Losing data is heartbreaking, but at least better than identity theft.
What types of encryption are available?
Encrypted during transmission to protect the flow of information from end users to third-party servers. For example, when you enter your credit card credentials on a shopping website, a secure connection helps protect your information from being intercepted by third parties. Only you and the connected server can decrypt this information.
End-to-end encryption means that only the sender and receiver hold the keys used to encrypt and decrypt messages. Even the service provider responsible for controlling the user's message transmission system cannot obtain the actual content of the message.
Encryption at rest helps protect information that is not in transmission. For example, the hard disk in a computer can use encryption at rest to ensure that the thief cannot access the files after the computer is stolen.
What is a certificate authority?
A certificate authority (CA) is an organization that issues digital certificates to website operators. Operating systems (such as Mac OS X and Windows) and web browsers (such as Chrome, Firefox, Safari) preload a series of trusted root authorization centers. New operating systems usually come with more than 200 trusted CAs, some of which are managed by the government. Web browsers trust each CA to the same degree. In addition, many CAs also entrust intermediate CAs to issue certificates.
What is a certificate?
When you access a website through a secure connection (HTTPS), the website provides a digital certificate to the browser. This certificate is used to identify the host name of the website and is issued by the certificate authority (CA) of the verified website owner. As long as the user trusts the corresponding CA, the identity certificate provided in the certificate can be trusted.
Certificate transparency
Why is Certificate Transparency important?
The current model requires all users to believe that hundreds of CA organizations will not issue any errors when issuing certificates for any website. However, in some cases, human error or counterfeiting may result in the issuance of a certificate by mistake. Certificate Transparency (CT) changes the issuance process. The new process stipulates that the certificate must be recorded in a log that can be publicly verified, cannot be tampered with, and can only be attached to the content before the user's web browser will consider it valid. By requiring that certificates be recorded in these public CT logs, any interested parties can view all certificates issued by the authorized center. This can make the authorization center more responsible when issuing certificates, thereby helping to form a more reliable system. Finally, if the certificate of a website using HTTPS is not recorded in the CT log, when the user visits the website, the browser may not display the secure connection padlock icon.
Please note that only the organization responsible for the designated domain knows which certificates have been authorized. If the certificate is not authorized, domain users should contact the CA that issued the certificate to determine the appropriate measures to take.
What is Certificate Transparency log?
The Certificate Transparency log is a server using RFC 6962 , allowing any interested party to submit a certificate issued by a widely trusted CA. Once a log accepts a certificate, the encryption attribute of the log can ensure that the corresponding entry will never be removed or modified.
Where do the certificates shown here come from?
The certificates in the transparency report are obtained from a series of valid Certificate Transparency logs . Many of the certificates in these logs were submitted by the CA during the signing process. In addition, we also added the certificate that Google encountered when indexing web pages. Site owners can search for domain names under their control on this site to ensure that no certificates are issued in error for their domains.
Why is my certificate not displayed here?
After the certificate is recorded in at least one CT log, it will be displayed here. You can submit your certificate to a log, if not, you may need to contact the CA. Technical users can use relevant tools (such as the open source tools available on https://certificate-transparency.org ) to submit certificates to the log themselves.
Why do some websites have multiple certificate issuers?
Many large organizations use multiple CAs to meet a variety of needs, which may include contractual obligations, implementation considerations, and costs.
Why do some certificates list multiple DNS names?
Many organizations choose to issue a single certificate that can be used on multiple websites. For example, large websites often use multiple subdomains (such as www.google.com, mail.google.com, accounts.google.com) for their resources, but specify all these subdomains with a single certificate.
https://www.myssl.cn
Basic concepts of SSL
What is encryption?
Encryption is a new type of electronic information protection, just like the use of safes and combination locks to protect information on paper in the past. Encryption is a technical realization of cryptography: information is converted into an incomprehensible form (ie, encoding) so that only a key can be used to translate it into an understandable form (ie, decoding). Taking device encryption as an example, you need to use a clear code provided by the program or device to use a PIN code that can decipher information or use a complex algorithm to crack the password. Encryption actually relies on mathematics to encode and decode information.
What is HTTPS?
HTTP (Hypertext Transfer Protocol) is a technical method used when a browser connects to a website. HTTPS is an encrypted HTTP connection, which is more secure and reliable. If you see HTTPS instead of HTTP in the URL section, the connection to the website is secure. For secure connections, most browsers will also display a secure connection icon, for example Chrome will display a green padlock icon.
Why use HTTPS?
Even if your website does not process sensitive information, you should use HTTPS to protect your website. HTTPS helps to ensure the integrity of the website and defend the privacy and security of users. In addition, only websites that provide HTTPS can use some of the most powerful network platform features recently introduced.
Why is encryption important?
Our message has to pass through a complex network system to get from point A to point B. In this process, messages are easily intercepted by unintended recipients who know how to manipulate the network. In addition, portable devices (not just mobile phones) have become an indispensable part of our lives, including not only our photos, message records, emails, but also private data stored in the application (for convenience, we generally Set to always log in to these apps). Once the device is lost or stolen, the founder or thief can easily obtain our most private information, thus putting us at risk of identity theft, money fraud and even personal injury.
In these cases, the encryption mechanism can provide us with protection. Even if the encrypted message is intercepted during network transmission, the interceptor cannot understand the content. Such messages are called "ciphertext", while unencrypted messages are transmitted in "plaintext". For device encryption, if there is no PIN or password required to decrypt the encrypted device, the perpetrator cannot obtain the content on the phone, and can only completely empty the device. Losing data is heartbreaking, but at least better than identity theft.
What types of encryption are available?
Encrypted during transmission to protect the flow of information from end users to third-party servers. For example, when you enter your credit card credentials on a shopping website, a secure connection helps protect your information from being intercepted by third parties. Only you and the connected server can decrypt this information.
End-to-end encryption means that only the sender and receiver hold the keys used to encrypt and decrypt messages. Even the service provider responsible for controlling the user's message transmission system cannot obtain the actual content of the message.
Encryption at rest helps protect information that is not in transmission. For example, the hard disk in a computer can use encryption at rest to ensure that the thief cannot access the files after the computer is stolen.
What is a certificate authority?
A certificate authority (CA) is an organization that issues digital certificates to website operators. Operating systems (such as Mac OS X and Windows) and web browsers (such as Chrome, Firefox, Safari) preload a series of trusted root authorization centers. New operating systems usually come with more than 200 trusted CAs, some of which are managed by the government. Web browsers trust each CA to the same degree. In addition, many CAs also entrust intermediate CAs to issue certificates.
What is a certificate?
When you access a website through a secure connection (HTTPS), the website provides a digital certificate to the browser. This certificate is used to identify the host name of the website and is issued by the certificate authority (CA) of the verified website owner. As long as the user trusts the corresponding CA, the identity certificate provided in the certificate can be trusted.
Certificate transparency
Why is Certificate Transparency important?
The current model requires all users to believe that hundreds of CA organizations will not issue any errors when issuing certificates for any website. However, in some cases, human error or counterfeiting may result in the issuance of a certificate by mistake. Certificate Transparency (CT) changes the issuance process. The new process stipulates that the certificate must be recorded in a log that can be publicly verified, cannot be tampered with, and can only be attached to the content before the user's web browser will consider it valid. By requiring that certificates be recorded in these public CT logs, any interested parties can view all certificates issued by the authorized center. This can make the authorization center more responsible when issuing certificates, thereby helping to form a more reliable system. Finally, if the certificate of a website using HTTPS is not recorded in the CT log, when the user visits the website, the browser may not display the secure connection padlock icon.
Please note that only the organization responsible for the designated domain knows which certificates have been authorized. If the certificate is not authorized, domain users should contact the CA that issued the certificate to determine the appropriate measures to take.
What is Certificate Transparency log?
The Certificate Transparency log is a server using RFC 6962 , allowing any interested party to submit a certificate issued by a widely trusted CA. Once a log accepts a certificate, the encryption attribute of the log can ensure that the corresponding entry will never be removed or modified.
Where do the certificates shown here come from?
The certificates in the transparency report are obtained from a series of valid Certificate Transparency logs . Many of the certificates in these logs were submitted by the CA during the signing process. In addition, we also added the certificate that Google encountered when indexing web pages. Site owners can search for domain names under their control on this site to ensure that no certificates are issued in error for their domains.
Why is my certificate not displayed here?
After the certificate is recorded in at least one CT log, it will be displayed here. You can submit your certificate to a log, if not, you may need to contact the CA. Technical users can use relevant tools (such as the open source tools available on https://certificate-transparency.org ) to submit certificates to the log themselves.
Why do some websites have multiple certificate issuers?
Many large organizations use multiple CAs to meet a variety of needs, which may include contractual obligations, implementation considerations, and costs.
Why do some certificates list multiple DNS names?
Many organizations choose to issue a single certificate that can be used on multiple websites. For example, large websites often use multiple subdomains (such as www.google.com, mail.google.com, accounts.google.com) for their resources, but specify all these subdomains with a single certificate.
https://www.myssl.cn