Talk about my understanding of the digital certificates it:
A friend of mine wanted to pay H5 micro letter, Tencent forced to install the HTTPS protocol, the first contact with the SSL certificate. He has done IOS release, but someone else is going to get the certificate, he is usually going to get someone, he will not go deep thought. But this time to do their own micro-channel pay, the server does not use any webserver framework, but completely on my own development, so the use of the certificate must be totally rely on him to start from scratch step by step, so I had to take a long time to study.
Digital certificate is a string of numbers of Internet communications in the communication parties sign identity information, provides a way to verify the identity of communication entities on the Internet, digital certificates are not digital ×××, but in the digital authentication mechanism cover ××× a chapter on or printed (or add a digital signature on the ×××). It is by an authority --CA organization, also known as the Certificate Authority (Certificate Authority) issued by the center, people can use to identify each other's identity online.
A digital certificate is a file that contains information about the owner of the public key and the public key of a signed by a certificate authority figures. The simplest certificate contains a public key, digital certificate authority name and signature. The digital certificate using the public key system, i.e. one another by a pair of matching keys for encryption and decryption. Each user a specific set their own only my knowledge of the private key (private key), use it to decrypt and signature; at the same time set a public key (public key) by himself publicly as a the group of users to share, for encryption and signature verification.
Employing words, a simple digital certificate is a proof of evidence, which contains three parts, a public key, private key, identity-related information
CA agency, also known as certificate charter (Certificate Authority) center. General authority and impartial, trusted third party can be regarded as a CA.
Trusted certificates and self-signed certificate
CA issues a certificate, are trusted certificate in your browser, and for most of the CA, which has a default certificate is authentic, it is possible to establish a connection. And if this time, the web server using a self-signed certificate, rather than from the authority of the CA, the browser will believe that the certificate is not trusted, because you'll be prompted.
The so-called self-signed certificate is a certificate subject (certificate holder) and a certification agency agreement
I do not know that you will not understand it?