Essay -https

Others 2019-11-21 18:25:32 views: null

https process

client access https://dududu.com 

client requests a public key, server certificate issued to a client, this certificate contains a public key

client to verify the correctness of the certificate to obtain the public key

generate a pseudorandom client session secret key, encrypted with the public, issued server

server with the private key to decrypt the session keys obtained

client / server use the session keys encrypt the content transfer, to your partner. The other party decrypted to get the right content.

 

problem:

server application for a certificate

Public key to a CA, CA will Zuosha? Back to you what?

 Certificate authority issued, the applicant generates a pair of public key and asymmetric encryption algorithms (RSA), then the application information (country, domain name, etc.) need to be sent to a certificate authority (CA) along with the public key.

After confirmation CA configuration generates the digest signature M throughout the application information through a message digest algorithm (MD5, SHA), and M and the signature digest algorithm used by  the CA itself private key  encrypting

 

After obtaining client certificate how do

The client returned from the server to get the certificate, obtained by reading  the issuing authority server certificate (Issuer)

The client operating system to look up the issuing authority of the certificate, if it is not a root certificate to continue to go on recursively  until I got the root certificate .

With  the public key of the root certificate  to  the decryption verification  on the certificate layer legality , then let the public key certificate to verify the legitimacy of a layer of an upper layer of the certificate; recursion backtracking.

Finally, server-side validation certificate is  trusted  in.

 

Hashing and signing certificate is what is the difference?

 

What signature thumbprint is?

 

 

What is included in the certificate?

View certificate cmd> certmgr.msc

The main certificate information (domain name, expiration date and so forth)

Public website

Hash digest

CA private key signature on the organization of a hash digest

 

 

Certificate trust chain

To verify the validity of the certificate, which is the signature verification certificate

We need to use the private key corresponding to the public key to decrypt the signature, and then get the hash value, then they are better than hash value.

Then this private key corresponding to the public key in which, in the browser / computer. The browser will advance deposit certificate number, batch certificate there signature.

Browser only after these trust certificates signed certificate

Pre-installed browser trust certificates, pre-installed certificate trust xx Web site, the browser trust this site xx. This is the chain of trust

 

What client certificate verification

Whether the validity of the certificate matches the client requests the use of the site, is not in the revocation list CRL inside,

It's on a certificate is valid

 

appendix:

https://www.cnblogs.com/linianhui/p/security-https-workflow.html

 

Guess you like

Origin www.cnblogs.com/xiaozy1/p/11907066.html
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com