HTTPS digital signature certificate

What does a certificate contain

Server public key (can be obtained directly from the certificate and does not require CA public key decryption)
Certificate validity time, hash function used to calculate digest,… And so on. (It can be obtained directly from the certificate without using the CA public key for decryption)
CA uses hash functions to calculate a summary of information such as the public key and valid time, and then encrypts the summary with the CA’s private key (the result of encryption is a digital signature).

Certificate = public key (the public key in the password pair generated by the server) + applicant and issuer information + Signature (signed with the private key of the password pair generated by the CA organization)

The client authenticates the certificate

The client uses the same hash function to get a summary of the information
The client uses the built-in CA public key to decrypt the digital signature and get the summary calculated by the CA organization
Compare two digests, and if they agree, the certificate is valid.

After verification

The client generates a random number, encrypts it with the server’s public key, and sends it to the server.
The server decrypts this random number using the private key, and then both the server and client use this random number to encrypt the data using symmetric encryption algorithms.

HTTPS Communication Process

HTTPS digital signature certificate

HTTPS digital signature certificate

What does a certificate contain

The client authenticates the certificate

HTTPS Communication Process

Related Posts

One git command may cause you hacked(CVE-2014-9390)

Understanding of throttling and anti – shake functions

A little website optimization every day: lazy loading of pictures