CA certificate, as the name suggests, is a certificate issued by a CA organization. Everyone can find tools to create certificates. But because you are not an authoritative CA organization, the certificate you create yourself is not authoritative. The so-called certification authority (CA, Certificate Authority) is an authoritative and impartial third-party trust organization that uses public key basic technology and specializes in providing network identity authentication services. It is responsible for issuing and managing digital certificates. The role of CA is similar to the institutions that issue certificates in our real life, such as ID card processing institutions.
The role of the ca certificate:
? Function 1 is to verify whether the HTTPS website you open is trustworthy
Have you ever encountered For sensitive web pages (such as user login pages), the protocol will use HTTPS instead of HTTP. Because the HTTP protocol is in clear text, once a bad person peeks into your network communications, your passwords, bank account numbers and other network communication contents will be leaked; however, HTTPS is an encrypted protocol, which can ensure that bad people will not be able to protect your information during transmission. No peeping. Therefore, in addition to the encryption mechanism, the HTTPS protocol also has a certificate mechanism. Certificates are used to ensure that a site is indeed a site.
With the certificate, when your browser visits an HTTPS website, it will verify the CA certificate on the site. If the browser finds that there is no problem with the certificate, the page will be opened directly; otherwise, the browser will give you a warning telling you that there is a problem with the website's certificate. Do you want to continue accessing the site?
Most Well-known websites all use the HTTPS protocol, and their certificates are trusted. If you go to a certain website and find that the browser pops up a warning, be careful. This website may be a phishing website!
Function 2: Verify whether the files you installed have been tampered with
< p>Whether the document you signed has been tampered with, specifically the digital signature of the document is made through a certificate. Let’s give an example of how the software follows this example and explain in detail how to verify the digital signature of a file.For example, an installation file with a digital signature has a "Digital Signature" tab on it. If this tab does not appear, the file does not come with a digital signature.
However, if some digital signatures do not include "email address", then this item will be displayed as "Unavailable"; similarly, if some digital signatures do not include "time stamp", " Not available". The "unavailable" displayed in these places has nothing to do with the validity of the digital signature.
Generally speaking, there is only one signature in the signature list. Select it, click the "Details" button, and a line of text will be displayed: "The digital signature is normal." If there is this line, it means that the file has not been tampered with from the factory to your hands.
If the file has been tampered with (for example, infected with a virus or injected with a Trojan horse), a warning message "The digital signature is invalid" will appear in the dialog box.
No matter whether the signature is normal or not, you can click the "View Certificate" button. At this time, the certificate dialog box will pop up.
Currently, most executable files (such as software installation packages, drivers, security patches) released by well-known companies or organizations carry digital signatures. It is recommended that everyone check to see if there is a digital signature before installing the software. If so, follow the above steps to verify it; if the digital signature is invalid, there may be security risks.