The algorithm used for certificate signing is specified by the publisher to encrypt the hash value encoded by the certificate with his own private key. The general algorithm is md5withrsa or sha256withrsa. The hash algorithm is unique, that is, the certificate code is converted into fixed-length binary, which is irreversible, that is, the certificate code cannot be restored by hash value. The fingerprint algorithm is a hash algorithm, which is generally sh 1. The process of certificate authentication is that the certificate owner sends the certificate and the fingerprint (the hash value of the certificate is encrypted with the private key) to the user, and the user calculates a hash value according to the certificate, and decrypts the fingerprint with the public key to get a hash value, to see if it is the same, and to prove that the certificate has not been tampered with. The algorithm is encrypted by the owner's private key. The role of ca is that ca can authenticate a certificate chain, and the source is ca. Once you trust this ca, you trust the certificate issued by this ca, so when you communicate with the owner of the certificate issued by this ca, you can find the CA according to the certificate chain, and the publisher is trustworthy.