The key to solve the above authentication problem is to ensure that the obtained public key is legal and can verify the identity information of the server. Therefore, it is necessary to introduce the authoritative third-party organization CA. CA is responsible for verifying the information of public key owners, issuing authentication "certificates" and providing certificate verification services for users, namely PKI system.
The basic principle is that CA is responsible for auditing information, then "signing" the key information with the private key, and disclosing the corresponding public key, and the client can verify the signature with the public key. A CA can also revoke a certificate that has been issued. The basic methods include two types of CRL files and OCSP. The specific process of using CA is as follows: