The self-signed ssl certificate is not secure and is not recognized by the browser. If it is a general ssl certificate, then confirm whether the issuing authority is trustworthy, that is, whether its root certificate is rooted in the browser. Trusted institutions include GlobalSign, Comodo, Go Daddy, Digicert abroad and GDCA in China.
Https principle: certificate transmission, verification and data encryption and decryption process analysis;
1. Client initiates an HTTPS request.
The user enters the https URL in the browser and then connects to port 443 of the server.
2. Configuration of the server
The server using HTTPS protocol must have a set of digital certificates, which can be made by itself or applied to the organization. The difference is that the self-issued certificate needs to be verified by the client before it can continue to be accessed, and the certificate applied by a trusted company will not pop up a prompt page (startssl is a good choice, 1 year free service). This set of certificates is actually a pair of public keys and private keys.
Step 3 send a certificate
This certificate is actually a public key, but it contains a lot of information, such as the issuing authority of the certificate, the expiration time and so on.
4. The client parses the certificate
This part of the work is done by the client's TLS. First, it will verify whether the public key is valid, such as issuing authority, expiration time, etc. If an exception is found, a warning box will pop up, prompting that there is something wrong with the certificate.
If the certificate is ok, a random value is generated. Then encrypt the random value with a certificate. As mentioned above, the random value is locked with the lock head, so that the locked content cannot be seen unless there is a key.
Step 5 transmit encrypted information
This part transmits the random value encrypted by the certificate, so that the server can get this random value, and the communication between the client and the server can be encrypted and decrypted by this random value in the future.
6. The server decrypts the information
After the server decrypts with the private key, it gets the random value (private key) sent by the client, and then encrypts the content symmetrically through this value. The so-called symmetric encryption is to mix the information with the private key through some algorithm, so that unless the private key is known.
Otherwise, the content cannot be obtained, but both the client and the server know this private key, so as long as the encryption algorithm is tough enough and the private key is complex enough, the data is secure enough.
7. Transmission of encrypted information
This information is encrypted by the server with the private key and can be recovered at the client.
8. The client decrypts the information.
The client decrypts the information sent by the server with the previously generated private key, thus obtaining the decrypted content. Even if the third party monitors the data all the time, it is helpless.