HTTPS和证书 [英] HTTPS and certificates

问题描述

HTTPS如何在接受证书方面发挥作用？

How does HTTPS work with respect to accepting a certificate?

推荐答案

非常狡猾地用小故事：

客户端：（连接到服务器，伸出手） 你好！这是我的加密细节。

Client : (Connects to the server and, sticks out it's hand) "Hello! Here are my encryption details."

服务器 :(取得客户端）你好。这是我的加密细节。这是我的证书。 （握手谈判完成。客户检查证书）

Server : (Takes hand of the client) "Hello. Here are my encryption details. Here is my certificate." (Handshake negotiation complete. Client check the cerificate)

客户：太好了，这是我的钥匙！因此，从现在开始，所有内容都使用此密钥加密。好吗？

Client : Great, here's my key! So from now on everything is encrypted using this key. OK?

服务器：好的！ （SSL握手完成）

Server : OK! (SSL Handshake complete)

客户端：太棒了，这是我的数据通过HTTP !!

Client : Great, Here comes my data over HTTP!!

证书用于 SSL握手。服务器向客户端发送的证书是签名 /en.wikipedia.org/wiki/Certificate_authorityrel =noreferrer>证书颁发机构（CA），如VeriSign，并且特定于服务器。 SSL握手中会发生各种检查。其中一个重要的事情是证书的 Common Name 属性必须与服务器的主机/ DNS名称匹配。

Certificates are used in the SSL handshake. The certificate that the server hands to the client is signed by a Certificate Authority (CA) like VeriSign and is specific to the server. There are various checks that happens in the SSL handshake. One of the important ones to know about is the Common Name attribute of the certificate must match the host / DNS name of the server.

客户有CA的公共证书（密钥）的副本，因此可以使用它（使用SHA1计算）例如）查看服务器的证书是否仍然正常。

The client has a copy of the CA's public certificate (key) and can thus use it (calculate with SHA1 for example) to see if the server's certificate is still ok.

这篇关于HTTPS和证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！