ALL
All I Know About Certificates -- Websites
In last article, we know the role of clients and their responsibilities for certificate verification. Finally, let's talk about websites. We've discussed many potential issues between CAs and clients concerning certificates, but the most frequent issue is with websites—many websites have faced this problem: certificate expiration.Websites need to ensure two things:Ensure their certificate does not expire.Protect their private key from being leaked. If someone else obtains the private key, the certificate loses its meaning of “only I can prove who I am.” When requesting a...
2,471 0 CLIENTS WEBSITES SSL CERTIFICATE CERTIFICATE AUTHORITY CA
All I Know About Certificates -- Clients
Finally, in last article we’ve covered the responsibilities of CAs, showing that being a CA isn’t simple and has high management costs, explaining why issuing certificates costs money! This article we will cover the client in this chain.Verifying Certificates as a ClientFor clients, verifying certificates isn’t simple either. Articles introducing TLS handshakes often mention "the server sends back a certificate, and the client verifies it," but in reality, as we’ve seen, the server sends back multiple certificates!This can be confirmed by packet capture:...
3,377 0 CLIENTS WEBSITES SSL CERTIFICATE CERTIFICATE AUTHORITY CA
All I Know About Certificates -- Certificate Authority
One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less information about certificates, which are a critical component of TLS/SSL. This series of articles aim to explain what certificates are used for, how Google prevents others from impersonating Google, and why certificate issues frequently arise, among other topics.(Postscript: It took me a full 10 hours to write these articles. It's quite straightforward, with no mathematical content, just a few OpenSSL com...
51,285 1 CLIENTS WEBSITE CERTIFICATE SSL CERTIFICATE