Menu
I've just read this article about what is HTTPS service, and understand the basic of https.
When requesting https content, the server will send a public key to browser, so that every time, the browser receive data will decrypted with the public key.
My question is what is CA certificate for? Why do we need it?
347
Every root CA certificate is the reason that SSL certificates are regarded as the standard basis for website security today. Considering cybercrime damages are projected to reach $6 trillion annually by 2021, keeping your business's cyber security measures in check should be at the top of your priority list.
Websites need SSL certificates to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and convey trust to users.
This helps to establish trust with the customers' web browsers. So, when the user tries to connect with your site, your server sends its public key along with a digital certificate (SSL/TLS certificate) that's signed by the CA.
By default, the lifetime of a certificate that is issued by a Stand-alone Certificate Authority CA is one year. After one year, the certificate expires and is not trusted for use.
A CA certificate is a digital certificate issued by a certificate authority (CA), so SSL clients (such as web browsers) can use it to verify the SSL certificates sign by this CA.
For example, stackoverflow.com uses Let's Encrypt to sign its servers, and SSL certificates send by stackoverflow.com mention they are signed by Let's Encrypt. Your browser contains the CA certificate from Let's Encrypt and so the browser can use that CA certificate to verify the stackoverflow's SSL certificate and make sure you are indeed talking to real server, not man-in-the-middle.
https://security.stackexchange.com/a/20833/233126 provides a more detail explanation about how TLS/SSL certificates work.
129
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
