【https】how do they(server.crt server.key rootca.crt) work?

最新推荐文章于 2024-04-30 21:49:28 发布
最新推荐文章于 2024-04-30 21:49:28 发布
阅读量499 收藏 8
点赞数 6
文章标签: https 服务器 网络协议
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_17011423/article/details/136658933
版权

Server.crt, server.key, and rootca.crt are typically used in the context of setting up secure communication over HTTPS, often referred to as SSL/TLS (Secure Sockets Layer/Transport Layer Security). Here’s how they work together:

server.crt (Server Certificate): This file contains the public key of your server along with additional information such as your server’s domain name, organization name, and location. It is issued by a Certificate Authority (CA) after verifying the identity of your server. When a client (such as a web browser) connects to your server, it presents this certificate to the client, assuring the client that it is indeed communicating with the intended server and not an impostor.

server.key (Server Private Key): This file contains the private key corresponding to the public key in the server certificate. The private key is kept secret and is used by the server to decrypt data encrypted by clients and to encrypt data sent to clients. It’s crucial to keep the private key secure because anyone who possesses it can potentially impersonate your server.

rootca.crt (Root Certificate Authority): This file contains the public key of the root Certificate Authority that issued your server’s certificate. It’s used by clients to verify the authenticity of your server’s certificate. When a client receives your server’s certificate, it checks whether the certificate was signed by a trusted CA. If the CA’s public key is in the client’s list of trusted CAs (often stored in a trust store), and the certificate is properly signed, then the client can trust the server’s identity.

Here’s how the process works when a client connects to your server:

The server presents its server certificate (server.crt) to the client during the SSL/TLS handshake process.
The client checks whether the certificate is signed by a trusted CA. It does this by verifying the signature on the certificate using the public key of the CA, which is typically included in the client’s trust store. This is where rootca.crt comes in.
If the certificate is trusted, the client proceeds with the encrypted communication. If not, it may present a warning to the user or terminate the connection, depending on the client’s security settings.
In summary, server.crt and server.key are used by the server to establish secure communication, while rootca.crt is used by clients to verify the authenticity of the server’s certificate.

Allen Wu(WU, ZHWIEI)
关注
  • 6
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
How do CRCs work_.mp4
07-23
手把手介绍CRC是如何运作的
(7)ColumnStores vs. RowStores How Different Are They Realy?.pdf
07-21
技术文档分享,免费获取请私信博主。
how do you do.py
06-20
how do you do.py
Fuzzy controllers handbook how to design them, how they work.pdf
05-10
Fuzzy controllers handbook: how to design them, how they work,讲解如何设计模糊控制器的外国经典书籍。
Open×××:server.conf与client.conf配置解析
weixin_33743248的博客
12-30 455
Open×××:server.conf与client.conf配置解析#viopen***-2.3.2/sample/sample-config-files/server.conf##################################################SampleOpen×××2.0configfilefor##multi-c...
Android HTTPS(2)HttpURLConnection.getInputStream异常的原因及解决方案
banyinlve3147的博客
08-05 698
Common Problems Verifying Server Certificates InputStream in = urlConnection.getInputStream(); getInputStream(), it throws an exception: javax.net.ssl.SSLHandshakeException: java.securit...
Redis学习:redis.conf详解
FeiChangWuRao的博客
02-10 2043
Redis.conf配置文件是关于Redis重要属性的。配置好redis.conf,了解里面的属性很重要。 下面是我从github上直接拷贝的代码 # Redis configuration file example. # # Note that in order to read the configuration file, Redis must be # started with the file path as first argument: # # ./redis-server /path/to/r
How to created a self-signed certificate, became a CA and enable TLS communication via HTTPS
几何螃蟹的代码笔记
11-11 418
Generate a Self-signed certificate
Open to Grok. How do Hackers' Practices Produce Hackers?.pdf
03-23
Open to Grok. How do Hackers' Practices Produce Hackers?
JavaEE——介绍 HTTPServlet 三部分使用与 cookie 和 session 的阐述
qq_62905847的博客
04-27 768
文章简单解释了 HTTPServlet 的简单运用以及 cookie 和 Session 之间的关联关系以及工作原理。
boot https ssl 使用http协议访问报错
I do more ,you do less
04-27 397
在springboot中配置ssl以后, 再次使用http访问对应的接口就会报错。可以考虑如下设置,将http访问的端口重定向到https对应的端口。
分享一个网站实现永久免费HTTPS访问的方法
ylfdc168的博客
04-26 1096
免费SSL证书作为一种基础的网络安全工具,以其零成本的优势吸引了不少网站管理员的青睐。
HTTP 与 HTTPS 的区别
m0_61983575的博客
04-27 733
https:连接端口,产生公钥私钥,私钥自己保存公钥附带传送,服务器响应请求传递证书给客户端,客户端解析证书,客户端加密之后把key发给服务器作为加密密钥。服务器利用私钥解密。HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议,要比http协议安全,可防止数据在传输过程中不被窃取、改变,确保数据的完整性。如果证书没有问题,客户端就会从服务器证书中取出服务器的公钥A。服务器响应客户端请求,将证书传递给客户端,证书包含公钥和大量其他信息,比如证书颁发机构信息,公司信息和证书有效期等。
(十四)Servlet教程——Servlet中HttpSession的使用
最新发布
04-30 300
如果找到了相应的session对象,则认为是之前标志过的一次会话,返回该session对象,数据达到共享。这里提到一个叫做JSESSIONID的cookie,这是一个比较特殊的cookie,当用户请求服务器时,如果访问了session,则服务器会创建一个名为JSESSIONID,值为获取到的session的sessionid的cookie对象,并添加到response对象中,响应给客户端,有效时间为关闭浏览器。用户访问服务器一次,无论是否读写Session,服务器都认为该用户的Session活跃了一次。
HTTP 与 HTTPS
猫老板的豆
04-30 559
HTTPS:是HTTP的安全版,它在HTTP的基础上加入了SSL/TLS协议,SSL/TLS依靠证书来验证服务器的身份,并为浏览器和服务器之间的通信加密。据ACM CoNEXT数据显示,使用HTTPS协议会使页面的加载时间延长近50%,增加10%到20%的耗电,此外,HTTPS协议还会影响缓存,增加数据开销和功耗,甚至已有安全措施也会受到影响也会因此而受到影响。然而,HTTP协议传输的数据都是未加密的,也就是明文的,因此使用HTTP协议传输隐私信息非常不安全,容易导致数据被窃取或篡改。
日期操作类 + http、https 请求工具类 + 开发环境 忽略 SSL 验证工具类 + 二维码工具类
happyxin_的博客
04-26 565
【代码】日期操作类。
Linux:强制用户访问加密(强制让用户使用https访问)
fox_kang的博客
04-26 347
【代码】Linux:强制用户访问加密(强制让用户使用https访问)
访问一个 HTTP 接口却收到 HTTPS 错误的响应
Keep trying, keep going
04-30 109
请求可能被服务端重定向到了 HTTPS 地址。可以尝试直接使用重定向后的 HTTPS 地址进行访问,或者检查请求是否正确处理了重定向。:如果网络环境中存在网络代理,代理服务器可能会拦截 HTTP 请求并将其转发到 HTTPS。:有些服务器可能配置不正确,导致在处理 HTTP 请求时返回了 HTTPS 错误。:某些服务器可能已配置为仅接受 HTTPS 请求,并禁止通过 HTTP 访问。:请确保请求地址是正确的,包括协议(HTTP)和主机地址。如果请求地址错误,服务器可能会返回 HTTPS 错误。
WARNING: This is a development server. Do not use it in a production deployment. falsk WSGI
03-11
WARNING: This is a development server. Do not use it in a production deployment. This warning message is commonly seen when using the Flask web framework with the WSGI (Web Server Gateway Interface) server. It is a reminder that the server you are currently using is intended for development purposes only and should not be used in a production environment. Flask is a lightweight web framework for Python that allows you to build web applications. WSGI is a specification that defines how web servers communicate with web applications written in Python. When developing a Flask application, you typically run it on a development server provided by Flask, which is not designed to handle high traffic or security requirements. In a production deployment, you would use a more robust and secure web server, such as Apache or Nginx, to serve your Flask application.

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值