2.7.3. HTTPS

2.7.3.1. Introduction

HTTPS (HyperText Transfer Protocol over Secure Socket Layer) can be understood as HTTP+SSL/TLS, that is, adding SSL layer under HTTP, and the security foundation of HTTPS is SSL。

2.7.3.2. Interaction

2.7.3.2.1. Certificate Verification Phase

  • The browser initiates an HTTPS request

  • The server returns the HTTPS certificate
    • The certificate contains:
      • Issuer Information

      • public key

      • company information

      • domain name

      • Validity period

      • fingerprint

  • The client verifies whether the certificate is valid, if not, it will prompt an alarm

2.7.3.2.2. Data transfer phase

  • When the certificate is valid, generate a random number locally

  • Encrypt the random number with the public key, and transmit the encrypted random number to the server

  • The server decrypts the random number through the private key

  • The server constructs a symmetric encryption algorithm through the random number passed in by the client, encrypts the content of the returned result and transmits it

2.7.3.3. CA

CA (Certificate Authority) is an authority that issues digital certificates. It is an authoritative organization responsible for issuing and managing digital certificates, and as a trusted third party in e-commerce transactions, it undertakes the responsibility of verifying the legitimacy of the public key in the public key system.