SSL/TLS 证书

安全

定义

将加密密钥对与组织或域名绑定、用于建立加密HTTPS连接的数字文档。由Let's Encrypt等证书颁发机构(CA)颁发,向浏览器证明网站的身份。

What a Certificate Contains

A digital certificate is an X.509-formatted document that binds a public key to an identity. It contains the subject's domain name or organization, the issuing Certificate Authority (CA), a validity period, the public key itself, and a digital signature from the CA. When a browser connects to a website over HTTPSHTTP Secure. The encrypted version of HTTP that uses TLS to protect data in transit between a browser and a web server. Identified by the padlock icon in browsers and the https:// URL scheme., it receives the server's certificate and verifies the CA signature to confirm the site's identity.

Certificates are issued at different validation levels: Domain Validation (DV) verifies domain ownership only; Organization Validation (OV) includes verified company details; Extended Validation (EV) requires rigorous identity checks and historically triggered a green address bar in browsers.

Certificate Chains and Trust

Browsers trust a set of Root CAs pre-installed by the OS or browser vendor. Most certificates are not signed directly by a Root CA — they are signed by an Intermediate CA, which is itself signed by the Root. This chain of trust means that if any link in the chain is compromised, all certificates beneath it are suspect.

Certificate Transparency (CT) logs provide a public, append-only record of every issued certificate. Browsers increasingly require certificates to appear in CT logs, making it impossible for CAs to issue rogue certificates without public visibility.

Checking Your Certificate

Use SSL Certificate Checker to inspect any domain's certificate chain, expiry date, and configuration. Expired or misconfigured certificates cause browser warnings that drive away visitors. Automated renewal through Let's Encrypt has made certificate management largely transparent for most operators. SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3. protocols depend on valid certificates to establish encrypted sessions.

相关术语

安全 的更多内容