S
S
Sergey2015-02-02 09:48:05
linux
Sergey, 2015-02-02 09:48:05

How to understand the essence of how SSL certificates work?

Lord, I ask for your help. I want to understand the essence of how SSL works. I understand this so that when a connection is established via https, this SSL certificate, which the client accepts, encrypts the data and the traffic between them becomes encrypted and secure. Do I understand this correctly?
If yes, then why do people buy SSL certificates, which are sometimes very expensive, when they can be generated by yourself through some kind of openssl and installed on your server?
What is the difference? I tried to google, but it seems to be even more confused.
As I understand it, purchased certificates are signed by authorized centers that have an agreement with browsers. And these certificates are supposedly considered safe and are accepted immediately by the client without questions or problems. Ok, i.e. people pay tens of thousands of rubles so that the user does not have the question "do you trust this site yes / no?". It seems to me that this is an expensive pleasure. Okay, there for solidity or branding, I could understand more, but this topic is not common and 99.9% of those who visit the site will not understand all the elitism of the office, they say we can. It would be better if they bought a beautiful number then, this is already clear to everyone. Can you explain to me the meaning of this in more detail? What am I doing wrong?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
W
William Thorn, 2015-02-02
@butteff

There is such a thing as a "certificate authority". If you issue a self-signed certificate, then the client will not trust it, because. your CA (your server that generated the certificate) is also untrusted for it.
As a rule, in modern operating systems (android, mac, win), by default, trusted certificates of global certification authorities (thawte, symantec, google, etc.) are built in. It is from them that you buy a certificate for money, otherwise your customers will have to manually install the root certificate of your SC to be trusted, which is not very safe from the user's point of view.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question