Recently, Ergouzi was also fortunate to participate in the anti-fraud training organized by the company. The policeman warned everyone during the training:
- Develop good online habits
- Not easy to enter personal information online
- Don't trust, disclose, or transfer funds that are suspected of fraud
- Raise safety awareness
- Protect your "money bag"
Why don't you enter personal information on the Internet? We all know that the Internet helps us obtain information anytime, anywhere, and communicate without restrictions. This is very convenient, but it also gives criminals the ability to collect users’ sensitive data through various channels. The most common phishing website is to build some fraudulent websites similar to well-known companies to trick users into entering and filling in private data. There are also harmless sites that use data transmission between users and servers that are not secure enough to tamper with these data streams to steal personal information.
Facing the first method, we need to cheer up, refuse to enter by mistake, look for the domain name of the website and fill in the information carefully. However, the second method can ensure the security of data transmission by using a standard SSL certificate to prevent user data from being penetrated.
What is an SSL certificate
SSL (Secure Sockets Layer) stands for Secure Sockets Protocol, a security protocol that provides security and data integrity for network communications. An SSL certificate is usually used as a binding proof of identity and contains information that allows the browser and server to establish encryption.
The SSL certificate itself is a data record that contains a large amount of information such as the issuer's name, serial number, fingerprint used for encryption, and so on. If the website wants to use an SSL certificate for encryption, it needs to be installed on the server corresponding to the website.
SSL certificate validity period
Deploying a good SSL certificate on the web server is not once and for all, because the SSL certificate is not permanently valid. Starting from September 1, 2020, most CA organizations will only issue SSL certificates with a validity period of one year. Although the shortening of the validity period of the certificate has led to an increase in the management cost of the certificate and private key, it can ensure that the technical personnel adopt the SSL certificate of the latest encryption standard to protect the security of the website and reduce the risk of certificate theft.
SSL certificate type
Of course, the difference between SSL is not only the validity time and the issuing organization. The most important factor that affects the security of the SSL certificate depends on its verification method. SSL certificates can be divided into three types according to verification methods, each of which is not only different in verification methods, but also in terms of related costs.
Domain Type SSL Certificate (DV SSL)
That is, the certificate issuing authority only conducts online checks on the owner of the domain name, usually to verify the content of a specified file under the domain name, or to verify a certain TXT record related to the domain name; for example, visit [http|https]://www.domain .com/…/test.txt, file content: 2016082xxxxx39w7b20nelfa; or add a TXT record: www.domain.com –> TXT –> 20170xxxxxqmkiby43hpvy8
Since the verification process can be fully automated, many people consider it insecure. Therefore, some browsers separately mark DV SSL certificates to indicate lower security standards compared to other certificates.
Enterprise SSL Certificate (OV SSL)
OV SSL is an official registration certificate that requires the purchaser to submit organization information and unit authorization letter. Before issuing SSL certificates, the certificate authority must not only check the domain name ownership, but also check the authenticity and legitimacy of these materials. Only those who pass the verification can issue an SSL certificate. The OV SSL certificate provides higher security for Internet users.
Enhanced SSL Certificate (EV SSL)
Although it is also based on the SSL/TLS security protocol, the verification process is more specific and detailed with more verification steps. The EV SSL certificate provides the highest level of security. To use this type of certificate, you need to check the domain and organization associated with it, as well as the situation of the applicant itself. It will also check whether the applicant actually works in the organization or company and whether it has the right to apply for a certificate.
It is very different from ordinary SSL certificates. The address bar of the secure browser will turn green. If it is an untrusted SSL certificate, it will refuse to display. If it is a phishing website, the address bar will turn red to warn users.
How to encrypt an SSL certificate
Normally, for the encrypted transmission of data, we need a key to encrypt some content, and we need the same key to decrypt the message again. However, this method does not make sense on the Internet, because users often contact people or organizations that have never communicated before. Therefore, if the unencrypted key is not sent through publicly accessible media in advance, the key cannot be delivered.
The encryption method of the SSL certificate is somewhat different from the above. It is based on the public key infrastructure (PKI) and public key encryption. This method contains two different encryption keys: a private key and a public key. The public key is used for encryption and the private key is used for encryption. The key is used for decryption.
The two keys are different, but related to each other. If you want to use a specific public key to encrypt information, you can only use the private key attached to the public key to decrypt it. If the client verifies that the public key can match the private key, a secure connection is established. This is called "asymmetric encryption".
How to identify the SSL certificate
Knowing the encryption principle of SSL certificates, let's take a look at how to check whether the website has deployed an SSL certificate.
In fact, this is very easy, just look at the address bar of the browser. Two points can be used to determine whether this URL is encrypted:
One is a "lock"-shaped symbol mark, indicating that the website the user is visiting has a valid certificate. Click the "lock" mark to view the security information of many websites, such as the certificate issuer, the effective encryption information used, etc. through the pop-up window;
The second is whether the address starts with " https://". Compared with the ordinary http, the additional "s" stands for "secure" and means that SSL/TLS encryption has been added to the Hypertext Transfer Protocol.
If your website does not use a verified SSL certificate, there will be no "lock" or " https://" in the address bar. In addition, some browsers warn users on these websites when they try to transmit passwords or other sensitive data to the server.
Although the website does not use an SSL certificate, it does not necessarily mean that the website is a fraudulent website. However, compared with websites with SSL certificates, there is a higher risk of using these websites to steal personal information by third parties.
Therefore, SSL certificates are actually indispensable for websites. Another cloud SSL certificate service (SSL Certificates Service), provides SSL certificate subscription, management, deployment and other functions. Cooperating with top international CA institutions, the certificate types are rich, the operation process is simple and convenient, and it provides users with a one-stop HTTPS security solution. Recently, Paiyun has launched a new "2-year renewal certificate", which consists of two one-year certificates. When the previous certificate is about to expire (25 days left), YouPaiyun system will automatically apply for you to renew a new certificate. Friends in need, hurry up and take a look~
Recommended reading
online scam fraud? Network streaking? Is it all because of HTTP?
程序员
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。