And what is a certificate?


Hackers are very active on Internet, it is important to have the guarantee that we are well connected to the desired site, and not on a malicious site.

To help us in this jungle, there is a system of digital certificates that certify the identity of the site on which you surf. Let’s look at how it all works.

There are 2 types of ways to connect to a site: http or https. (I remind you that one of these protocols is secure and the other is not).
When you are connected to an https site, you say: “The site I’m surfing on is https, so I’m safe” and you’re right but only partially!

Indeed, when you surf the Internet, you access the different sites using URLs. So you trust these urls and your browser to take you to the sites you want to see, but are you sure you’re on the right site?

The DNS resolution is a way to verify the veracity of the response coming from the servers, if you receive an error message coming from your browser, interrogate yourself, take the time to use your preferred web search engine and verify what the result is in putting directly the “http://name” in the search bar, and verify that this site is the official one

As explain normally the browser will alert you but it is up to you to decide if you continue or not with this web site, so in which cases, these messages appear in your browser ?

These alert messages can appear in several cases:

The site does not issue a certificate. (no certificate)
The site issues a certificate but it has expired (the certificates have a period of validity)
The certificate is self-signed (this often happens internally in companies for servers that do not go out on the Internet)
The certificate is valid for one site name and it is issued for another (Example: the certificate is valid for www2.mysite.fr and the certificate is issued for www.mysite.fr it is indeed 2 different addresses: they must, therefore, have 2 different certificates or have a certificate: * .mysite.fr)
The authority that issued the certificate is not known<


Why use a digital certificate?

Why, is it so important to be sure that you are connected to the right site? To understand, I will take an example with the phone.
Example

Imagine that you want to call your bank. You are therefore looking in the directory. You find the phone number, you dial it and you are online with your banker.

Now, imagine that your directory has been hacked (yes, with a paper directory that seems unlikely, but in computer unfortunately it happens). If your phone book has been hacked and your bank number has been replaced by the hacker’s number. If you dial this number, you will be online with this hacker who can then extort your confidential information. Unless you recognize his voice, you have no other way of knowing if you are on the phone with your banker or with a pirate!

Remember how access to different websites works. You know that before calling the pages of a web server, the computer will make a DNS query to find the address of the site, much like looking in a directory.

Definition of the digital certificate.

It is now time to focus on the definition of the digital certificate or certificate.

The digital certificate is a kind of identity card. Like identity cards, it is issued for an authorized organization. And like ID cards, the digital certificate is tamper-proof: it is encrypted to prevent modification,
nominative: it is issued to an entity (as the identity card is issued to one person and only one), certified: there is the “stamp” of the authority that issued it.

It is composed of 2 essential parts:

The identity information of the certificate:
        Name of Holder
        address of the bearer
        the dates of beginning and end of validity
        the name of the Certificate Authority (CA)
        …
    The signature of the certification authority
        this signature is encrypted. (this will make it possible to verify that the certificate is indeed issued by the certification authority)

And finally, for your “culture”, be aware that digital certificates are not reserved for the sole certification of websites. There are many types of certificates. They can be used to certify files, emails, … But here is another story.