Hackers are very active on
There are 2 types of ways to connect to a site:
When you are connected to an https site, you say: “The site I’m surfing on is https, so I’m safe” and you’re right but only partially!
Indeed, when you surf the Internet, you access the different sites using URLs. So you trust these
The DNS resolution is a way to verify the veracity of the response coming from the servers, if you receive an error message coming from your browser, interrogate yourself, take the time to use your preferred web search engine and verify what the result is in putting directly the “http://name” in the search bar, and verify that this site is the official one
As explain normally the browser will alert you but it is up to you to decide if you continue or not with this web site, so in which cases, these messages appear in your
These alert messages can appear in several cases:
The site does not issue a certificate. (no certificate)
The site issues a certificate but it has expired (the certificates have a period of validity)
The certificate is self-signed (this often happens internally in companies for servers that do not go out on the Internet)
The certificate is valid for one site name and it is issued for another (Example: the certificate is valid for www2.mysite.fr and the certificate is issued for www.mysite.fr it is indeed 2 different addresses: they must, therefore, have 2 different certificates or have a certificate: * .mysite.fr)
The authority that issued the certificate is not known<
Why use a digital certificate?
Why, is it so important to be sure that you are connected to the right site? To understand, I will take an example with the phone.
Example
Imagine that you want to call your bank. You are therefore looking in the directory. You find the phone number, you dial it and you are online with your banker.
Now, imagine that your directory has been hacked (yes, with a paper directory that seems unlikely, but in computer unfortunately it happens). If your phone book has been hacked and your bank number has been replaced by the hacker’s number. If you dial this number, you will be online with this hacker who can then extort your confidential information. Unless you recognize his voice, you have no other way of knowing if you are on the phone with your banker or with a pirate!
Remember how access to different websites works. You know that before calling the pages of a web server, the computer will make a DNS query to find the address of the site, much like looking in a directory.
Definition of the digital certificate.
It is now time to focus on the definition of the digital certificate or certificate.
The digital certificate is a kind of identity card. Like identity cards, it is issued for an authorized organization. And like ID cards, the digital certificate is tamper-proof: it is encrypted to prevent modification,
nominative: it is issued to an entity (as the identity card is issued to one person and only one), certified: there is the “stamp” of the authority that issued it.
It is composed of 2 essential parts
Name of Holder
address of the bearer
the dates of beginning and end of validity
the name of the Certificate Authority (CA)
…
The signature of the certification authority
this signature is encrypted. (this will make it possible to verify that the certificate is indeed issued by the certification authority)
And finally, for your “culture”, be aware that digital certificates are not reserved for the sole certification of websites. There are many types of certificates. They can be used to certify files, emails, … But here is another story.