Why is HTTPS secure
Contents
What certificate contains?
- Domain
- Public key (Server)
- Issuer (CA, Certificate Authority)
- Signature (Issuer)
How does CA verify that the domain points to the server?
DNS TXT record
- CA asks the domain owner to provide a specified DNS TXT record
- CA will verify the TXT record
File
- CA generates a file:
- file path:
/.well-known/pki-validation/file.txt - content:unique string provided by CA
- file path:
- the domain owner uploads the file to the server
- CA will verify the file by accessing
http://example.com/.well-known/pki-validation/file.txt
How does the browser verify that the certificate is valid?
- The browser incorporates a list of trusted CAs
- The browser will verify the certificate’s signature using the CA’s public key