The SSL certificate is a document that contains the public key and related information of an entity (usually a website or server), including the validity period of the certificate, the presencer, etc. Certificate usually uses the X.509 standard format. The principle of SSL (concession layer) certification is based on the public key infrastructure (PKI) system to ensure the security of communication on the Internet.

　　The following is the basic principle of SSL certificate certification:

　　Certificate issuance agency (CA): CA is a trusted entity that is responsible for issuing digital certificates. Its task is to verify the identity of the requestant of the certificate, and then issue a digital certificate containing the request's public key. Some well -known CA include Digocert, Let's Encrypt and Symantec.

　　Public key and private key: In SSL, the public key and private key are a pair of keys for encryption and decryption data. The public key can be shared publicly, and the private key must be kept secret.

　　SSL handshake: When the client is connected to the server using SSL, the handshake process begins. In the process, the server sends its digital certificate to the client. The client will verify the effectiveness of the certificate, including checking whether the certificate is issued by the trusted CA and whether the certificate is valid.

　　Trust chain: If the client trusts CA, it can trust certificates issued by CA. Otherwise, the client will check whether the CA's root certificate is in its trust storage. The root certificate is the highest -level certificate issued by the trusted CA.

　　Key exchange: Once the client verifies the server's certificate, the two parties start to exchange the keys required for encrypted communication. This usually involves a temporary symmetrical key encrypted by a server, which is used to encrypt and decrypt the actual transmission data.

　　Security communication: Once the handshake is completed, the communication between the client and the server will be encrypted using the symmetrical key of the negotiated negotiation to ensure the confidentiality and integrity of the data.

　　Periodic certificate update: Digital certificates usually have a limited validity period, so it must be updated regularly. The server must apply for and deploy a new certificate.

　　In general, the SSL certificate certification depends on the trusted third -party certificate issuance agencies to ensure the identity of the server and establish a secure communication channel. This system helps to prevent intermediate people from attacking and data leakage, thereby providing online security.