Reputation: 2986
How do browsers handle SSL certificate?
I'm wondering how do browsers handle SSL certificate that transmitted from web server?
I understand RSA algorithm is important here, but why we use SHA-1 here too? and what the role of SHA-1 algorithm?
Can anybody explain the process to me in detail?
Upvotes: 1
Views: 352
Answers (1)
Reputation: 6238
The first question was how a browser uses SHA-1 in the context of SSL. The full answer can be found here. The short answer is that SHA-1 is used to confirm that a certificate offered as a proof is the same one that was signed by CA.
As to the second question (But what if a man-in-the-middle attack replace the whole data including certificate and the signed SHA-1 offered itself?). A word 'Signed' is a key here. A man-in-the-middle can replace a certificate. However, this certificate will not be trusted by a browser because it won't be signed by Certificate Authority. An attacker cannot generate a certificate signed by CA because he/she doesn't know a private key of CA.
Upvotes: 1
Related Questions
- How are ssl certificates verified?
- How do browsers decrypt a self-signed certificate?
- How SSL and Certificates work between server & browser
- How does a browser request a SSL certificate?
- How resolve certificate SHA-1 (chrome)
- How client's SSL/TLS certificate is sent from a client (browser) to a server
- How Web broswer's ssl works
- How does web browser understand which x509 certificate it should send to server?
- Browsers and certificate store
- Does the browser send its own certificate to the Web server during https communication?