A brief understanding of what SSL certificates are mainly used for
It is to change the original HTTP address to https, in which case an SSL certificate is required.
Recently, many domestic dealer exams have fooled users, what to buy mandatory to buy domestic brand SSL certificates, security level certification must use national secret algorithms, and rumors to prohibit foreign certificates!
Take a look at our China** networkWhat exactly is the SSL certificate used:
It is a mainstream foreign OV wildcard SSL certificate, and this institution believes that it is no stranger to the Internet, because this institution is currently used by Google, Alibaba, Alipay, Douyin, JD.com, and Internet celebrities in the industry.
State Cryptography AdministrationWhat SSL certificate is used?
You can see that the SSL certificate in ** is a DV type SSL certificate, and the root certificate authority is from abroad. This institution is actually not famous, due to the security problems of Symantec's SSL certificate business, it was banned by mainstream browser manufacturers, and Symantec's SSL certificate business became famous in one fell swoop after being sold to Digiticert, and this institution uses many people, such as: Apple, a major bank that continues to operate under the influence of Symantec.
At this point, the rumors are naturally cleared, they use foreign SSL certificates, and they are RSA international general algorithms!Moreover, it uses a DV single-domain SSL certificate.
SSL certificates DV, OV, and even EV can be applied for by individuals or enterprises, and there is no distinction in essence!Many domestic dealers tell users that this is the enterprise version!In fact, SSL certificates are only available in real-name and non-real-name versionsTechnically, the security is the same, browser compatibility applicability completely depends on the root certificate!
About the national cryptography algorithm
Don't be cheated by the national secret algorithm!The national secret algorithm is not used at all, because no one goes to install a national secret algorithm browser on a computer in order to access a **, and these browsers are providers that sell national secret algorithm SSL certificates!In addition, even if you want to be more secure, you can use the international algorithm ECC, in addition to high security, and the ECC algorithm is very compatible.
No, because there are only 3-4 organizations in the world that have 99% or 100% compatibility with their root certificates.
There is no domestic one!Including CFCA is not either!All the so-called "domestic certificates" if the parameters are written 99% compatibility are from foreign certificates, as long as you look at the certificate chain, you can see that there are really many enterprises that have been deceived by this, but people who rack their brains to buy it, in addition to being deceived, there is also a lot of "social, educational, economic, and economic" influence.
In particular, SSL certificates are set by the root certificate manufacturer, and these certificates can be queried.
At present, the only institutions remaining: GlobalSign, DigiCert, Sectigo, Certum, and in particular: Certum barely complied.
According to this**go to authorize** providers to view, the country is all **business, no matter what company he is, it is all **!