Is it important to have digital certificates?

subornaakter20 · Post by **subornaakter20** » Sun Feb 02, 2025 7:16 am

This is roughly how the SSL/TLS website protocol works. First, via HTTPS, your device and the server agree on which key they will use, and then encrypt the transmitted data with this key. For communication between the browser and the server, HTTPS generates a new, one-time secret key each time, which consists of a long series of characters (over a hundred), so it is impossible (or almost impossible) to either guess or intercept. There is only one weak point in this scheme, namely, your opponent may not always be the one with whom you were going to conduct a communication session.

Continuing with the example with the parcel, imagine that on the way to the addressee it fell into the wrong hands. He may well hang his own lock on the box, change the return address marketing list of senior homes and return the mail to you. And when he receives the key to the cipher from you, he will forward it to your opponent (now indicating you as the sender), who will calmly assume that the key came from you. Thus, all the messages that you exchange (being confident in the reliability of the ciphers and the key) will be available for reading to third parties, and you will not even suspect it.

This is the scheme by which an intermediate link (for which encrypted messages become available) appears in the chain between your device and the server. For example, when you pay for the provider's services, the authentication code for your card is intercepted. At the time of interception, you do not even understand this, but everyone knows well what such interceptions are fraught with. This is where the need to use digital certificates, that is, electronic documents that serve as server identifiers, becomes clear.

Ordinary users do not need certificates - they must be on the servers that are trying to contact you. What does the presence of a certificate mean? Firstly, that its owner is a real person. Secondly, that this person has the right to manage the server that is registered in this certificate.

The certificate can be obtained at a special service center, a prototype of an offline passport office. The certificate indicates the name of its owner (whether it is an individual or a company), and a signature is required, which indicates the authenticity of the document. Thus, when forming a connection via HTTPS, the exchange of information is allowed only if the browser has verified the certificate and established its authenticity.

In the example with the parcel, the presence of the certificate gives you a guarantee that when the shipment with the second lock comes back to you, it was your opponent who put the second lock on it, and not someone else. Moreover, even if the second lock turns out to be fake, you will immediately understand this (thanks to the certificate), because it is impossible to forge a unique existing lock.