The certificate management module is mainly used to manage users' SSL certificates, which is convenient for users to enter, view and apply SSL certificates.
- If the user has not applied for a certificate, you can apply for a certificate through Baidu AI Cloud or a third-party organization. One-click certificate application can be realized through SSL certificate service, and the applied certificate will be automatically imported into the certificate management module.
- If the user already has a certificate, you can directly execute Upload Certificate; the user can go to [Baidu AI Cloud Management Console] > [User Account] > [Security Authentication] >[Certificate Management] and add other certificates except Baidu AI Cloud.
SSL certificate: Before applying HTTPS, users should configure SSL certificates. An SSL certificate is a certificate issued by a certificate authority (CA) to authenticate a user's public key. The contents of the certificate include: Information of electronic visa authority, public key user information, public key, signature and validity period of authority, etc. At present, the certificate format and verification method generally follow the X.509 international standard.
HTTPS: Hyper Text Transfer Protocol over Secure Socket Layer。 HTTPS is a security-oriented HTTP channel, which is simply a secure version of HTTP. That is, the SSL layer is added under HTTP, and the security foundation of HTTPS is SSL.
SSL: Secure Sockets Layer. SSL is a security protocol that provides privacy and integrity between communication applications using TCP/IP. The Internet's Hypertext Transfer Protocol (HTTP) uses SSL for secure communications.
TLS: Transport Layer Security Protocol. TLS is a new protocol developed by the IETF. It is based on the SSL 3.0 protocol specification and is the subsequent version of SSL 3.0. There are significant differences between TLS and SSL 3.0, mainly because they support different encryption algorithms, so TLS and SSL 3.0 cannot interoperate. TLS is also often referred to as SSL.
CA: Certificate authority (CA, Certificate Authority). CA is the authority responsible for issuing certificates, authenticating certificates, and managing issued certificates. After the user submits an application to the CA, the CA is responsible for reviewing the user information, then "signing" key information with a private key, and disclosing the corresponding public key. The client can verify the signature using the public key.
Asymmetric encryption: That is, common RSA, DH, EC and other algorithms. The algorithm is characterized by the emergence of keys in pairs, commonly known as public keys (public) and private keys (secret). The information encrypted by public key can only be unlocked by the private key, and the information encrypted by private key can only be unlocked by the public key. The public key is public, and the private key is kept by the server. Therefore, different clients that have the public key cannot decrypt information with each other. They can only perform encrypted communication with the server that has the private key. The server can implement one-to-many communication. The client can also be used to verify the identity of the server that has the private key.
CSR: CSR is short for Certificate Signing Request, that is, a certificate request file generated by a CSP (cryptographic service provider) while generating a private key, when a certificate applicant applies for a digital certificate. As long as the certificate applicant submits the CSR file to the certificate authority, the certificate authority uses its root certificate private key signature to generate a certificate public key file, which is the certificate issued to the user.
PEM: Document format used by Openssl. RFC 1421-1424.