The Secure Sockets Layer (SSL) protocol is used by millions of sites to protect data on the Internet. It guarantees a secure connection between the user's browser and the server. When using SSL-protocol, information is transmitted in coded form via HTTPS and it can be decrypted only with a special key unlike the usual HTTP protocol. The SSL protocol requires that an SSL certificate be installed on the server.
SSL certificate is a kind of unique digital signature of your website. Such a certificate is needed, first of all, to banks, payment systems and other organizations working with personal data - to protect transactions and prevent unauthorized access to information.
The CA (Certification Authority) is an organizational unit whose purpose is to certify the public keys of users and publish them in the certificate catalog.
The general scheme of the CA operation is as follows:
• The CA generates its own keys and generates CA certificates designed to verify user certificates;
• users generate certification requests and deliver their CAs in one way or another;
• The CA generates user certificates based on user requests;
• The CA generates and periodically updates the lists of canceled CRLs (Certificate Revocation List);
• user certificates, CA certificates and CRL cancellation lists are published by the CA (distributed to users or placed in a public directory).
The tool creates SSL certificates with the specified key size and encryption algorithm.
The certificate is signed by the certification authority NetTOOLS Root CA.
To use the issued certificates, you need to install the public key of the NetTOOLS Root CA certification center (http://ca.webnettools.com/cacert.cer) in the trusted certificate authority store.
A digital certificate is an electronic "passport" that allows a person, computer, or organization to exchange information securely over the Internet using a public key infrastructure (PKI). A digital certificate can also be called a public key certificate.
As in the case of a passport, the digital certificate provides identification information, is resistant to forgery and can be verified because it was issued by an official trusted agency. The certificate contains the name of the certificate holder, the serial number, the expiration date, a copy of the certificate owner's public key (used to encrypt messages and digital signatures), and the digital signature of the issuing authority (CA) so that the recipient can verify the certificate's authenticity.
Types of digital certificates:
DER is used for binary DER-encoded certificates. These files can also have a CER or CRT extension.
PEM is used for various types of X.509 v3 files that contain ASCII data (Base64) with the prefix "- BEGIN ...".
private key - private key format PKCS#8
PFX is an archive file format for storing several cryptographic objects in one file. Within SSL certificates for the SSL / TLS client and authentication of the SSL / TLS web server, the .pfx file must contain the endpoint certificate (issued to your domain), the corresponding private key, and optionally include the intermediate CA (aka CA Bundle). All this is collected in one file, which is then password protected.
The Certificate converter tool allows you to convert digital certificates into different types. The adaptive menu of the tool allows you to simplify the process of entering data for conversion.