- <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
- The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit.
- This type of attack is known as a Man In The Middle (MITM) attack.
- SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
- Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
- It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control,
- but in practice many governments and large corporations have been able to do so.</p>
+ <p>当访问一个加密的URL(由https开始),网页使用SSL证书来加密发送到浏览器的信息和确认服务。确认服务是为了保护位于浏览器和网页提供商的的服务和翻译信息。这种攻击方式被称为MITM。
+ SSL证书由证书机构颁发,公司通过验证服务的身份并产生一个收费的证书。安卓有一个受信任的证书列表,会接收所有网页的证书。一个域只允许一个特定的证书,其他的证书无效。但实际使用中政府和大型公司能做到这一点。</p>