What is SSL and why should I care?
by: clickssl12
Total views: 159
Word Count: 879
What is SSL?
SSL is a protocol that provides privacy and integrity between two communicating applications using TCP/IP. The data going back and forth between client and server is encrypted using a symmetric algorithm.
A public-key algorithm (RSA) is used for the exchange of the encryption keys and for digital signatures. Public key cryptography defines an algorithm that uses two keys, each of which may be used to encrypt a message. If one key is used to encrypt a message, the other must be used to decrypt it. This makes it possible to receive secure messages by simply publishing one key (the public key) and keeping the other undisclosed (the private key).
Digital certificates
This takes us into the discussion of digital certificates, which play an important role in SSL. Digital certificates mainly serve two purposes:
• To establish the owner's identity
• To make the owner's public key available
A digital certificate is issued by a trusted authority -- a certificate authority (CA) -- and it is issued only for a limited time. When its expiration date passes, the digital certificate must be replaced. SSL uses digital certificates for key exchange, server authentication, and optionally, client authentication.
The digital certificate contains specific pieces of information about the identity of the certificate owner and about the certificate authority:
• The owner's distinguished name.
• The owner's public key.
• The date the digital certificate was issued.
• The date the digital certificate expires.
• The issuer's distinguished name. This is the distinguished name of the CA.
• The issuer's digital signature.
• An SSL connection is always initiated by the client using a URL starting with https:// instead of http://.
• Types of SSL certificates
SSL uses certificates to verify the connection. These SSL certificates sit on a secure server and are used to encrypt the data and to identify the Web site. The SSL certificate helps to prove the site belongs to who it says it belongs to and contains information about the certificate holder, the domain that the certificate was issued to, and the name of the Certificate Authority who issued the certificate.
There are three ways of obtaining an SSL certificate:
• Use a Certificate Authority (CA) certificate
• Use a self-signed certificate
• Use a dummy certificate
Use a Certificate Authority (CA) certificate
Certificate Authorities are organizations that are trusted by the industry as a whole and whose business is the issuing of Internet certificates. An example as to where this can be obtained is from VeriSign. To obtain a CA-signed certificate, you must provide enough information to the CA so that the CA can validate your identity. The CA creates a new certificate, digitally signs it, and then delivers it to you. Popular Web browsers are pre-configured to trust certificates that are signed by certain CAs; no further client configuration is necessary in order for a client to connect, through SSL, to the server to which the certificate has been issued.
Use a self-signed certificate
A self-signed certificate is a certificate that is created by the user himself. When using a self-signed certificate, the issuer of the certificate is the same as the subject. The beauty of this solution is that it takes less time to create a self-signed server certificate than it does to obtain a CA-signed server certificate. However, the self-signed certificate requires that any client that connects to the server that installs this certificate over an SSL connection be configured to trust the signer of this certificate. Because the certificate has been self-signed, the signature is not likely to be in the client's trust file and so must be added. If it is impractical to access to every client's trust file, do not use this configuration; obtain a CA-signed certificate instead. Self-signed certificates are only useful when each client interacting with the server can be configured to trust the certificate.
Use a dummy certificate
No, this isn't a less-intelligent version. Generally, dummy certificates contain "dummy" information that serves as placeholders to be temporarily used to set up SSL and test its functions in a specific environment. The Integrated Solutions Console provides a dummy certificate along with server and client trust and key files.
Client/server authentication
After the certificate is obtained, it must be authenticated. There are two types of SSL authentication:
• Server-side authentication
• Client-side authentication
SSL server authentication lets you confirm a server's identity. SSL-enabled client software can use standard techniques of public-key cryptography to check that a server's certificate and public ID are valid and have been issued by a certificate authority listed in the client's list of trusted CAs. This confirmation might be important if the user, for example, is sending a credit card number over the network and wants to check the receiving server's identity.
SSL client authentication lets a server confirm a user's identity. Using the same techniques as those used for server authentication, SSL-enabled server software can check that a client's certificate and public ID are valid and have been issued by a certificate authority listed in the server's list of trusted CAs. This confirmation might be important if the server, for example, is a bank sending confidential financial information to a customer and wants to check the recipient's identity.
Article Source: http://www.ArticleStreet.com/profile/clickssl12-16729.html
About the Author
ClickSSL.com is a Platinum Partner of RapidSSL, VeriSign, Thawte and GeoTrust. CLickSSL.com provide all the ssl certificate, secure your website, server, sub domain using different ssl certificate.
Rating: Not yet rated