- SSL is a security protocol for the transport layer.
- A protocol is guideline to define how an algorithm should be written.
- SSL encrypts the messages between the web server and the browser.
- Browser and the server need SSL Certificate to establish a secure connection.
- SSL Certificates have a key pair: a public and a private key
- It also contains the “subject,” which is the identity of the certificate/website owner.
- Steps to create a SSL Certificate:
- Create a CSR (Certificate Signing Request) on your server.
- CSR contains a private key and a CSR data file.
- Send the CSR to SSL Certificate issuer (Certificate Authority)
- CA creates a public key to match your private key (using the CSR data file, and without seeing the private key)
- The SSL certificate contains the public key
- U install the SSL certificate in your server (Read more about intermediate certificates and certificate chaining in the links below)
- Browsers trust certificate that come only from trusted CA’s
- Browsers come with a pre listed trusted CA’s - Trusted Root CA store
- This shows that a third party have verified organization’s identity
- SInce browser trust the CA, it trusts the certificate and the domain details in the certificate.
- Browser lets the user know the website is secure.
NOTE: data encrypted with public key can only be decrypted with the private key and vice versa
- Browser attempts to connect to a server using SSL
- Server sends its SSL Certificate (containing the public key)
- Browser checks the CA within its list of known CA’s. If it is good, it creates, encrypts (using the public key) and sends a symmetric session key. (Session key is used to reduce processing cost)
- Server - decrypts the symetric session key using the private key to start the encrypted session
- Server and Browser continue communication using the session key
Once secured connection is established the browser address bar will look something like the picture below
References: http://bit.ly/1xToPSG
No comments:
Post a Comment