What is SSL?
- SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
- SSL is an industry standard and is used by millions of websites for the protection of their online transactions.
- Founded by Netscape initially. Current version of SSL is 3.0
How it Works?
To create an SSL connection a web server requires an SSL Certificate. SSL Connection uses public key/private key to encrypt and decrypt the data transferred between the server and browser. The following are the step by step communications happens during a SSL connection:
- A browser requests a secure page (https://)
- The web server responds and sends its public key with its SSL Certificate.
- The browser checks the following:
Is the certificate was issued by a trusted party (trusted root CA)
Is the certificate is still valid?
Is the certificate is related to the site contacted?
- The Browser maintains the list of Certification Authority whom it trusts, if it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.
- The browser then encrypts the URL required as well as other http data using random symmetric encryption key and encrypts that random symmetric encryption key using the public key. Then sends it to the server with the encrypted.
- The web server decrypts the symmetric encryption key using its private key and uses that symmetric key to decrypt the URL and http data.
- The web server sends back the requested html document and http data encrypted with the same symmetric key.
- The browser decrypts the http data and html document using the symmetric key and displays the information.
How to obtain a SSL Certificate to use with Web Server?
You can obtain the certificate for your domain from the Trusted Certificate Providers like VeriSign, Comodo, GoDaddy. You may get charged for the certificate issuance. Alternatively, you can create and use a self-signed certificate with your web server.
Typically an SSL Certificate will contain,
- Your domain name
- Your company name
- Your address
- Your city
- Your state and your country
- The expiration date of the Certificate
- Details of the Certification Authority responsible for the issuance of the Certificate.
- The browsers provide users with a key indicator to let users know they are currently protected by an SSL encrypted session.
- A lock icon in the lower right-hand corner or in the left-most side of the address bar indicating that, the server is using SSL connection.
- Clicking on the lock icon displays your SSL Certificate and the details about it.
- All SSL Certificates are issued to either companies or legally accountable individuals.
1 comments:
Write commentsthanks for the useful post, as a noob to all thinks SSL. I was wondering which one of the ssl certificate providers do you view as the best, im currently using openSSL but i have been told its a bad idea to use self signed certs on a e-commerce site. whats your opinion?
ReplyWhat do you think about this Article? Add your Opinion..! EmoticonEmoticon