SSL certificates Type of certificate which allows multiple domains to be secured with one SSL certificate. SSL Stands for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption, and decryption of data sent over the Internet. See the following interesting guides on how to import a certificate into the Trusted Root and Personal file certificate store, how to request a certificate signing request in Windows using Microsoft Management Console, and how to export a certificate in PFX format in Windows.
Transport Layer Security, and its now-deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network.
I’m going to highlight only the important steps for HTTPS communication.
- A client contacts the server.
- The client and server exchange information about the communications they intend to perform, such as the ciphers to use (SSL handshake).
- The server transmits its certificate to the client.
Note: It depends on the protocol used here as the server only can send its certificate etc.
- The client checks that it trusts the certification authority that issued the certificate. If it does not recognize the CA and does not get an override, the communication ends.
- The client checks for revocation information on the certificate. If the certificate is revoked or revocation information is unavailable, then the client might attempt to obtain an override. Implementations vary on how they deal with null or unreachable CRL information, but almost all will refuse to communicate with any entity using a revoked certificate.
- The client generates a portion of a temporary key for symmetric encryption.
- The client uses the server’s public key to encrypt the partial temporary key.
- The client sends the encrypted partial key to the server.
- The server decrypts the partial key using its own private key.
- The server completes the secret key.
- The client and server agree to use the secret key. All communications in the same conversation are encrypted with that key.
Note: It would be possible to use asymmetric encryption for the entire conversation. However, as we talked about earlier, asymmetric encryption results in ciphertext that greatly exceeds the size of the unencrypted source. To solve that problem without exposing a plaintext key, SSL only uses asymmetric encryption while the client and server establish identity and work together to create a symmetric shared key. From that point forward, they only use symmetric encryption. That keeps the size of transmitted data to a minimum. Even better, if an attacker manages to break any point of the transmission besides the initial negotiation, they will only gain a temporary key.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.