This content originally appeared on DEV Community and was authored by rounakcodes
Intro
- HTTPS is a secure version of HTTP
- communication between server and client is encrypted
- HTTPS is HTTP over Secure Sockets Layer
- SSL certificate plays an important role in building trust
SSL certificate
- a web server's digital certificate
- issued by a third party (called CA, Certifying Authority)
- verifies the identity of
- the web server
- the web server's public key
Digital Signature
- created using CA's private key
- browser has list of major CA's public keys
- this is how it is able to verify the digital signature
Example
- user accesses https://www.google.com from the client
- client requests secure pages from Google's web server
- the Google server sends its digital certificate which serves two purposes
- it establishes Google's identity
- it makes the Google's public key available
- client verifies issuer's (CA) digital signature
- to ensure that the certificate is valid
- client comes installed with the public keys of all of the major certificate authorities. It uses this public key to verify that the web server's certificate was indeed signed by the trusted certificate authority.
- The certificate contains the domain name and/or IP address of the web server. Your web browser confirms with the certificate authority that the address listed in the certificate is the one to which it has an open connection.
- after it is verified, it is trusted
- in case of chrome an icon appears
- which indicates that
- the Google server's public key really belongs to the web server
- The client now generates a symmetric key
- it keeps one and gives one to the server
- to give it securely to the server it encrypts it with server's public key
- the web server has the private key to decrypt this encryption and it gets the symmetric key
- from this point, all traffic between client and server will be encrypted with this symmetric key
Curious
https://tlseminar.github.io/first-few-milliseconds/
This content originally appeared on DEV Community and was authored by rounakcodes
Print
Share
Comment
Cite
Upload
Translate
Updates
There are no updates yet.
Click the Upload button above to add an update.
APA
MLA
rounakcodes | Sciencx (2021-05-19T00:35:07+00:00) SSL explained briefly. Retrieved from https://www.scien.cx/2021/05/19/ssl-explained-briefly/
" » SSL explained briefly." rounakcodes | Sciencx - Wednesday May 19, 2021, https://www.scien.cx/2021/05/19/ssl-explained-briefly/
HARVARDrounakcodes | Sciencx Wednesday May 19, 2021 » SSL explained briefly., viewed ,<https://www.scien.cx/2021/05/19/ssl-explained-briefly/>
VANCOUVERrounakcodes | Sciencx - » SSL explained briefly. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2021/05/19/ssl-explained-briefly/
CHICAGO" » SSL explained briefly." rounakcodes | Sciencx - Accessed . https://www.scien.cx/2021/05/19/ssl-explained-briefly/
IEEE" » SSL explained briefly." rounakcodes | Sciencx [Online]. Available: https://www.scien.cx/2021/05/19/ssl-explained-briefly/. [Accessed: ]
rf:citation » SSL explained briefly | rounakcodes | Sciencx | https://www.scien.cx/2021/05/19/ssl-explained-briefly/ |
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.