Introduction to SSL




Certificate Authority (CA)

A Certificate Authority is a trusted third-party organization that issues digital certificates such as Secure Sockets Layer (SSL) Certificates after verifying the information included in the Certificates.

Encryption

Encryption is the process of scrambling a message so that only the intended audience has access to the information. Secure Sockets Layer (SSL) technology establishes a private communication channel where data can be encrypted during online transmission, protecting sensitive information from electronic eavesdropping.

Extended Validation (EV) SSL Certificate

Requires a high standard for verification of Secure Sockets (SSL) Certificates dictated by a third party, the CA/Browser Forum. In Microsoft® Internet Explorer 7 and other popular high security browsers, Web sites secured with Extended Validation SSL Certificates cause the URL address bar to turn green.

HTTPS

Web pages beginning with "https" instead of "http" enable secure information transmission via the protocol for secure http. “Https” is one measure of security to look for when sending or sharing confidential information such as credit card numbers, private data records, or business partner data.

Secure Sockets Layer (SSL) Technology

SSL and its successor, transport layer security (TLS), use cryptography to provide security for online transactions. SSL uses two keys to encrypt and decrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.

SSL Certificate

A Secure Sockets Layer (SSL) Certificate incorporates a digital signature to bind together a public key with an identity. SSL Certificates enable encryption of sensitive information during online transactions, and in the case of organizationally validated Certificates, also serve as an attestation of the Certificate owner’s identity.

Secure Sockets Layer (SSL) Certificate is the World Standard for Web Security. SSL technology confronts the potential problems of unauthorized viewing of confidential information, data manipulation, data hijacking, phishing, and other insidious Web site scams by encrypting sensitive data so that only authorized recipients can read it. In addition to preventing tampering with sensitive information, SSL helps provide your Web site’s users with the assurance of having accessed a valid Web site. Support for SSL is built into all major operating systems, Web applications, and server hardware—meaning that SSL’s powerful encryption technology helps provide your business with a system-wide, liability limiting security blanket for fortifying consumer confidence, boosting the percentage of completed transactions, and enriching the “bottom line.”
[Read More...]


What is SSL and why should I care?



Data security over open communication networks such as the Internet will always be a strong concern for developers and customers. Therefore, it is extremely important for a any product you use to be able to achieve a secure environment.

What is SSL?

SSL is a protocol that provides privacy and integrity between two communicating applications using TCP/IP. The data going back and forth between client and server is encrypted using a symmetric algorithm.

A public-key algorithm (RSA) is used for the exchange of the encryption keys and for digital signatures. Public key cryptography defines an algorithm that uses two keys, each of which may be used to encrypt a message. If one key is used to encrypt a message, the other must be used to decrypt it. This makes it possible to receive secure messages by simply publishing one key (the public key) and keeping the other undisclosed (the private key).

Digital certificates

This takes us into the discussion of digital certificates, which play an important role in SSL Certificates. Digital certificates mainly serve two purposes:

  • To establish the owner's identity
  • To make the owner's public key available
  • A digital certificate is issued by a trusted authority -- a certificate authority (CA) -- and it is issued only for a limited time. When its expiration date passes, the digital certificate must be replaced. SSL uses digital certificates for key exchange, server authentication, and optionally, client authentication.
  • The digital certificate contains specific pieces of information about the identity of the certificate owner and about the certificate authority:
  • The owner's distinguished name.
  • The owner's public key.
  • The date the digital certificate was issued.
  • The date the digital certificate expires.
  • The issuer's distinguished name. This is the distinguished name of the CA.
  • The issuer's digital signature.
  • An SSL connection is always initiated by the client using a URL starting with https://  instead of http://.
[Read More...]


Subscribe to: Posts (Atom)
 
Return to top of page ClickSSL - Start your E-Business with SSL Certificates