What is SSL and why should I care?
Data security over open communication networks such as the Internet will always be a strong concern for developers and customers. Therefore, it is extremely important for a any product you use to be able to achieve a secure environment.
Labels:
Digital Signature,
Digital SSL Certificate,
SSL Certificate,
SSL Certificates,
What are SSL Certificates,
What is SSL
SSL is a protocol that provides privacy and integrity between two communicating applications using TCP/IP. The data going back and forth between client and server is encrypted using a symmetric algorithm.
A public-key algorithm (RSA) is used for the exchange of the encryption keys and for digital signatures. Public key cryptography defines an algorithm that uses two keys, each of which may be used to encrypt a message. If one key is used to encrypt a message, the other must be used to decrypt it. This makes it possible to receive secure messages by simply publishing one key (the public key) and keeping the other undisclosed (the private key).
Digital certificates
This takes us into the discussion of digital certificates, which play an important role in SSL Certificates. Digital certificates mainly serve two purposes:
- To establish the owner's identity
- To make the owner's public key available
- A digital certificate is issued by a trusted authority -- a certificate authority (CA) -- and it is issued only for a limited time. When its expiration date passes, the digital certificate must be replaced. SSL uses digital certificates for key exchange, server authentication, and optionally, client authentication.
- The digital certificate contains specific pieces of information about the identity of the certificate owner and about the certificate authority:
- The owner's distinguished name.
- The owner's public key.
- The date the digital certificate was issued.
- The date the digital certificate expires.
- The issuer's distinguished name. This is the distinguished name of the CA.
- The issuer's digital signature.
- An SSL connection is always initiated by the client using a URL starting with https:// instead of http://.