Symantec Access Management

  • Private Community
 View Only
Back to Library

What is SSL , Role of SSL Certificates And how its works ? 

Nov 25, 2015 07:21 AM

What is SSL ?

Definition:

SSL (Secure Sockets Layer) is the standard security technology
for establishing an encrypted link between a web server and a browser. This
link ensures that all data passed between the web server and browsers remain
private and integral.

Basically, SSL certificates plays two important role:

  1. Data Encryption (so that your data can not be hacked or cracked
    by others easily)
  2. Validate Website (to make sure that you are connection to right
    website and not providing sensitive info like credit cards details on phishing
    website )

 

What is the Role of SSL Certificate here?

  1. SSL Certificates have a key pair: a public and a private key.

Anything encrypted with the public key can only be decrypted
with the private key, and vice versa.

These Keys (and session keys) are used for encrypting the data.

 

  1. 2. Common name (defined while creating SSL Certificate) is used
    to valid for the website that client is connecting to.

 

How SSL works?

 

When a browser attempts to access a website that is secured by
SSL, the browser and the web server establish an SSL connection using a process
called an “SSL Handshake”

 

 

  1. 1. Browser connects to a web server (website) secured with SSL
    (https). Browser requests that the server identify itself.
  2. 2. Server sends a copy of its SSL Certificate, including the
    server’s public key.
  3. 3. Browser checks the certificate that the certificate is
    unexpired, unrevoked, and that its common name is valid for the website that it
    is connecting to. If the browser (or client) trusts the certificate, it
    creates, encrypts, and sends back a symmetric session key using the server’s
    public key.
  4. 4. Server decrypts the symmetric session key using its private
    key and sends back an acknowledgement encrypted with the session key to start
    the encrypted session.
  5. 5. Server and Browser now encrypt all transmitted data with the
    session key.

SSL Working.gif

 

 

Regards

Anand

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Shamlee Vinay Ratnaparkey
Dec 09, 2015 01:30 AM

Very informative!

Thanks Anand and Simon for sharing this

I plan to post this content on CA Cookbooks at CA Technologies Information Services on Flipboard.

Anon Anon
Dec 01, 2015 05:46 AM

Great info Anand and Simon!

Thanks for sharing..

Simon Naunton
Nov 25, 2015 11:24 PM

Excellent post.

 

I read an analogy recently which explains this in layman's terms. I thought it so good that I may as well post it here (from memory):

 

You want to send a box to Bob, without John being able to open the box and look at what is inside. So you put a lock on it and send it to Bob.

 

Bob receives the box, but he cannot open it as he does not have the key, only you have the key. So Bob puts his own lock on it and sends it back to you.

 

The box now has two locks on it. Your lock and Bob's Lock. You have the key to your lock and Bob has the key to his.

 

You receive the box. It is locked by both your lock and Bob's lock. You unlock your lock and send it back.

 

The box only has one lock on it. Bob's lock.

 

Bob receives the box. As it is only Bob's lock which is locking the box and he has the key, Bob can open the box.

 

At no point could John open the box because it was always locked and he never had a key to open it.

 

At no point did you have Bob's key or did Bob have your key.

Reatesh Sanghi
Nov 25, 2015 12:58 PM

Great info!!

Related Entries and Links

No Related Resource entered.