Secure Socket Layer:
Secure Socket Layer is a protocol which is used to communicate over the Internet in a secure fashion.
SSL technology relies on the concept of public key cryptography to accomplish its tasks. In normal encryption, two communicating parties each share a password or key, and this is used to both encrypt and decrypt messages. While this is a very simple and efficient method, it doesn't solve the problem of giving the password to someone you have not yet met or trust.
SSL Works:
Step 1: XYZ creates a Certificate Signing Request (CSR) and during this process, a private key is generated.
Step 2: XYZ goes to a trusted, third party Certificate Authority, such as Trustwave . Trustwave takes the certificate signing request and validates XYZ in a two step process. Trustwave validates that XYZ has control of the domain xyz.com and that XYZ Inc. is an official organization listed in public government records.
Step 3: When the validation process is complete, Trustwave gives XYZ a new public key (certificate) encrypted with Trustwave's private key.
Step 4: XYZ installs the certificate on their webserver(s).
Customers Communicate with the Server using SSL:
Step 1: A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http.
Step 2: xyz.com sends back its public key to the customer. Once customer receives it, his/her browser decides if it is alright to proceed.
Step 3: If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key.
Step 4: xyz.com will next create a unique hash and encrypt it using both the customer's public key and xyz.com's private key, and send this back to the client.
Step 5: Customer's browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it.
Step 6: Customer and website can now securely exchange information.
Secure Socket Layer is a protocol which is used to communicate over the Internet in a secure fashion.
SSL technology relies on the concept of public key cryptography to accomplish its tasks. In normal encryption, two communicating parties each share a password or key, and this is used to both encrypt and decrypt messages. While this is a very simple and efficient method, it doesn't solve the problem of giving the password to someone you have not yet met or trust.
SSL Works:
Step 1: XYZ creates a Certificate Signing Request (CSR) and during this process, a private key is generated.
Step 2: XYZ goes to a trusted, third party Certificate Authority, such as Trustwave . Trustwave takes the certificate signing request and validates XYZ in a two step process. Trustwave validates that XYZ has control of the domain xyz.com and that XYZ Inc. is an official organization listed in public government records.
Step 3: When the validation process is complete, Trustwave gives XYZ a new public key (certificate) encrypted with Trustwave's private key.
Step 4: XYZ installs the certificate on their webserver(s).
Customers Communicate with the Server using SSL:
Step 1: A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http.
Step 2: xyz.com sends back its public key to the customer. Once customer receives it, his/her browser decides if it is alright to proceed.
Step 3: If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key.
Step 4: xyz.com will next create a unique hash and encrypt it using both the customer's public key and xyz.com's private key, and send this back to the client.
Step 5: Customer's browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it.
Step 6: Customer and website can now securely exchange information.
No comments:
Post a Comment