What is SSL?
Secure Sockets Layer (SSL) is a technology which encrypts traffic between the client application and the server application involved in the conversation. This encryption is accomplished by making use of a public key/private key system using an SSL certificate.
The SSL certificate contains the server’s public key, dates for which the certificate is valid, a hostname for which the certificate is valid and a signature from the Certification Authority which issued it. With this information and some protocol information exchanged during the beginning of a session the client can be reasonably certain that the server is the one to which it is intending to talk.
He said what?
As with everything else in Information Technology SSL certificates have their own terminology. Here is a small glossary for some of the terms you will encounter while dealing with SSL certificates.
Bit size: Encryption keys are measured by their size in bits. For example 512 bit, 1024 bit, 2048 bit. Generally a longer key is going to be safer but probably slower to use. At this time the minimum size for the keys used in SSL certificates is 1024 bit, though the Extended Validation certificates require 2048 bit.
Certificate Chain: SSL certificates are not generally used alone. In most implementations you will actually be dealing with a certificate chain. For example:
Root > intermediate1 > server cert.
> Intermediate2 > server2 cert
In this example your server certificate is signed by the intermediate certificate which is in turn signed by the root certificate. Chaining in this fashion can make SSL more secure because it means that the root certificate is not used (and thus exposed to risk) so often. If intermediate1 was compromised then server cert could be in danger but server2 cert would be fine because they are part of different chains.
Certificate Signing Request: the CSR is a document you generate on the server which contains information that the Certification Authority uses to create your actual certificate.
Common Name: the Common Name (CN) is the hostname for which the certificate is valid (for example, www.domain.com). It should be noted thatwww.domain.com, smtp.domain.com and mail.domain.com are three completely different hostnames and the same SSL certificate is not valid for all three of them (unless you are using a wildcard certificate but at this time we do not offer those).
Private/Public Key: SSL makes use of a technique called public key cryptography. In this form of crypto you have two keys, the public and the private. The public key is distributed far and wide. No one sees your private key. People who wish to communicate securely with you encrypt their communication using YOUR public key. Public key cryptography is based upon the assertion that bits encrypted with a given public key can only be decrypted using the corresponding private key and vice versa.
Root certificate: The SSL root certificates are certificates which have signed themselves and which have been presented to the world by their respective Certification Authorities as the top of their chain. You will find root certificates for the major players already installed in the certificate store for your web browser. This allows your browser to trust those certificates and forms the beginnings of the chain of trust leading ultimately to the certificate you install on your server.
Signature: SSL certificates have a digital signature placed upon them by the Certification Authority. It is this signature which, when traced back to a trusted root certificate, confirms the authenticity of the certificate.
Why use SSL?
No comments:
Post a Comment