SSL - Secure Socket Layer

SSL - Secure Socket Layer

June 05, 2014
The Secure Socket Layer protocol was created by Navigator Internet browser in 1994. It is used to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. A browser requests a secure page (usually https://).

How it works.

  1.           The web server sends its public key with its certificate.
  2.      The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still validand that the certificate is related to the site contacted. 
  3.     The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
  4.    The web server decrypts the symmetric encryption key using its private keyand uses the symmetric key to decrypt the URL and http data.
  5.     The web server sends back the requested html document and http data encryptedwith the symmetric key. 
  6.    The browser decrypts the http data and html document using the symmetric key and displays the information.

In Simple Way to understand:-

When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake”. Essentially, three keysare used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa. Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.

Third Party CA Best Example:-

Sample

IRTC Certificate Authority: - (Mozilla Firefox)


 SSL Secured HTTPS Link

 Security Information of IRTC


 Third Party Certificate of IRTC

Certificate Contents (validity, Subject, Encryption Algorithm Details etc..)

How to identify the link is secured or not: - (Google chrome)







About

This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.

Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)