Understanding SSL
Understanding SSL:
There are many ways to go about creating an SSL connection between servers, and the best one for your situation will depend upon the type of protocol you're planning to tunnel through it. As you probably know, the Secure Sockets Layer (SSL) allows the use of encryption to protect data sent via a TCP/IP connection. The most commonly used implementation of SSL is the HTTPS protocol: a secure encrypted alternative to HTTP for transferring information over the Web.
There are many ways to go about creating an SSL connection between servers, and the best one for your situation will depend upon the type of protocol you're planning to tunnel through it. As you probably know, the Secure Sockets Layer (SSL) allows the use of encryption to protect data sent via a TCP/IP connection. The most commonly used implementation of SSL is the HTTPS protocol: a secure encrypted alternative to HTTP for transferring information over the Web.
Secure Sockets Layer (SSL)
is a computer networking protocol for securing connections between
network application clients and servers over an insecure network, such as the
internet. Due to numerous protocol and implementation flaws and
vulnerabilities, SSL was deprecated for use on the internet by the Internet
Engineering Task Force (IETF) in 2015 and has been replaced by the Transport Layer Security (TLS) protocol. While TLS and SSL are
not interoperable, TLS is backwards-compatible with SSL 3.0.
Server certificates typically are issued to hostnames, which could be a machine name (such as ‘XYZ-SERVER-01’) or domain name (such as ‘www.symantec.com’). A web browser reaching the server and validates that an SSL server certificate is authentic. That tells the user that their interaction with the web site has no eavesdroppers and that the web site is exactly who it claims to be. This security is critical for electronic commerce, which is why certificates are now in such widespread use.
Server certificates typically are issued to hostnames, which could be a machine name (such as ‘XYZ-SERVER-01’) or domain name (such as ‘www.symantec.com’). A web browser reaching the server and validates that an SSL server certificate is authentic. That tells the user that their interaction with the web site has no eavesdroppers and that the web site is exactly who it claims to be. This security is critical for electronic commerce, which is why certificates are now in such widespread use.
Process:
1. Client Hello
Information that the server needs to communicate with the client using SSL. This includes the SSL version number, cipher settings, session-specific data.
2. Server Hello
Information that the server needs to communicate with the client using SSL. This includes the SSL version number, cipher settings, session-specific data.
3. Authentication and Pre-Master Secret: Client authenticates the server certificate. (e.g. Common Name / Date / Issuer) Client (depending on the cipher) creates the pre-master secret for the session, encrypts with the server's public key and sends the encrypted pre-master secret to the server.
4. Decryption and Master Secret
Server uses its private key to decrypt the pre-master secret. Both Server and Client perform steps to generate the master secret with the agreed cipher.
5. Encryption with Session Key
Both client and server exchange messages to inform that future messages will be encrypted.
How do I implement SSL on my website?
Implementing SSL for a website is quite easy! A typical installation of SSL certificate involves the following steps:
Step 1. Acquire SSL certificate:
To implement SSL/TLS security on your website, you need to get and install a certificate from a trusted CA. A trusted CA will have its root certificates embedded in all major root store programs, meaning the certificate you purchase will be trusted by the internet browsers and mobile devices used by your website visitors.
You should also decide which type of certificate suits you best.
• Single domain certificates allow you to secure one fully qualified domain name (FQDN).
• Wildcard certificates secure a single domain and unlimited subdomains of that domain. For example, a wildcard certificate for '*.domain.com' could also be used to secure 'payments.domain.com', 'login.domain.com', 'anything-else.domain.com'
• Multi-domain certificates allow website owners to secure multiple, distinct domains on a one certificate. For example, a single MDC can be used to secure domain-1.com, domain-2.com, domain-3.co.uk, domain-4.net and so on.
• Extended Validation certificates provide the highest levels of security, trust and customer conversion for online businesses. Because of this, EV certificates contain a unique differentiator designed to clearly communicate the trustworthiness of the website to its visitors. Whenever somebody visits a website that uses an EV SSL, the address bar will turn green in major browsers such as Internet Explorer, Firefox and Chrome.
Step 2. Activate and install your SSL certificate:
When SSL certificate is purchased from a web host, its activation is taken care of by the web host(WebServer). The administrator creates "Certificate Signing Request". Next, generate your Private Key and fill out the form for Certificate Signing Request (CSR). You will need to send this CSR to your CA in order to purchase a certificate.
Step 3. Update Website from HTTP to HTTPS:
Your website is now capable of HTTPS! You must now configure you website so that visitors who access this site get automatically directed to the "HTTPS" version. Search engine providers like Google are now offering SEO benefits to SSL pages, so the effort to serve all pages on your site over HTTPS is well worth it.
Who issues SSL Certificates?
A certificate authority or certification authority (CA) issues SSL certificates. On receiving an application, the CA verifies two factors: It confirms the legal identity of the enterprise/company seeking the certificate and whether the applicant controls the domain mentioned in the certificate. The issued SSL certificates are chained to a 'trusted root' certificate owned by the CA. Most popular internet browsers such as Firefox, Chrome, Internet Explorer, Microsoft Edge, and others have these root certificates embedded in their 'certificate store'. Only if a website certificate chains to a root in its certificate store will the browser allow a trusted and secure https connection. If a website certificate does not chain to a root then the browser will display a warning that the connection is not trusted.
What details are included in a SSL certificate?
SSL Certificates will contain details of whom the certificate has been issued to. This includes the domain name or common name, serial number; the details of the issuer; the period of validity - issue date and expiry date; SHA Fingerprints; subject public key algorithm, subject's public key; certificate signature algorithm, certificate signature value. Other important details such as the type of certificate, SSL/TLS version, Perfect Forward Secrecy status, and cipher suite details are included. Organization validated and extended validation certificates also contain verified identity information about the owner of the website, including organization name, address, city, state and country.
How can I tell when a site uses SSL?
A web page using SSL will display
• "https://" instead of "http://" before the website's address in the browser's address bar
• A padlock icon in the address bar of the browser before the address.
• With an Extended Validation Certificate, the address bar also shows the registered name of the company that owns the website, the name of the issuing CA and, an additional green security indicator.
for more detail and activity please click on below link
**************************SSL***************************
Comments
Post a Comment