Thursday, December 23, 2010

SSL Certificates

Hello,

The post is mentioned for general working of SSL certificates, how the requests are being processed between the server and client.
I. Obtaining an SSL Certificate:

XYZ Inc., intends to secure their customer checkout process, account management, and internal employee correspondence on their website, xyz.com.

Step 1: XYZ creates a Certificate Signing Request (CSR) and during this process, a private key is generated.

Step 2: XYZ goes to a trusted, third party Certificate Authority, such as Trustwave . Trustwave takes the certificate signing request and validates XYZ in a two step process. Trustwave validates that XYZ has control of the domain xyz.com and that XYZ Inc. is an official organization listed in public government records.

Step 3: When the validation process is complete, Trustwave gives XYZ a new public key (certificate) encrypted with Trustwave's private key.

Step 4: XYZ installs the certificate on their webserver(s).

II. How Customers Communicate with the Server using SSL


Step 1: A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http.

Step 2: xyz.com sends back its public key to the customer. Once customer receives it, his/her browser decides if it is alright to proceed.
  • The xyz.com public key must NOT be expired
  • The xyz.com public key must be for xyz.com only
  • The client must have the public key for Trustwave installed in their browser certificate store. 99.9% of all modern browsers (1998+) include the Trustwave root certificate. If the customer has Trustwave trusted public key, then they can trust that they are really communicating with XYZ, Inc.

Step 3: If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key.

Step 4: xyz.com will next create a unique hash and encrypt it using both the customer's public key and xyz.com's private key, and send this back to the client.

Step 5: Customer's browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it.

Step 6: Customer and website can now securely exchange information.

Refer https://www.thesslstore.com/ and https://www.rapidsslonline.com/index.aspx

Thanks and Regards,
Gaurav Singh
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)