fbpx

Secure Socket Layer (SSL)

Published by Daniel Draga on

  • SSL stands for Secure Socket Layer.
  • Secure Socket Layer (SSL) technology allows web browsers and web servers to communicate over a secure connection
  • Originally developed by Netscape, SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers.
  • Responsible for the emergence of

e-commerce, other security sensitive    services on the web

  • The SSL protocol runs above TCP/IP and below higher-level protocols such as HTTP or IMAP

 

1

 

Why SSL?

SSL addresses the following important security considerations.

  • Authentication: During initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials in the form of a server certificate. The purpose of the certificate is to verify that the site is who and what it claims to be.
  • Confidentiality: When data is being passed between the client and the server on a network, third parties can view and intercept this data. SSL responses are encrypted so that the data cannot be deciphered by the third party and the data remains confidential.
  • Integrity: When data is being passed between the client and the server on a network, third parties can view and intercept this data. SSL helps guarantee that the data will not be modified in transit by that third party.

What SSL Provides?

  • Confidentiality (Privacy)
  • Data integrity (Tamper-proofing)
  • Server authentication (Proving a server is what it claims it is)
  • Optional client authentication – Would be required in B2B/B2C (or Web services environment in which program talks to program

SSL and Authentication

  • Server Authentication:

Server needs to provide its own certificate to a

client in order to authenticate itself to the client.

A Web server typically has a CA-signed certificate  and it provides to its clients.

  • Client Authentication:

Client needs to provide its own certificate to a

server in order to authenticate itself to the  server.

  • Mutual Authentication

SSL and Web-tier Security

  • Encrypted password move from the browser

to the web server

  • Encrypted data move between the browser

and the web server

  • Server authentication

– Done before encrypted data transfer occurs

  • Client Authentication

– Not used in most cases

 

What is a Certificate?

  • A certificate is a digitally-signed statement from one entity (person, company,

etc.), saying that the public key (and some other information) of some other

entity has a particular value. So in a sense, it is like digital version of your ID

card such as driver’s license.

  • A certificate is cryptographically signed and is practically impossible for anyone else to forge
  • A certificate can be purchased from (signed by) a well-known CA (Certificate Authority) like Verisign
  • A certificate can be self-signed when authentication over the internet is not really a concern for example, an administrator may simply want to ensure that data being transmitted and received by the server is private and cannot be snooped by anyone eavesdropping on the connection, that is only data privacy and integrity are important.

 

What is Server Certificate?

  • A server certificate is a container that contains server’s public key and other miscellaneous information
  • Web server must have an associated certificate for each external interface, or IP address, that accepts secure connections. This provides  some kind of reasonable assurance that its owner is who you think it is

 

Why Server Certificate is Needed?

  • Server Certificate enables Server Authentication
  • Server sends server certificate as part of SSL key handshake
  • HTTPS service of Tomcat would not work unless a server certificate is installed
  • Verifies the server’s identity to the client, before receiving any sensitive information

SSL Drawbacks

The problems associated with SSL are

  • It prevents caching.
  • Using SSL imposes greater overheads on the server and the client.
  • Some firewalls and/or web proxies may not allow SSL traffic.
  • There is a financial cost associated with gaining a Certificate for the server/subject device

 

 

 

Categories: Knowledgebase

3 Comments

Steps to Install SSL Certificate on Apache Web Server – Virtono Community · July 30, 2016 at 1:10 PM

[…] If you are looking for information, visit the article exclusively for Secure Socket Layer (SSL). […]

Reply

Steps To Install SSL Certificate On Apache Web Server - Virtono Community · June 21, 2023 at 9:23 AM

[…] If you are looking for information, visit the article exclusively for Secure Socket Layer (SSL). […]

Reply

Web Pages Not Served Via HTTPS Will Be Marked ‘not Secure’ In Google Chrome And Mozilla Firefox. Are You Prepared? - Virtono Community · June 21, 2023 at 9:40 AM

[…] SSL Certificates enable data encryption on the internet and allow data to be transmitted securely from a web server to a browser. With SSL, your website can use the https protocol and will display a padlock in end users web browsers to indicate the connection is secure. […]

Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Knowledgebase

How to Protect Your Server Against Brute Force Attacks

Introduction Brute force attacks are one of the most common threats that server administrators face. This guide is designed to provide you with the knowledge and strategies you need to protect your server from brute Read more…

Knowledgebase

Locations of Common Log Files on Linux

In this tutorial, we will take you on a journey through the labyrinth of directories and unveil the secret locations of common log files on Linux. Whether you’re a beginner or an experienced user, this Read more…

Tutorials

How to Install Plesk on Ubuntu 20.04

What is Plesk? Plesk is a commercial web hosting and server data center automation software developed for Linux and Windows-based retail hosting service providers. Plesk Minimum Requirements The minimum amount of RAM required for installing Read more…