Skip to main content

SSL Certificate

SSL stands as secure socket layer, of the main protocol which is used to secure the data transmission.  In this article I am trying to discuss how this SSL certificate is used in client server architecture. First of all you should know the difference of "Authentication" and "Authorization". 

Authentication means validate the correct user, for instance most of times when you tried to log to the system, it will ask user name and password to log it. That is called as authentication. Only user who is given correct user name and password allow to log to the system.

When you log to a particular site what are the things you are allowed to do and not to do, in other words the privileges that you have in that site called as Authorization. These two concepts are used when client (your browser) requests from server through SSL protocol. 

You may wonder what is the reason of having such a system. This all about trust. Once you type your favorite site, www.facebook.com in your browser, how do you know that loaded login page is truly owned to real facebook site or not. Because some one else can send same appearance of login page of facebook, and when you type your user name and password that login page they can easily hacked your facebook account. To avoid this type of misuse there is a mechanism to Authenticate the server.  

There is person (CA) who guaranteed or issued a certificate to the web sites telling others (Browsers), this is a real man (server) who owns this site( facebook). This certificate is in digital format and it is there with the web server which is hosted that particular site. Once you type the URL, your browser asks from response server's certificate and its Certified Authority. Then browser asks from that CA, weather that given certificate is valid or not. then only browser will accept the response. Keep in mind, the certificate issued authority should be trusted one by your browser, otherwise it will inform you to choose  the response from server accept or not. That is how authentication is happen between client and browser.

I know what is the question you have, how are we trusted that Certificate Authority? Before giving a answer for that, I ask a question from you, how are you trusted the judgment that given by a judge?  Both are same. You had to trust him because everybody can not be judge and there is legal body behind that, same way everyone can not issued certificates for web sites even they do it, no one trust it. 

When that particular web site has a valid certificate they can use https protocol to communicate  with their clients. I think all of you are having a good experience with this process. But how can we use this process to authorization purpose? Thats the question most of them are  didn't know.

As browser ask certificate from server, server can ask certificate from browser.And that certificate can be used to authorize the client by the server. In this case both server and client's certificate should be signed by same certificate authority. And manually we should install the client's certificate each and every machine's browser. 

In my next article I wish to discuss how we should generate those certificates and configure apache web server to enable the https communication with the browser.

 






Comments

Post a Comment

Popular posts from this blog

IP based vertual hosting in apache2

I think most of the people used ubuntu as their linux OS. There will be a little bit conflict when you are trying to use virtual hosting in apache2 according to centOS. In this article I will try to explain how it should done in ubuntu apache2. Anyway there is a few more things to know before you start. 1. httpd.conf  file is equal to apache2.conf in /etc/apache2/ 2. In apache2.conf includes some other conf file so that necessary settings should be done those files. e.g. changing port numbers should be done in ports.conf I will explain step by step vertual hosting using apacge2. I take /etc/var/www as a DocumentRoot any way if you want to change it, Change the default file which locate in /etc/apache2/sites-available/default file. To easy access create a folder called www.bict.lk (any choice)  and create htdocs and logs two folders inside www.bict.lk. Don't forget to create index.html file in htdocs folder. (html file which shows www.bict.lk ). These folders should be cre
4 comments
Read more

Name Based Virtual Hosting in apache2

In name based virtual hosting we run several web sites in one IP address.To do that request from browser should come in HTTP/1.1 protocol. To demonstrate this process I used this scenario. Imagine we have three web sites called as www.bict,lk , www.ucsc.lk and www.scs.lk. And our apache server runs in 192.168.1.1IP address and 8080 port. Following document roots are used. www.bict.lk    /var/opt/www.bict.lk/htdocs www.ucsc.lk   /var/opt/www.ucsc.lk/htdocs www.scs.lk   /var/opt/www.scs.lk/htdocs In an each htdocs directory you should create separate index.html files. note : You can change those document root in /etc/apache/sites-available/default file. And it has default document root as /var/www . To edit that use $ vi /etc/apache/sites-available/default    command. There should be a index files (index.html) relevant to each web site. To make easy understand I explain this step by step . step 1.      Edit the ports.conf file     $vi /etc/apache2/ports.conf     In thi
Post a Comment
Read more