Skip to main content

SSL Certificate

SSL stands as secure socket layer, of the main protocol which is used to secure the data transmission.  In this article I am trying to discuss how this SSL certificate is used in client server architecture. First of all you should know the difference of "Authentication" and "Authorization". 

Authentication means validate the correct user, for instance most of times when you tried to log to the system, it will ask user name and password to log it. That is called as authentication. Only user who is given correct user name and password allow to log to the system.

When you log to a particular site what are the things you are allowed to do and not to do, in other words the privileges that you have in that site called as Authorization. These two concepts are used when client (your browser) requests from server through SSL protocol. 

You may wonder what is the reason of having such a system. This all about trust. Once you type your favorite site, www.facebook.com in your browser, how do you know that loaded login page is truly owned to real facebook site or not. Because some one else can send same appearance of login page of facebook, and when you type your user name and password that login page they can easily hacked your facebook account. To avoid this type of misuse there is a mechanism to Authenticate the server.  

There is person (CA) who guaranteed or issued a certificate to the web sites telling others (Browsers), this is a real man (server) who owns this site( facebook). This certificate is in digital format and it is there with the web server which is hosted that particular site. Once you type the URL, your browser asks from response server's certificate and its Certified Authority. Then browser asks from that CA, weather that given certificate is valid or not. then only browser will accept the response. Keep in mind, the certificate issued authority should be trusted one by your browser, otherwise it will inform you to choose  the response from server accept or not. That is how authentication is happen between client and browser.

I know what is the question you have, how are we trusted that Certificate Authority? Before giving a answer for that, I ask a question from you, how are you trusted the judgment that given by a judge?  Both are same. You had to trust him because everybody can not be judge and there is legal body behind that, same way everyone can not issued certificates for web sites even they do it, no one trust it. 

When that particular web site has a valid certificate they can use https protocol to communicate  with their clients. I think all of you are having a good experience with this process. But how can we use this process to authorization purpose? Thats the question most of them are  didn't know.

As browser ask certificate from server, server can ask certificate from browser.And that certificate can be used to authorize the client by the server. In this case both server and client's certificate should be signed by same certificate authority. And manually we should install the client's certificate each and every machine's browser. 

In my next article I wish to discuss how we should generate those certificates and configure apache web server to enable the https communication with the browser.

 






Comments

Post a Comment

Popular posts from this blog

IP based vertual hosting in apache2

I think most of the people used ubuntu as their linux OS. There will be a little bit conflict when you are trying to use virtual hosting in apache2 according to centOS. In this article I will try to explain how it should done in ubuntu apache2. Anyway there is a few more things to know before you start. 1. httpd.conf  file is equal to apache2.conf in /etc/apache2/ 2. In apache2.conf includes some other conf file so that necessary settings should be done those files. e.g. changing port numbers should be done in ports.conf I will explain step by step vertual hosting using apacge2. I take /etc/var/www as a DocumentRoot any way if you want to change it, Change the default file which locate in /etc/apache2/sites-available/default file. To easy access create a folder called www.bict.lk (any choice)  and create htdocs and logs two folders inside www.bict.lk. Don't forget to create index.html file in htdocs folder. (html file which shows www.bict.lk ). These folders should be cre
4 comments
Read more

Subnetting In Practice

Imagine that you need to make four different networks(LAN’s). Then you ask form ISP(Internet Service Provider) to four different IP’s. But each of network has less than 20 computers. So ISP will say we cannot give four IP’s and we give you one IP and Split it into four difference networks. Let see how we done it. ISP given network address: 192.168.5.0 255.255.255.0                                                                                                                                  The number of networks that we have : 4 (2^2) 192.168.5. 00 000000        (we take two bits from available host’s bits because we need four different networks).       0     0     0   0   0  0  0   0        (consider last 8 bits) 128  64  32 16  8  4  2   1 00  -> 192.168.5.0       LAN A                                01 -> 192.168.5.64      LAN B 10 ->192.168.5.128     LAN C 11 ->192.168.5.192      LAN D LAN Name Network Address Broadcast Address Host’s IP Range
1 comment
Read more