DEV Community

loading...

SSL explained briefly

rounakcodes
Self taught. Full Stack Developer. More than 4 years of experience. Currently working on scaling a SaaS product.
・2 min read

Intro

  • HTTPS is a secure version of HTTP
    • communication between server and client is encrypted
  • HTTPS is HTTP over Secure Sockets Layer
  • SSL certificate plays an important role in building trust

SSL certificate

  • a web server's digital certificate
    • issued by a third party (called CA, Certifying Authority)
    • verifies the identity of
      • the web server
      • the web server's public key

Digital Signature

  • created using CA's private key
  • browser has list of major CA's public keys
    • this is how it is able to verify the digital signature

Example

  • user accesses https://www.google.com from the client
  • client requests secure pages from Google's web server
  • the Google server sends its digital certificate which serves two purposes
    • it establishes Google's identity
    • it makes the Google's public key available
  • client verifies issuer's (CA) digital signature
    • to ensure that the certificate is valid
    • client comes installed with the public keys of all of the major certificate authorities. It uses this public key to verify that the web server's certificate was indeed signed by the trusted certificate authority.
    • the certificate contains the domain name and/or IP address of the web server. The client confirms with the certificate authority that the address listed in the certificate is the one to which it has an open connection.
  • after it is verified, it is trusted
    • in case of a client like Google Chrome, a lock icon precedes the URL
      • which indicates that the Google server's public key really belongs to the web server
  • the client now generates a symmetric key
    • it keeps one and gives one to the server
      • to give it securely to the server it encrypts it with server's public key
  • the web server has the private key to decrypt this encryption and it gets the symmetric key
  • from this point, all traffic between client and server will be encrypted with this symmetric key

Curious

https://tlseminar.github.io/first-few-milliseconds/

Discussion (0)