Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL Certificates for Secure Websites

Published byAnastasia Osborne Modified over 6 years ago

Similar presentations

Presentation on theme: "SSL Certificates for Secure Websites"— Presentation transcript:

1 SSL Certificates for Secure Websites

2 What is SSL and what are Certificates?
The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions.

3 How it works A browser requests a secure page (usually https://).
The web server sends its public key with its certificate. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data. The web server sends back the requested html document and http data encrypted with the symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.

4 Two Features of SSL Website Security
Encrypted data channel for privacy SSL certificate for identity verification Is the organization who it claims to be? Is this a legitimate company? How do you know that you are dealing with the right person or rather the right web site. Well, someone has taken great length (if they are serious) to ensure that the web site owners are who they claim to be. This someone, you have to implicitly trust: you have his/her certificate loaded in your browser (a root Certificate). A certificate, contains information about the owner of the certificate, like address, owner's name, certificate usage, duration of validity, resource location or Distinguished Name (DN) which includes the Common Name (CN) (web site address or address depending of the usage) and the certificate ID of the person who certifies (signs) this information. It contains also the public key and finally a hash to ensure that the certificate has not been tampered with. As you made the choice to trust the person who signs this certificate, therefore you also trust this certificate. This is a certificate trust tree or certificate path. Usually your browser or application has already loaded the root certificate of well known Certification Authorities (CA) or root CA Certificates. The CA maintains a list of all signed certificates as well as a list of revoked certificates. A certificate is insecure until it is signed, as only a signed certificate cannot be modified. You can sign a certificate using itself, it is called a self signed certificate. All root CA certificates are self signed. As You may have noticed, the certificate contains the reference to the issuer, the public key of the owner of this certificate, the dates of validity of this certificate and the signature of the certificate to ensure this certificate hasen't been tampered with. The certificate does not contain the private key as it should never be transmitted in any form whatsoever. This certificate has all the elements to send an encrypted message to the owner (using the public key) or to verify a message signed by the author of this certificate.

5 Website with CA-signed SSL Certificate
“I am wfs.kent.edu.. you can verify my identity with VeriSign.” Through your browser’s pre-established trust relationship with VeriSign, you automatically trust anyone who presents one of their certificates.

6 Website with Self-signed SSL Certificate
“I am webmail.kent.edu.. you can verify my identity with webmail.kent.edu” Since there is no pre-existing trust relationship with webmail.kent.edu in your browser, a security alert message appears.

7 Self-signed SSL Certificates
Free and unlimited supply Only trust relationship between users and server already exists Use for: Internal development Intranet applications

8 Self-signed SSL Certificates
Kent has its own self-signing Certification Authority (CA) at Installed on growing number of campus PCs Certificate signing requests can be submitted to Greg Dykes or Dan Roberts

9 CA-signed SSL Certificates
Expensive (VeriSign $250-$400/cert per yr) Useful when trust is not a given Allows user to verify your identity Eliminates warning message Use for: Public-facing web sites Transactions involving commerce and/or exchange of personal information

10 When Can You Use a Self-Signed Certificate?
You can also use self-signed certificates for situations that require privacy, but people might not be as concerned about. For example: Username and password forms Collecting personal (non-financial) information On forms where the only users are people who know and trust you

11 If You're Doing Ecommerce You Need a Signed Certificate
If you're asking them to input their credit card or Paypal information, then you really need a signed certificate. Most people trust the signed certificates and won't do business over an HTTPS server without one. It's just a cost of doing business.

12 Alternative to VeriSign
GeoTrust Trusted root certification authority Same pre-established trust as VeriSign Managed PKI services with certificate request processing tools for supporting constituents Less cost (less than $150/cert per year) Quantity and multi-year discounts available Website:

13 GeoTrust’s CA certificate
GeoTrust’s CA certificate has 99.9% browser penetration, and appears in your computer’s Trusted Root Certification Authority container as “Equifax”

14 References [1] Dan Roberts, SSL Certificates for Secure Websites
[2]

Download ppt "SSL Certificates for Secure Websites"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography and Network Security

Cryptography and Network Security
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Public Key Encryption An example of how a bank might accomplish encryption.

Public Key Encryption An example of how a bank might accomplish encryption.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming

Similar presentations

Ads by Google