Implementing SSL

SSL Basics

SSL & TLS are technologies which allow web browsers and servers to communicate over a secured connection (i.e., the data sent is encrypted by one side, transmitted and then decrypted on the other side before processing. 

Client Authentication: the server may also request a Certificate from your web browser, asking for proof that you are who you claim to be

CERTIFICATE: In order to implement SSL, the web server must have an associated CERTIFICATE for each external IP address. 

• You can think of Certificate as a digital driver’s licence of a  web server. 
• It states what company the site is associated with, basic information about site owner or administrator. 
• CERTIFICATE is extremely difficult for anyone else to forge. 
• CERTIFICATE is issued by well known Certificate authority 9CA) such as VeriSign, Thawte or Symantec. 

Overall process: 

• Siteowner purchases the certificate from a CA. 
• Site owner configures (or) installs the certificate in the web server. 
• The end user from a browsers when he attempts to access a secured page in your site, sees the certificate and asked if he wishes to accept the certificate as valid and continue on the transaction
• The data is then encrypted and sent to the server. 
• Server decrypts the data and process it. 

What is self signed certificate: 

• are user generated certificates which are not officially registered with any well-known CA
• they are not guaranteed to be authentic at all. 
• This may or may not be important to you - depending on your needs. 

A web site which involves credit card transaction might want a popular vendor like Verisign to provide the certificate to attract customers whereas a site which displays recipie might go for a normal vendor. 

Self signed certificate is normally used for testing purpose.