SlideShare uma empresa Scribd logo

Understanding Digital Certificates & Secure Sockets Layer

CheapSSLUSA
CheapSSLUSA

Basic Knowledge about the SSL Certificate.

Internet
1 de 12
Baixar para ler offline
Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions May 2007 © Copyright 2007 Entrust. All rights reserved.
Understanding Digital Certificates & Secure Sockets Layer Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED "AS IS" WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE. © Copyright 2007 Entrust. All rights reserved. © Copyright 2007 Entrust. All rights reserved. Page 1 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer Table of Contents 1 The Landscape ...........................................................................................3 2 What Are Digital Certificates?...................................................................4 3 What Is SSL? ..............................................................................................5 How Is SSL Encryption Strength Determined?..................................................................... 5 What Are SSL Certificates? .................................................................................................. 6 Public Trust ........................................................................................................................... 8 4 Entrust SSL Certificates ..........................................................................10 Entrust Certificate Management Service ............................................................................ 10 5 Conclusion................................................................................................11 6 About Entrust ...........................................................................................11 © Copyright 2007 Entrust. All rights reserved. Page 2 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer 1 The Landscape The Internet is your gateway to millions of potential new customers. Moving your business online provides the convenience and accessibility your customers and partners demand, helping you to stand out from the competition. As organizations provide more services and transactions online, security becomes a necessity. Customers need to be confident that sensitive information such as a credit card number is going to a legitimate online business. Organizations need to keep customer information private and secure. In today’s environment with identity theft and fraud, it is imperative that businesses provide a secure way of conducting online transactions. By making security integral, organizations not only gain customer trust, but also can increase revenue by adding more services online. © Copyright 2007 Entrust. All rights reserved. Page 3 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer 2 What Are Digital Certificates? Digital certificates are electronic files that are used to identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties using encryption. When you travel to another country, your passport provides a way to establish your identity and gain entry. Digital certificates provide similar identification in the electronic world. Certificates are issued by a Certification Authority (CA). Much like the role of the passport office, the role of the CA is to validate the certificate holder’s identity and to “sign” the certificate so that it cannot be tampered with. Once a CA has signed a certificate, the holder can present their certificate to people, Web sites and network resources to prove their identity and establish encrypted, confidential communications. A standard certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as: The name of the holder and other identification information required to identify the holder, such as the URL of the Web server using the certificate, or an individual’s e-mail address The holder’s public key (more on this below), which can be used to encrypt sensitive information for the certificate holder The name of the Certification Authority that issued the certificate A serial number The validity period (or lifetime) of the certificate (a start and an end date) In creating the certificate, this information is digitally signed by the issuing CA. The CA’s signature on the certificate is like a tamper-detection seal on packaging — any tampering with the contents is easily detected. Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information. The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (e.g., encryption) done with the public key can only be undone or decrypted with the corresponding private key, and vice versa. A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key. © Copyright 2007 Entrust. All rights reserved. Page 4 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer © Copyright 2007 Entrust. All rights reserved. Page 5 www.entrust.com 3 What Is SSL? Secure Sockets Layer (SSL) technology is a security protocol that is today’s de-facto standard for securing communications and transactions across the Internet. SSL has been implemented in all major browsers and Web servers, and as such, plays a major role in today’s e-commerce and e-business activities on the Web. The SSL protocol uses digital certificates to create a secure, confidential communications “pipe” between two entities. Data transmitted over an SSL connection cannot be tampered with or forged without the two parties becoming immediately aware of the tampering. The newest version of the SSL standard has been renamed TLS (Transport Layer Security). You will often see these terms used interchangeably. Since the term SSL is more commonly understood, we will continue to use it throughout this paper. How Is SSL Encryption Strength Determined? Although the information sent between the browser and the Web server is encrypted, it is a common misunderstanding that the certificate dictates the strength of the encryption. The strength of the SSL session is actually a function of the strength of the browser and the capabilities of the server. If the browser is limited to 128-bit encryption, then only a 128-bit session will be established, even if the Web server supports 256-bit sessions. If both the browser and server support 256-bit encryption, then a 256-bit session can be established. Is Server-Gated Cryptography (SGC) Required? At one time, the export of 128-bit browsers outside of North America was regulated. Prior to changes in these U.S. export regulations, the use of "step-up" encryption or Server-Gated Cryptography (“SGC”) was the only way for organizations dealing with consumers outside the U.S. and Canada to secure communications between Web browsers and Web servers using 128- bit encryption. Because Microsoft and Netscape were restricted to only exporting 40-bit encryption browsers, enterprises with international customers were forced to purchase expensive “step-up” certificates in order to secure 128-bit encryption for their Web site users. Organizations want the highest level of security available today, but at a reasonable cost. If you are using SGC certificates, you should understand that, in the majority of cases, these certificates are no longer necessary. Since 2000, U.S. export regulations have permitted the export of 128-bit encryption-enabled browsers and upgrades for existing browsers to all countries except those under U.S. embargo. The primary browser version that would benefit from SGC is a non-updated installation of Internet Explorer 5.01. An update to 128-bit encryption has been available for many years on Microsoft’s Windows Update service, along with many other important security updates. Deployed browser statistics are contentious, but according to at least one source, as of April 2007, Internet Explorer 5.01 and Internet Explorer 4 have a combined total market share of .33 percent1 , and that does not take into account the number of IE 5.01 installations that may have updated to 128-bit encryption. For high-traffic sites where even 0.3 percent of users represent a real concern, organizations need to consider the security ramifications of conducting secure transactions with a user who has not patched their browser or operating system for most of the 21st century. 1 “Browser Version By Market Share,” March 2007, Net Applications
Understanding Digital Certificates & Secure Sockets Layer What Are SSL Certificates? An SSL Web server certificate authenticates the identity of a Web site to browser users and enables encrypted communications using Secure Sockets Layer (SSL). When a browser user wants to send confidential information to a Web server, the browser will access the server’s digital certificate and obtain its public key to encrypt the data. Since the Web server is the only one with access to its private key, only the server can decrypt the information. This is how the information remains confidential and tamper-proof while in transit across the Internet. The following diagram illustrates how a 128- or 256-bit SSL connection works: Client Web Server Client connects to an SSL-protected Web site (URL starts with https). Client Web Server The Web site authenticates by presenting its certificate to the client, along with cryptographic proof that it possesses the associated private key. The client verifies the signature to determine if he/she should trust the certificate. As long as the certificate is signed by one of the client’s Trusted Root Certification Authorities, no trust dialogs are presented to the user and the secure connection starts seamlessly. © Copyright 2007 Entrust. All rights reserved. Page 6 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer How Certificates are Used in an SSL Transaction Suppose Alice wants to connect to a secure Web site to buy something online: When Alice visits a Web site secured with SSL (typically indicated by a URL that begins with “https:”), her browser sends a “Client Hello” message to the Web server indicating that a secure session (SSL) is requested. The Web server responds by sending Alice its server certificate (which includes its public key). Alice’s browser will verify that the server’s certificate is valid and has been signed by a Certification Authority (CA) like Entrust, whose certificate is in the browser’s database or that has been cross certified by a root whose certificate is in the browser’s database (and who Alice trusts). It will also verify that the CA certificate has not expired. If the certificate is valid, Alice’s browser will generate a one-time, unique “session” key and encrypt it with the server’s public key. Her browser will then send the encrypted session key to the server so that they will both have a copy. The server will decrypt the message using its private key and recover the session key. At this point Alice can be confident about two things: The Web site she is communicating with has been vetted to confirm the identity of the organization requesting the certificate and the domain on which the server has been established. Only Alice’s browser and the Web server have a copy of the session key. Once the SSL “handshake” is complete, then a secure communications “pipe” is established. Alice’s browser and the Web server can now use the session key to send encrypted information back and forth, knowing that their communications are protected. The entire process of establishing the SSL connection typically happens transparently to the user and takes only seconds. A key or padlock icon in the lower corner of the browser window identifies the security mode of a browser. When the browser is running in “normal” mode, the key looks broken or the padlock appears open or is not present. Once an SSL connection has been established, the key becomes whole, or the padlock becomes closed or appears, indicating that the browser is now in "secure" mode. © Copyright 2007 Entrust. All rights reserved. Page 7 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer Public Trust Public Trust is not a widely used term, but it is a useful concept. In this context, we define it as trust relationships built using certificates issued from CAs whose public keys are embedded in applications such as Web browsers. Without these embedded keys, consumers and end-users need to go to much more effort to establish basic trust in online services. When a Web site does not have an SSL certificate signed by a CA whose root key is embedded in the browser, most Internet browsers will display a warning dialog box similar to that shown in Figure 1, which may lead the customer to question the trustworthiness of the site and abandon their transaction. Figure 1: Warning dialog box, Internet Explorer 6 © Copyright 2007 Entrust. All rights reserved. Page 8 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer Figure 2: Warning dialog box, Internet Explorer 7 In contrast, if a user submits credit card or other information to a site with a valid SSL certificate and an SSL connection, the warning does not appear. The secure connection is seamless, making the online shopping experience more pleasant. Before browser vendors will embed a CA’s public key (or ‘root key’) into their browser, they typically require the CA to be certified for compliance with the Web Trust for Certification Authorities audit criteria. A WebTrust Seal provides you with assurance and confidence in the security of a public key infrastructure (PKI). Entrust was the first certification authority (CA) in the world to earn the WebTrust for Certification Authorities (CAs) Seal of Assurance in 2001 from the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). As examples of processes and procedures audited under WebTrust, Entrust will only issue an SSL certificate to your online business after it has performed the following verification procedures: Verify your identity against third-party databases and confirm that your organization is listed in these databases Confirm that that your organization has the right to use the domain name included in the certificate request Verify that the individual who requested the SSL certificate on behalf of the organization was authorized to do so and is employed with that organization © Copyright 2007 Entrust. All rights reserved. Page 9 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer 4 Entrust SSL Certificates Entrust’s range of SSL certificate offerings are designed to help customers take advantage of the operational efficiencies that electronic commerce has to offer, while concurrently securing online transactions. By protecting communications between browsers and Web servers, Entrust SSL Certificates enable increased consumer confidence and transparent Web security for end-users and administrators. Using Entrust SSL Certificates not only provide security and trust to your Web site, but they are also easier to deploy. Entrust has been in the security business since the early 1990s and its Certification Authority (CA) root keys have been embedded in major browsers since the late ‘90s, which means your users will have a secure and positive experience. Entrust SSL Certificates enable up to 256-bit SSL encryption between Web servers and browsers. Customers can purchase one- or two-year certificates and be confident that they are acquiring a trusted brand whose root key is embedded in the most common browsers and applications for a seamless user experience. Entrust SSL Certificates help you prevent service disruptions and reduce monitoring costs by delivering automatic notification of upcoming certificate expiration and around-the-clock online support. Entrust offers a complete range of certificate products, including the new Extended Validation and Unified Communications certificates. Entrust Certificate Management Service As customers manage more certificates, the account administration interface of the Entrust Certificate Management Service solution makes it simple to order, deploy and manage SSL certificates. The certificate-recycling feature allows customers to redistribute their certificate inventory to where it is needed at any time within their subscription period (e.g., if a group of Web servers is decommissioned, the certificates from those servers can be redeployed on another set of Web servers at no additional cost). Administrative delegation better fits how SSL certificates are managed within the organization by distributing certificate management functions across subsidiaries, departments or geographic boundaries. The Entrust Certificate Management Service is not only suitable for enterprises, but also for outsourcers and Web hosters. The powerful management tools allow these organizations to conveniently manage large numbers of certificates on behalf of their clients and provide flexible reporting tools to facilitate billing. © Copyright 2007 Entrust. All rights reserved. Page 10 www.entrust.com
Understanding Digital Certificates & Secure Sockets Layer 5 Conclusion The Internet, Intranets, Extranets and wireless networks are re-defining how companies communicate and do business. As the value of business relationships and transactions increase, so do the associated risks and security requirements. By protecting the security of online payments, businesses can reduce risk and reach a larger market. SSL security is a standard and a minimum requirement for those that conduct transactions online. Almost all legitimate and trustworthy businesses use SSL security to secure their Web site. The Entrust Certificate Management Service helps organizations secure their online transactions quickly and efficiently with limited effort required by the user or administrator. By leveraging Entrust SSL Certificates, organizations can be confident that communications are secure and that their online presence is a trusted one, thereby increasing customer confidence and reducing security risks. To learn more about the Entrust Certificate Management Service and how it can help your business grow, please refer to the Entrust Web site at www.entrust.net 6 About Entrust Entrust, Inc. [NASDAQ: ENTU] is a world leader in securing digital identities and information. More than 1,650 enterprises and government agencies in more than 60 countries rely on Entrust solutions to help secure the digital lives of their citizens, customers, employees and partners. Our proven software and services help customers achieve regulatory and corporate compliance, while turning security challenges such as identity theft and e-mail security into business opportunities. © Copyright 2007 Entrust. All rights reserved. Page 11 www.entrust.com

Recomendados

Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
Devam Shah
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
bluntm64
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importance
svm
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
Netri Chowdhary
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Kumkum digital certificate
Kumkum digital certificateKumkum digital certificate
Kumkum digital certificate
Kumkum Sharma
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 

Recomendados

Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
Devam Shah
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
bluntm64
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importance
svm
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
Netri Chowdhary
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Kumkum digital certificate
Kumkum digital certificateKumkum digital certificate
Kumkum digital certificate
Kumkum Sharma
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
Theo Gravity
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
Alex de Jong
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
Venkatesh Jambulingam
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
Vivaka Nand
 
Certification authority
Certification authorityCertification authority
Certification authority
proser tech
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
Sumant Diwakar
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
priyanka Garg
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSL
Tony Fabeen
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commerce
mahesh tawade
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
Shubham Sharma
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
jolly9293
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
saurav5884
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
nayakslideshare
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
Ravi Ranjan
 
Digital signature
Digital signatureDigital signature
Digital signature
Yash Karanke
 
Digital signature
Digital signatureDigital signature
Digital signature
Mohanasundaram Nattudurai
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
Ishwar Dayal
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
Information Security Awareness Group
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Buddhika Karunanayaka
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
Rohit Phulsunge
 

Mais conteúdo relacionado

Mais procurados

Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
Ishwar Dayal
 

Mais procurados (20)

Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSL
 
Digital certificates in e commerce
Digital certificates in e commerceDigital certificates in e commerce
Digital certificates in e commerce
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 

Destaque

The Role of Digital Certificates in Contemporary Government Systems: the Case...
The Role of Digital Certificates in Contemporary Government Systems: the Case...The Role of Digital Certificates in Contemporary Government Systems: the Case...
The Role of Digital Certificates in Contemporary Government Systems: the Case...
Arab Federation for Digital Economy
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
Prabhat Goel
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
Rohit Bhat
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 

Destaque (14)

Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
The Role of Digital Certificates in Contemporary Government Systems: the Case...
The Role of Digital Certificates in Contemporary Government Systems: the Case...The Role of Digital Certificates in Contemporary Government Systems: the Case...
The Role of Digital Certificates in Contemporary Government Systems: the Case...
 
Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pki
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 

Semelhante a Understanding Digital Certificates & Secure Sockets Layer

Is web security part of your annual security audit
Is web security part of your annual security auditIs web security part of your annual security audit
Is web security part of your annual security audit
Dianne Douglas
 

Semelhante a Understanding Digital Certificates & Secure Sockets Layer (20)

Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
 
All About SSL/TLS
All About SSL/TLSAll About SSL/TLS
All About SSL/TLS
 
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
 
Understanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdfUnderstanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdf
 
Digital certificate
Digital certificateDigital certificate
Digital certificate
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
Reducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-CommerceReducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-Commerce
 
Is web security part of your annual security audit
Is web security part of your annual security auditIs web security part of your annual security audit
Is web security part of your annual security audit
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web Security
 
How electronic signature software helps create electonic signature securely
How electronic signature software helps create electonic signature securely How electronic signature software helps create electonic signature securely
How electronic signature software helps create electonic signature securely
 
Secure sockets layer, ssl presentation
Secure sockets layer, ssl presentationSecure sockets layer, ssl presentation
Secure sockets layer, ssl presentation
 
All You Need to Know About EV SSL Security
All You Need to Know About EV SSL SecurityAll You Need to Know About EV SSL Security
All You Need to Know About EV SSL Security
 
The Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesThe Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL Certificates
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates
 
Thawte EV SSL: A New Revolution for Trust
Thawte EV SSL: A New Revolution for TrustThawte EV SSL: A New Revolution for Trust
Thawte EV SSL: A New Revolution for Trust
 
IS-Crypttools.pptx
IS-Crypttools.pptxIS-Crypttools.pptx
IS-Crypttools.pptx
 
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurityComodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
 
Types of SSL Certificates for Every Business Need
Types of SSL Certificates for Every Business NeedTypes of SSL Certificates for Every Business Need
Types of SSL Certificates for Every Business Need
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 

Mais de CheapSSLUSA

Mais de CheapSSLUSA (6)

Introduction of an SSL Certificate
Introduction of an SSL CertificateIntroduction of an SSL Certificate
Introduction of an SSL Certificate
 
Information about the SSL Certificate
Information about the SSL CertificateInformation about the SSL Certificate
Information about the SSL Certificate
 
Specification of SSL Certificate
Specification of SSL CertificateSpecification of SSL Certificate
Specification of SSL Certificate
 
Secure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateSecure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)Certificate
 
Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL Certificate
 
Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015Symantec Intelligence Report - Oct 2015
Symantec Intelligence Report - Oct 2015
 

Último

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 

Último (20)

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 

Understanding Digital Certificates & Secure Sockets Layer

  • 1. Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions May 2007 © Copyright 2007 Entrust. All rights reserved.
  • 2. Understanding Digital Certificates & Secure Sockets Layer Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED "AS IS" WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE. © Copyright 2007 Entrust. All rights reserved. © Copyright 2007 Entrust. All rights reserved. Page 1 www.entrust.com
  • 3. Understanding Digital Certificates & Secure Sockets Layer Table of Contents 1 The Landscape ...........................................................................................3 2 What Are Digital Certificates?...................................................................4 3 What Is SSL? ..............................................................................................5 How Is SSL Encryption Strength Determined?..................................................................... 5 What Are SSL Certificates? .................................................................................................. 6 Public Trust ........................................................................................................................... 8 4 Entrust SSL Certificates ..........................................................................10 Entrust Certificate Management Service ............................................................................ 10 5 Conclusion................................................................................................11 6 About Entrust ...........................................................................................11 © Copyright 2007 Entrust. All rights reserved. Page 2 www.entrust.com
  • 4. Understanding Digital Certificates & Secure Sockets Layer 1 The Landscape The Internet is your gateway to millions of potential new customers. Moving your business online provides the convenience and accessibility your customers and partners demand, helping you to stand out from the competition. As organizations provide more services and transactions online, security becomes a necessity. Customers need to be confident that sensitive information such as a credit card number is going to a legitimate online business. Organizations need to keep customer information private and secure. In today’s environment with identity theft and fraud, it is imperative that businesses provide a secure way of conducting online transactions. By making security integral, organizations not only gain customer trust, but also can increase revenue by adding more services online. © Copyright 2007 Entrust. All rights reserved. Page 3 www.entrust.com
  • 5. Understanding Digital Certificates & Secure Sockets Layer 2 What Are Digital Certificates? Digital certificates are electronic files that are used to identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties using encryption. When you travel to another country, your passport provides a way to establish your identity and gain entry. Digital certificates provide similar identification in the electronic world. Certificates are issued by a Certification Authority (CA). Much like the role of the passport office, the role of the CA is to validate the certificate holder’s identity and to “sign” the certificate so that it cannot be tampered with. Once a CA has signed a certificate, the holder can present their certificate to people, Web sites and network resources to prove their identity and establish encrypted, confidential communications. A standard certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as: The name of the holder and other identification information required to identify the holder, such as the URL of the Web server using the certificate, or an individual’s e-mail address The holder’s public key (more on this below), which can be used to encrypt sensitive information for the certificate holder The name of the Certification Authority that issued the certificate A serial number The validity period (or lifetime) of the certificate (a start and an end date) In creating the certificate, this information is digitally signed by the issuing CA. The CA’s signature on the certificate is like a tamper-detection seal on packaging — any tampering with the contents is easily detected. Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information. The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (e.g., encryption) done with the public key can only be undone or decrypted with the corresponding private key, and vice versa. A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key. © Copyright 2007 Entrust. All rights reserved. Page 4 www.entrust.com
  • 6. Understanding Digital Certificates & Secure Sockets Layer © Copyright 2007 Entrust. All rights reserved. Page 5 www.entrust.com 3 What Is SSL? Secure Sockets Layer (SSL) technology is a security protocol that is today’s de-facto standard for securing communications and transactions across the Internet. SSL has been implemented in all major browsers and Web servers, and as such, plays a major role in today’s e-commerce and e-business activities on the Web. The SSL protocol uses digital certificates to create a secure, confidential communications “pipe” between two entities. Data transmitted over an SSL connection cannot be tampered with or forged without the two parties becoming immediately aware of the tampering. The newest version of the SSL standard has been renamed TLS (Transport Layer Security). You will often see these terms used interchangeably. Since the term SSL is more commonly understood, we will continue to use it throughout this paper. How Is SSL Encryption Strength Determined? Although the information sent between the browser and the Web server is encrypted, it is a common misunderstanding that the certificate dictates the strength of the encryption. The strength of the SSL session is actually a function of the strength of the browser and the capabilities of the server. If the browser is limited to 128-bit encryption, then only a 128-bit session will be established, even if the Web server supports 256-bit sessions. If both the browser and server support 256-bit encryption, then a 256-bit session can be established. Is Server-Gated Cryptography (SGC) Required? At one time, the export of 128-bit browsers outside of North America was regulated. Prior to changes in these U.S. export regulations, the use of "step-up" encryption or Server-Gated Cryptography (“SGC”) was the only way for organizations dealing with consumers outside the U.S. and Canada to secure communications between Web browsers and Web servers using 128- bit encryption. Because Microsoft and Netscape were restricted to only exporting 40-bit encryption browsers, enterprises with international customers were forced to purchase expensive “step-up” certificates in order to secure 128-bit encryption for their Web site users. Organizations want the highest level of security available today, but at a reasonable cost. If you are using SGC certificates, you should understand that, in the majority of cases, these certificates are no longer necessary. Since 2000, U.S. export regulations have permitted the export of 128-bit encryption-enabled browsers and upgrades for existing browsers to all countries except those under U.S. embargo. The primary browser version that would benefit from SGC is a non-updated installation of Internet Explorer 5.01. An update to 128-bit encryption has been available for many years on Microsoft’s Windows Update service, along with many other important security updates. Deployed browser statistics are contentious, but according to at least one source, as of April 2007, Internet Explorer 5.01 and Internet Explorer 4 have a combined total market share of .33 percent1 , and that does not take into account the number of IE 5.01 installations that may have updated to 128-bit encryption. For high-traffic sites where even 0.3 percent of users represent a real concern, organizations need to consider the security ramifications of conducting secure transactions with a user who has not patched their browser or operating system for most of the 21st century. 1 “Browser Version By Market Share,” March 2007, Net Applications
  • 7. Understanding Digital Certificates & Secure Sockets Layer What Are SSL Certificates? An SSL Web server certificate authenticates the identity of a Web site to browser users and enables encrypted communications using Secure Sockets Layer (SSL). When a browser user wants to send confidential information to a Web server, the browser will access the server’s digital certificate and obtain its public key to encrypt the data. Since the Web server is the only one with access to its private key, only the server can decrypt the information. This is how the information remains confidential and tamper-proof while in transit across the Internet. The following diagram illustrates how a 128- or 256-bit SSL connection works: Client Web Server Client connects to an SSL-protected Web site (URL starts with https). Client Web Server The Web site authenticates by presenting its certificate to the client, along with cryptographic proof that it possesses the associated private key. The client verifies the signature to determine if he/she should trust the certificate. As long as the certificate is signed by one of the client’s Trusted Root Certification Authorities, no trust dialogs are presented to the user and the secure connection starts seamlessly. © Copyright 2007 Entrust. All rights reserved. Page 6 www.entrust.com
  • 8. Understanding Digital Certificates & Secure Sockets Layer How Certificates are Used in an SSL Transaction Suppose Alice wants to connect to a secure Web site to buy something online: When Alice visits a Web site secured with SSL (typically indicated by a URL that begins with “https:”), her browser sends a “Client Hello” message to the Web server indicating that a secure session (SSL) is requested. The Web server responds by sending Alice its server certificate (which includes its public key). Alice’s browser will verify that the server’s certificate is valid and has been signed by a Certification Authority (CA) like Entrust, whose certificate is in the browser’s database or that has been cross certified by a root whose certificate is in the browser’s database (and who Alice trusts). It will also verify that the CA certificate has not expired. If the certificate is valid, Alice’s browser will generate a one-time, unique “session” key and encrypt it with the server’s public key. Her browser will then send the encrypted session key to the server so that they will both have a copy. The server will decrypt the message using its private key and recover the session key. At this point Alice can be confident about two things: The Web site she is communicating with has been vetted to confirm the identity of the organization requesting the certificate and the domain on which the server has been established. Only Alice’s browser and the Web server have a copy of the session key. Once the SSL “handshake” is complete, then a secure communications “pipe” is established. Alice’s browser and the Web server can now use the session key to send encrypted information back and forth, knowing that their communications are protected. The entire process of establishing the SSL connection typically happens transparently to the user and takes only seconds. A key or padlock icon in the lower corner of the browser window identifies the security mode of a browser. When the browser is running in “normal” mode, the key looks broken or the padlock appears open or is not present. Once an SSL connection has been established, the key becomes whole, or the padlock becomes closed or appears, indicating that the browser is now in "secure" mode. © Copyright 2007 Entrust. All rights reserved. Page 7 www.entrust.com
  • 9. Understanding Digital Certificates & Secure Sockets Layer Public Trust Public Trust is not a widely used term, but it is a useful concept. In this context, we define it as trust relationships built using certificates issued from CAs whose public keys are embedded in applications such as Web browsers. Without these embedded keys, consumers and end-users need to go to much more effort to establish basic trust in online services. When a Web site does not have an SSL certificate signed by a CA whose root key is embedded in the browser, most Internet browsers will display a warning dialog box similar to that shown in Figure 1, which may lead the customer to question the trustworthiness of the site and abandon their transaction. Figure 1: Warning dialog box, Internet Explorer 6 © Copyright 2007 Entrust. All rights reserved. Page 8 www.entrust.com
  • 10. Understanding Digital Certificates & Secure Sockets Layer Figure 2: Warning dialog box, Internet Explorer 7 In contrast, if a user submits credit card or other information to a site with a valid SSL certificate and an SSL connection, the warning does not appear. The secure connection is seamless, making the online shopping experience more pleasant. Before browser vendors will embed a CA’s public key (or ‘root key’) into their browser, they typically require the CA to be certified for compliance with the Web Trust for Certification Authorities audit criteria. A WebTrust Seal provides you with assurance and confidence in the security of a public key infrastructure (PKI). Entrust was the first certification authority (CA) in the world to earn the WebTrust for Certification Authorities (CAs) Seal of Assurance in 2001 from the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). As examples of processes and procedures audited under WebTrust, Entrust will only issue an SSL certificate to your online business after it has performed the following verification procedures: Verify your identity against third-party databases and confirm that your organization is listed in these databases Confirm that that your organization has the right to use the domain name included in the certificate request Verify that the individual who requested the SSL certificate on behalf of the organization was authorized to do so and is employed with that organization © Copyright 2007 Entrust. All rights reserved. Page 9 www.entrust.com
  • 11. Understanding Digital Certificates & Secure Sockets Layer 4 Entrust SSL Certificates Entrust’s range of SSL certificate offerings are designed to help customers take advantage of the operational efficiencies that electronic commerce has to offer, while concurrently securing online transactions. By protecting communications between browsers and Web servers, Entrust SSL Certificates enable increased consumer confidence and transparent Web security for end-users and administrators. Using Entrust SSL Certificates not only provide security and trust to your Web site, but they are also easier to deploy. Entrust has been in the security business since the early 1990s and its Certification Authority (CA) root keys have been embedded in major browsers since the late ‘90s, which means your users will have a secure and positive experience. Entrust SSL Certificates enable up to 256-bit SSL encryption between Web servers and browsers. Customers can purchase one- or two-year certificates and be confident that they are acquiring a trusted brand whose root key is embedded in the most common browsers and applications for a seamless user experience. Entrust SSL Certificates help you prevent service disruptions and reduce monitoring costs by delivering automatic notification of upcoming certificate expiration and around-the-clock online support. Entrust offers a complete range of certificate products, including the new Extended Validation and Unified Communications certificates. Entrust Certificate Management Service As customers manage more certificates, the account administration interface of the Entrust Certificate Management Service solution makes it simple to order, deploy and manage SSL certificates. The certificate-recycling feature allows customers to redistribute their certificate inventory to where it is needed at any time within their subscription period (e.g., if a group of Web servers is decommissioned, the certificates from those servers can be redeployed on another set of Web servers at no additional cost). Administrative delegation better fits how SSL certificates are managed within the organization by distributing certificate management functions across subsidiaries, departments or geographic boundaries. The Entrust Certificate Management Service is not only suitable for enterprises, but also for outsourcers and Web hosters. The powerful management tools allow these organizations to conveniently manage large numbers of certificates on behalf of their clients and provide flexible reporting tools to facilitate billing. © Copyright 2007 Entrust. All rights reserved. Page 10 www.entrust.com
  • 12. Understanding Digital Certificates & Secure Sockets Layer 5 Conclusion The Internet, Intranets, Extranets and wireless networks are re-defining how companies communicate and do business. As the value of business relationships and transactions increase, so do the associated risks and security requirements. By protecting the security of online payments, businesses can reduce risk and reach a larger market. SSL security is a standard and a minimum requirement for those that conduct transactions online. Almost all legitimate and trustworthy businesses use SSL security to secure their Web site. The Entrust Certificate Management Service helps organizations secure their online transactions quickly and efficiently with limited effort required by the user or administrator. By leveraging Entrust SSL Certificates, organizations can be confident that communications are secure and that their online presence is a trusted one, thereby increasing customer confidence and reducing security risks. To learn more about the Entrust Certificate Management Service and how it can help your business grow, please refer to the Entrust Web site at www.entrust.net 6 About Entrust Entrust, Inc. [NASDAQ: ENTU] is a world leader in securing digital identities and information. More than 1,650 enterprises and government agencies in more than 60 countries rely on Entrust solutions to help secure the digital lives of their citizens, customers, employees and partners. Our proven software and services help customers achieve regulatory and corporate compliance, while turning security challenges such as identity theft and e-mail security into business opportunities. © Copyright 2007 Entrust. All rights reserved. Page 11 www.entrust.com