Deployment of SSL secure communication between CA certificates and Web servers

　　Deployment of SSL secure communication between CA certificates and Web servers

Author: Beijing Normal University Zhuhai branch-School of Information Technology-Jiangnan

Lab environment: Windows Server 2003 + Internet Explorer

　　Digital Certificate

Digital Certificates are data files used to establish people's identities and electronic assets on the Internet. They ensure secure and encrypted online communication and are often used to protect online transactions.

Digital certificates are issued by trusted third parties known as the Certification Center (CA. The CA authenticates the identity of the certificate holder and "signs" the certificate to prove that the certificate is not forged or has not been tampered with in any way.

When a certificate is digitally signed by a CA, its holder can use it as an electronic passport to prove his identity. It can be presented to websites, networks, or individuals requiring secure access.

The identity information embedded in the certificate includes the registrant's name and email address, the name and serial number of the issuing CA, and the valid or invalid period of the certificate. When a user is identified by a CA, the certificate uses the holder's public key to protect this data.

A Web server can also use a public key to verify the authenticity of your certificate to your browser. When a user intends to send confidential information (for example, for an online transaction credit card number) to the Web server, the user's browser will ask for a public key in the server's digital certificate to confirm the identity of the Web site.

　　Role of the public key encryption system

Public Keys are half of the key pairs used in the basic public key encryption system for digital certificates.

The public key encryption system uses the corresponding public key and private key for encryption and decryption. These keys have certain numeric values. encryption algorithms use these numeric values to encrypt information, so that information can only be read by users who have the corresponding decryption key.

The Web server that uses the data certificate can use a private key to decrypt the confidential information sent to it on the Internet.

The Web server certificate is validated by a self-Signed CA certificate that identifies the issuing CA. CA certificates are pre-installed in most major Web browsers, including Microsoft Internet Explorer and Netscape Navigator.

The CA certificate tells users whether they can trust the Web server certificate when the Web server certificate is presented to the browser. If the validity of the Web server certificate is confirmed, the public key of the certificate is used to encrypt information for the server using the Secure Sockets Layer (SSL) technology.

SSL security protocols can use digital certificates to establish secure "pipelines" between two parties seeking secure communication ". SSL is used in most major Web browsers and commercial Web servers.

　　Call and handshake

If a shopper wants to establish a connection with an SSL-encrypted Web site, his browser sends a "client call" message to the Web server, requesting an SSL-encrypted session. The Web server sends a server certificate to the shopper to reply.

The shopper's browser will verify whether the server's certificate is valid and signed by a trusted CA. This process confirms that two entities intend to establish a secure SSL connection is called an SSL "handshake ".

To start the handshake, the shopper's browser will generate a special one-time session key encrypted with the server's public key, and send the encrypted session key to the server. The server uses the private key to decrypt the received information and restore the session key.

This exchange confirms the identity of the Web site and ensures that only the browser and the Web server have the session key. The Web server then uses this session key to send encrypted information to shoppers.

When the browser is in normal mode, a key or lock icon in the lower right corner of the browser looks disconnected or open. When an SSL connection is established and the browser is in safe mode, the key becomes the complete key and the lock is also locked.

　　Install the certificate (CA) service component

To use the SSL security mechanism, you must first install the Certificate Service for Windows Server 2003.

1. Start-control panel-add or delete programs-Add/delete Windows Components, select and install

The installation process requires a Windows Server 2003 installation CD

2. Configure the CA Public name and Validity Period

3. Select an independent Root CA for the CA type. The next step is to complete the subsequent steps.

For more information, click the next page!

• 5 pages in total:
• Previous Page
• 1
• 2
• 3
• 4
• 5
• Next Page