SSL/TLS encrypted transmission and digital certificate interpretation

What is SSL?

Originally developed by the Netscape Enterprise, the Secure Socket Layer (SSL) protocol is now a global standard for authenticating Web sites and web browser identities, and for encrypting communications between users of browsers and Web servers. Because SSL technology is built into all major browsers and Web server programs, you can only install digital certificates or server certificates to activate Server functionality.

What is a server certificate?

The server certificate is installed on your Web server, and you can treat the server certificate as a digital proof that allows visitors to use the Web browser to verify the true identity of the website, and the server certificate can be used for the SSL-encrypted communication process.

How does the server certificate work?

The user connects to your Web site, which is protected by a server certificate. (can be identified by viewing the beginning of the URL as "https:", or the browser will provide you with relevant information).

Your server responds and automatically transmits your website's digital certificate to the user, which is used to authenticate your website.

The user's Web browser program generates a unique "session key code" that encrypts all communication processes between the sites.

The user's browser encrypts the chat key code with the public key of the Web site so that only your website can read the chat key code.

Now, a secure communication process has been established. This process takes only a few seconds and the user does not need to perform any action. Depending on the browser program, the user will see the icon of a key complete, or the icon of a door bolt becomes locked to indicate that the current working stage is safe.

What is an SSL certificate?

SSL is a protocol in which an organization or enterprise needs an SSL certificate in order to be able to use the SSL protocol. An SSL certificate is a small data file that contains details about your enterprise organization that typically includes:

1. Your domain name or server name
2. Name and address of your company
3. In some cases, your contact details

In order to activate the browser's SSL transfer feature, the enterprise organization needs to request and install an SSL certificate on its server. Depending on the type of certificate requested, the organization needs to undergo different levels of review. Once the certificate has been installed, it is possible to access the website via Https://www.domain, which will tell the server to establish a secure connection with the browser. Once the secure connection has been established, all data transfers between the server and the browser are secure and reliable.

The SSL certificate must be issued by a trusted CA's root certificate. For the certificate to be trusted, the root certificate of the CA must be installed on the user's terminal machine. If the certificate is not trusted, the browser will display an error message to the end user that the certificate is not trustworthy. In business situations, such error messages immediately result in a lack of trust in the site, so sites that use untrusted certificates are risking the loss of most users ' trust and business opportunities.

GlobalSign Company, is a trusted CA agency. This is because major browsers and operating system vendors, such as Microsoft, Mozilla, Opera, BlackBerry, Java, and so on, believe that GlobalSign is a legitimate CA and is a trusted SSL certification authority. The more the CA buries its root certificate into the more applications, devices, and browsers, the better the SSL certificate issued will be recognized.

Root embedding strategy – ensure that every customer is protected with the most intuitive security

GlobalSign has been in the root certificate embedding program for over 10 years. This program ensures that in-house engineers from the United States, UK, continental Europe and Asia are able to maintain continuous communication with applications, devices and browser vendors to ensure that GlobalSign's root certificates are installed in every possible place where SSL can be transmitted.

Summarize:

For example, the server does not have a digital certificate from a company, then the SSL/TLS module in his middleware can not be activated, not used (in fact, the certificate company and the SSL development organization and Microsoft must have a great relationship), if the client (browser) does not install the SSL digital certificate required by a Web server and cannot access the site, provided that the browser activates the SSL/TLS module (typically, this activation is free because the browser is usually free).

For example, if your server SSL is not activated, your domain name can only be a domain name that begins with HTTP instead of HTTPS, and if your client (browser) does not have SSL/TLS support, or if you do not have a digital certificate for the relevant Web site, you cannot access the relevant website for HTTPS.

Example: Disabling the client (IE) SSL/TLS protocol

Everyone should understand!

SSL/TLS encrypted transmission and digital certificate interpretation