During SSL communication, the web-server stores certificate with Asymmetric public/private key pair.

SSL Certificate contains

  • Asymmetric public key
  • Asymmetric private key
  • Subject – Identity of website/owner

During SSL Handshake Session key is generated and exchanged for message encryption/decryption. The generated session key is always a symmetric key

Flow of communication between Server and client during SSL Handshake

  1. Client Hello
    1. Client first sends a request to the Server
    2. Sends SSL Version number , Cipher Settings, session-specific data
  2. Server Hello
    1. Server Shares the Asymmetric Public key and SSL certificate with the client
    2. Send SSL Version number, Cipher Settings, session-specific data
  3. Authentication & Pre-Master Secret
    1. Client first validates the certificate.
    2. Client then generates the Symmetric Session Key  based on cipher and encrypts using the Server’s public key and sends it to the server.
  4. Decryption & Master Secret
    1. The Server decrypts the message using its asymmetric private keys to get the symmetric session key
  5. Encryption with Session Key
    1. Server then sends a acknowledgment message encrypted using the session key
    2. This session key is used for all future encryption/decryption of messages exchanged between the client and server and vice versa

Process to get a certificate

  1. Browser these days come with a list of trusted certificates signed by different CA authorities.
  2. Server first creates a CSR (Certificate Signing Request) which in turn creates public/private key
  3. The Server then sends CSR datafile + public key to the CA (Certificate Authority)
  4. The CA uses the data file to create the data structure
  5. SSL certificate is now issued to the server
  6. The server should now install the Certificate Authority Root Certificate
  7. Intermediate Certificate Authority certificates is also installed. This is required for establishing the credit-ability between SSL certificate and CA Root certificate
  8. SSL Certificate –> Digitally signed by CA Authority
  9. These are trusted by all major browsers.

Chain of Certificate

Root CA Certificate —> Intermediate Certificate –> SSL Certificate


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Cheat Sheet To JAVA Latest Technology

%d bloggers like this: