27Dec 2018

0

396

0

Secure Site and SSL Certificate

INTRODUCTION

Internet security is important for every business or firm that has an online presence, but various companies have various needs and compliance prerequisites. Customers are shrewd individuals and they dont just use websites to find out what you do; they also use them to discover who you are and whether youre trustworthy and reliable enough for them to hand over their hard-earned money to you.

Whether youre in ecommerce or electricals, holiday cottages or hedge funds, your website is one of your most vital business assets.

To transact business securely online, we need to transmit information between web sites and customers in such a way that other people or systems cant easily intercept and read it. Most internet traffic goes over the web in associated degree unencrypted kind. This means that anyone with spare technical expertise and tools will simply eavesdrop on the conversations between two parties.

What then is Secure Site SSL ?

You may have been asking yourself “what is SSL then”? SSL means Secure Sockets Layer. It is the ubiquitous security protocol used in nearly 100% of protected Internet transactions. Importantly, SSL changes a reliable protocol (such as TCP) into a secure communications channel suitable for conducting sensitive transactions. The SSL protocol defines the methods by which a secure communication channel can be created – it does not indicate which cryptographic algorithms need to be used. SSL supports many various algorithms, and serves as a framework whereby cryptography can be used in a convenient and dispersed manner.

Additionally, an SSL Certificate is a digital certificate that authenticates the identity of a Web site to visiting browsers and encrypts information for the server via an SSL technology.

A certificate serves as an electronic “passport” that creates an online entity’s credentials when doing business on the web. When an internet user attempts to send private details to a web server, the user’s browser will access the server’s digital certificate and creates a protected connection.

SSL security makes a website secured mainly in two ways:

  • On the one hand, it is to establish a secure (i.e., authentic and confidential) connection between the communicating peers.

  • On the other hand, it is to use this connection to securely transmit higher layer protocol data from the sender to the recipient. It therefore fragments the data into manageable pieces (called fragments), and processes each fragment individually. More specifically, each fragment is optionally compressed, authenticated with a MAC, encrypted, prepended with a header, and transmitted to the recipient. Each fragment that is treated and prepared this way is called an SSL record 1. On the recipients side, the SSL records must be decrypted, verified (with regard to their MACs), decompressed, and reassembled, before the data can be delivered to the respective higher layer — typically the application layer protocol.

Take for example, a customer wants to buy a costly piece of an electronic gadgets from an online retailer. The customer wants to make sure that he or she is really having a direct deal with the retailer before he inputs in a credit card number. Even if the credit card data is encrypted while in conveyance across the internet, if someone else is “hoaxing” the retailer’s website i.e pretending to be the retailer by putting up a fake site – clearly, the credit card may fall into the account of a criminal.

To prevent such is the need for a Secured Site SSL. SSL Certificates enables the digital proof that each party in a transaction is who they truly profess to be, and that the transaction is secured and result-proof.

When people can check and be sure of the safety of a site before visiting it and without any risk on their part, they are likely to click through, which not only increases your organic search traffic, but also elevates your rank in search engine.

How Does a Secured Site SSL Works Really?

Secured Site SSL sessions and connections are accountable, meaning that the client and server must keep some state information. It is in the call of the SSL Handshake Protocol to establish and coordinate (as well as possibly synchronize) this state on the client and server side, meanwhile allowing the SSL protocol state machines on either side to operate continuously. In a logic manner, the state is represented twice, once as the current state, and once as the pending state. Also, divers read and write states are maintained. So there is a total of four states that need to be engaged.

Secured Site SSL Protocols

SSL Protocols comprise the following:

  • Secured Site SSL Alert Protocol

The alert protocol is used to signal an error, or warning, term to the other party in the communication. Each alert signal carries an alert level and an alert description:

  • The alert level comprises of 1 byte, where the value 1 represents warning and the value 2 stands for fatal. For all errors response for which a particular alert level is not clearly specified, the sender may determine at its judgement whether it is fatal or not. Likewise, if an alert with an alert level of warning is received, the receiver may decide at its judgement whether to treat this as a fatal error.

  • The alert description also composes 1 byte, where a numeric code points at a specific situation.

  • Secured Site SSL Record Protocol

The SSL Record Protocol is used for the encapsulation of higher-layer protocol entry, and that it therefore breaks down the data into manageable pieces (called fragments), and processes each fragment individually.

In a Record Protocol — Fragmentation and cryptographic protection lead to data structures that are referred to as SSL Plaintext, SSL Compressed, and SSL Ciphertext in the SSL protocol specification. An lastly, an SSL record header is appended to the SSL Ciphertext structure to form an SSL record.

  • Secured Site SSL Handshake Protocol

The SSL Handshake Protocol is layered just ahead of the SSL Record Protocol. It allows a client and server to authenticate each other and to negotiate items like cipher suites and compression methods.

The SSL handshake protocol comprises four sets of messages — sometimes also termed flights11 that are exchanged between the client and server. Each set is usually transmitted in an exceedingly separate protocol phase.

Comments (0)

81ee05f2-6aa5-40ed-bbce-cf548675cc57