No announcement yet.

SSL Certificates

  • Filter
  • Time
  • Show
Clear All
new posts

  • SSL Certificates

    Hello everyone,

    I would like to better understand SSL Certificates, as it has came up for work and I really do not know anything about them. Can anyone recommend a really good video or website that you use? I have been looking around on google but wanted to get some suggestions.

    Maybe even a quick run down here would be useful too. I understand that when a browser requests data from a website using https (443), the website is to offer its certificate. Why would some websites show up saying Untrusted Certificate? Can any website have a certificate, even though its not registered? If a website does not have a certificate set up, then https should return a page not found correct?

    What confuses me a little is that this is to set up an encrypted flow between your client and your web server. But how does it set up the "terms" for the methods it is to used? Is it based on what the browser can handle, or is it established in the certificate itself?

    Another question - SSL certs are not to stop end point users from accessing a server (like a password), but to stop a person in the middle from intercepting traffic, correct?
    Last edited by zang8027; 10th January 2013, 17:51.

  • #2
    Re: SSL Certificates

    If a browser shows a cert as untrusted it means that the cert wasn't not registered with a "known" and trusted CA (Certificate Authority like Verisign,Entrust,Godaddy etc..) Your browser has a container of "known" trusted CA's

    Devices such as servers, firewalls, routers can create a "self signed" certificate. It is a valid cert but it is not issued by a valid CA so your browser gives you that warning.

    SSL Certs are used to verify the server you are connecting to that they are who they say they are. When your browser connects to a secure site it asks that server to identify itself. The server sends its ssl cert over to the client who in turn checks to see if that certificate is "trusted". In really secure environments this exchange of certs can be done both ways.

    Here is a very quick explanation regarding SSL Session Keys from Keith Barker on youtube
    Last edited by auglan; 10th January 2013, 21:33.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)


    • #3
      Re: SSL Certificates

      What about start reading from here?
      Technical Consultant

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"