L20. How are certificates used to secure WWW? Flashcards
What is the purpose of certificates?
Certificates ensure that data transmitted between clients and servers is encrypted and that the entities involved in the communication are authenticated.
How are certificates used to secure web communication?
Through the use of SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols, which rely on digital certificates issued by trusted Certificate Authorities (CAs).
What is a CA?
A Certificate Authority, a trusted entity that issues Secure Sockets Layer (SSL) certificates
What is a certificate?
A digital certificate is an electronic document that uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so on.
How are certificates issued?
Certificates are issued by CAs, which verify the identity of the certificate holder before issuing the certificate.
What do web browsers use certificates for?
Authenticating content sent from web servers, ensuring trust in content delivered online. When a web browser connects to a server, the server presents its digital certificate to the browser. This certificate contains the server’s public key and is signed by a CA.
What is a PKI?
A public key infrastructure, a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
How does a client check the validity of a certificate?
- By ensuring it is signed by a trusted CA.
- By verifying that the certificate has not expired.
- By checking the certificate against the CRL to ensure it hasn’t been revoked.
- By validating the domain name matches the certificate’s subject.
What happens after the browser has validated the server’s certificate?
If the certificate is valid, the client trusts that the server is legitimate. The client then uses the server’s public key from the certificate to encrypt a randomly generated session key. This session key will be used for symmetric encryption during the communication session.
The server decrypts the session key using its private key. Both the client and server now share this session key, which is used to encrypt and decrypt data exchanged during the session. Symmetric encryption is preferred for the actual data transmission because it is faster than asymmetric encryption.
Name three benefits of using certificates
- Encryption: Certificates enable the use of strong encryption, which ensures that data transferred between the client and server remains confidential and cannot be intercepted or read by unauthorized parties.
- Authentication: Certificates authenticate the identity of the server (and potentially the client, in mutual TLS), ensuring that users are communicating with the legitimate server rather than an imposter.
- Integrity: Certificates and SSL/TLS protocols ensure data integrity. Data sent over an encrypted connection cannot be altered without detection, as the encryption algorithms include mechanisms to verify that the data has not been tampered with.
