What is SSL?
Secure Socket Layer(SSL) is an encryption technology that was created by Netscape. SSL creates an encrypted connection between the web browser and the web server. This helps is transmitting private information like credit card numbers,passwords etc through a secure channel without the problem of eavesdropping,message tampering etc.
To enable SSL on the webserver we need to get a SSL certificate that identifies the website. If the web server is SSL enabled ,we can access the webserver using https instead of http .Accessing websites with SSL certificate ensures that out data is encrypted and cannot be tampered by a third person.
How SSL works ?
Suppose a webserver wants to enable SSL then
1.The webserver produces a public and private key
2.The webserver contacts a trusted thrid party. This trusted third party checks whether the website(websever) is valid or not.
3.If it is valid then the trusted third party will give an SSL certificate.
Suppose a client wants to establish a SSL connection with the server
1.The client connects to the SSL port of the company.
2.The webserver then sends the certificate to the client and the client verifies it.Verification is as follows. The client has the public key of the trusted third party.It verifies the certificate of the server with the public key which the client has.
3. If the certificate is valid then the client choose an SSL cipher to use from the list of encryption methods provided by the server and generates a symmetric key.
4.The symmetric key is then send to the server by encrypting it with the public key of the server.
5.The server decrypts the symmetric key using its private key.
6.Further communication between the client and server happens through the symmetric key.
Setting up a https in Apache2 webserver in ubuntu 12.04(self signed certificate)
1.Create a self signed certificate
sudo make-ssl-cert generate-default-snakeoil-force-overwrite
2. next we need to activate ssl module
sudo a2enmod ssl
3.Next we need to activate default ssl virtual host
sudo a2ensite default-ssl
4.restart apache
sudo /etc/init.d/apache2 restart
if you encounter this error
Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
Then enter the following
sudo sh -c 'echo "ServerName localhost" >> /etc/apache2/conf.d/name' && sudo service apache2 restart
Open Browser then in address bar type "https://locahost/".In the address bar you can see a lock symbol in firefox or a cross symbol above the lock in google chrome
No comments:
Post a Comment