A
symmetric encryption algorithm such as DES or RC4 is then used with the negotiated key to encrypt
the data transmitted during the session. The use of asymmetric encryption during the handshaking
phase allows safe communication without the use of a preshared key, and the symmetric encryption
is faster and more practical for use on the session data.
For the client to verify the identity of the server, the server must have a previously generated private
key, as well as a certificate containing the public key and information about the server. This
certificate must be verifiable using a public key that is known to the client.
Certificates are generally digitally signed by a third-party certificate authority (CA) that has verified
the identity of the requester and the validity of the request to have the certificate signed. In most
cases, the CA is a company that has made arrangements with the Web browser vendor to have its
own certificate installed and trusted by default client installations. The CA then charges the server
operator for its services.
Commercial certificate authorities vary in price, features, and browser support, but remember that
price is not always an indication of quality. Some popular CAs include InstantSSL (www.instantssl
.com), Thawte (www.
Pages:
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231