HTTPS
HTTPS stands for Hypertext Transfer Protocol over Secure Socket
Layer, or HTTP over SSL.
- SSL acts like a sub layer under regular HTTP application
- HTTPS encrypts an HTTP message prior to transmission and
decrypts a message upon arrival.
What are certificates?
For secure communication over untrusted networks we need to encrypt the
traffic. That is often done with SSL/TLS.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer
(SSL), are cryptographic protocols that provide secure communications on
the Internet for such things as web browsing, e-mail, Internet faxing, instant
messaging and other data transfers.
What is a Certification Authority?
For organizations and servers a hierarchical key system is invented,
where a "Certification Authority" (CA) can "sign" key-pairs for multiple
servers or users.
It means the CA confirms the authenticity of the keys and its holders.
If a computer / user trust this CA, they automatically trust all keys that were
signed by it.
In such a scenario we call the public keys "certificates".
HTTPS Transaction
HTTPS Transaction |
SSL as HTTP Security Concerns
Secure Sockets Layer technology protects Web site and makes it easy for Web site
visitors to trust in three essential ways:
Privacy
An SSL Certificate enables encryption of sensitive information during online
transactions.
Integrity
A Certificate Authority verifies the identity of the certificate owner when it is issued.
Authentication
Each SSL Certificate contains unique, authenticated information about the
certificate owner.
Web Server (www)
Is to serve www. (web sites)
Try them !
- Apache Web Server
very large and powerful, a lot of extensions
- Lighttpd
small but also provides some dynamic content
- Apache Tomcat
web server that provides servlet container (java servlets, jsp)
No comments:
Post a Comment