RE: simple question again

Wed, 18 May 2005 13:51:23 -0700 

> Thanks to the both of you...Josh and Ken.
>
> My questions got answered and I have a better understanding.
>
> and now --
>
> So - I put SSL inside an i-frame and when the user comes into my website -
> accepts my certificate - from that point on all documentation sent either
> back and forth is encrypted or just validated only?
>
> Miles

        The particular pages or components retrieved over the SSL link (the one
retrieved through URLs beginning with 'https'), will be sent over encrypted
links. In addition, the endpoint will be validated. So that if you retrieve
'https://www.amazon.com/anything/goes/here', you will receive a warning if
it cannot be established that the data came from 'www.amazon.com'.

        When you generate a certificate, you do it as follows:

        1) You create a new random private key and public key.

        2) You generate a certificate request that includes the public key.

        3) You sign the certificate request with the private key (to prove that 
you
know it)

        4) You send the certificate request to a certificate authority.

        5) The certificate authority verifies the name you claim in the 
certificate
request to make sure it belongs to you. They verify that the request was
signed with the private key corresponding to the public key in the
certificate.

        6) The certificate authority issues a certificate that says that your 
name
is associated with your public key. They sign it with their public key.

        The certificate is generally considered public information. All it does 
is
convey the true fact that the certification authority has established that
the name in the certificate is the name of the holder of the private key
that corresponds to the public key in it.

        You can now prove that you are you by presenting the certificate and 
then
proving that you know the private key. This is usually done by challenging
you to sign something with it or decrypt something with it.

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to