Deutsche Version | English version
Deutsche Version | English version
Status of a secure connection | Picture of a secure connection

Overview: The four distinct steps of certification

1. Key Generation & Certificate Request
2. Identity Checking
3. Certification (Root-CA Keys)
4. Directory Services

Prices

What do you try do here?

SSL is a TCP protocol replacement to provide encrpytion and optionally authentification. Everything send over such a channel is encryptet and in some cases one (or both) side knows that it is connected to the right counterpart.

Authentification can be done by key exchange during a personal contact or using certificates.

Certificates are issued by a Certification Authority (CA). What a CA checks, so what a certificate means, is codified in the policy of the CA. The other side obtains the CA key and the policy directly using other channels. Based on the policy everybody has to decide if he trusts the CA or not.

In order to establish a connection the starting client requests the public key and all the certificates from the server. It uses these certificates to check the binding between the public key and the server's name. In order to be not fooled it uses certificates only from trusted CAs.

If the client is satisfied, it opens the connection. If it is not satisfied it can still open it. Otherwise the client refuse it. Every connection is crypted independed is the client trusts the server or not.