Secure Sockets Layer (SSL) provides secure connections by allowing two applications connecting over a network connection to authenticate the other's identity and by encrypting the data exchanged between the applications. A server identity is verified by three components: Private Key, Digital Certificate and Trusted Certificate Authority.
SSL uses public key encryption technology for authentication. The public key is embedded into a digital certificate with additional information describing the owner of the public key, such as name, street address, and e-mail address. SSL Certificates are based on the DSA signature and the RSA algorithms for public-key cryptography according to PKCS algorithms. The certificate format depends on the application, as there is no agreement on file format standards. Private keys are usually available in the PEM (Privacy Enhanced Mail) and DER (Distinguished Encoding Rules) formats, and Certificates are available in the PEM, DER and PKCS12 file formats. A certificate file is an an ASN.1 encoded object that my be encrypted with DES or 3DES.
A .pem format file supports multiple digital certificates. The files in the order of trust is important. The server digital certificate should be the first digital certificate in the file, the issuer of that digital certificate should be the next file and so on until you get to the root certificate authority certificate.
A .der format file contains binary data, and it can only contain single certificate.
Comments
Add new comment