Enterprise Security – Part II – Validate the server
Continued from previous blog Enterprise Security – Part I – Login Validation
Certificates are used for a variety of implementations to secure communication from any non intended third party. In this case we are discussing the most generic of the certificates commonly known – server based SSL (secure socket layer) certificate. The purpose of the certificate is to prove beyond doubt that the server is who we think it is. This kind of security is generally setup to work on a security port – usually tied to port 443 (note – it does not have to be) and supported by the browser as “https”; an extension to the standard http protocol.
When a request is initiated for a secure https based website, the website responds with a certificate signature which identifies who it is. The browsers by means of setup root certificate authority (the list of root security certificates is pretty limited), are able to verify the signature provided so we can be sure that the data that is passed from the client browser to the server is encrypted and not pry to any prying eyes.
Various aspects related to corporate root certificate authority, and secure communication based on SSL would be a good read.
Please review the series with :
Follow the next blog at Enterprise Security – Part III – Validate the client (with certs)