Use this information to learn how to use certificates
so that your applications can establish secure communication sessions.
You can use digital certificates to
configure applications to use the Secure Sockets Layer (SSL) for
secure communications sessions. To establish an SSL session, your server always
provides a copy of its certificate for validation by the client that requests
a connection. Using an SSL connection:
- Assures the client or end-user that your site is authentic.
- Provides an encrypted communications session to ensure that data that
passes over the connection remains private.
The server and client applications work together as follows to ensure data
security:
- The server application presents the certificate to the client (user) application
as proof of the server's identity.
- The client application verifies the server's identity against a copy of
the issuing Certificate Authority (CA) certificate. (The client application
must have access to a locally stored copy of the relevant CA certificate.)
- The server and client applications agree on a symmetric key for encryption
and use it to encrypt the communications session.
- Optionally, the server now can require the client to provide proof of
identify before allowing access to the requested resources. To use certificates
as proof of identity, the communicating applications must support using certificates
for user authentication.
SSL uses asymmetric key (public key) algorithms during SSL initial processing
to negotiate a symmetric key that is subsequently used for encrypting and
decrypting the application's data for that particular SSL session. This means
that your server and the client use different session keys, which automatically
expire after a set amount of time, for each connection. In the unlikely event
that someone intercepts and decrypts a particular session key, that session
key cannot be used to deduce any future keys.