A special request was made today: "How does SSL work? What is an SSL handshake?"
Here are some quick info.
SSL/TLS are protocols used for encrypting information between two points. It is usually between server and client, but there are times when server to server and client to client encryption are needed. For the purpose of this blog, I will focus only on the negotiation between server and client.
For SSL/TLS negotiation to take place, the system administrator must prepare the minimum of 2 files: Private Key and Certificate. When requesting from a Certificate Authority such as Symantec Trust Services, an additional file must be created. This file is called Certificate Signing Request, generated from the Private Key. The process for generating the files are dependent on the software that will be using the files for encryption.
For a list of the server softwares Symantec has, have a look at: Symantec CSR Generation
Note that although certifcates requested from Certificate Authorities such as Symantec are inherently trusted by most clients, additional certificates called Intermediate Certificate Authority Certificates and Certificate Authority Root Certificates may need to be installed on the server. This is again server software dependent. There is usually no need to install the Intermediate and Root CA files on the client applications or browsers.
Once the files are ready and correctly installed, just start the SSL/TLS negotiation by using the secured protocol. On browser applications it is usually https://www.yourwebsite.com.
Remember to use your secured website address. Above is just a sample address.
That will start the SSL/TLS negotiation:
Keys and Secrets during RSA SSL negotiation
The following is a standard SSL handshake when RSA key exchange algorithm is used:
Tools such as OpenSSL can be used check the SSL/TLS negotiations:
OpenSSL s_client -connect www.symantec.com:443 -state -ssl3
Loading 'screen' into random state - done
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
0 s:/22.214.171.124.4.1.3126.96.36.199.3=US/188.8.131.52.4.1.3184.108.40.206.2=Delaware/businessCategory=Private Organization/serialNumber=2158113/C=US/postalCode=94043/ST=California/L=Mountain View/street=350 Ellis Street/O=Symantec Corporation/OU=Corp Mktg & Comms - Online Exp/CN=www.symantec.com
There it is. SSL and SSL Negotiation summarized. Mission complete.
Now! Do Not Forget To Back Up Your Private Key and Certificate in a Secure place in case of system issues!
addtional Please have view on this article too.
Title: Updating or restoring a server certificate
Also please explain us the transfer w.r.t SSV3 vs TLS
This is a good introduction to how SSL and HTTPS work. For a deeper dive into the specifics i recomend this article http://blog.cluui.com/understanding-ssl-certificates-trust-and-verification/