Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home cybersecurity and cyber warfare encryption A quick introduction to SSL/TLS encryption: understanding certificates and key pairs
A quick introduction to SSL/TLS encryption: understanding certificates and key pairs

Cloud Insidr 2017-10-20 1 Comment

A quick introduction to SSL/TLS encryption: understanding certificates and key pairs

Confused about SSL/TLS certificates? Here is a quick and dirty introduction to SSL/TLS encryption.

Secure Sockets Layer/Transport Layer Security (SSL/TLS) serves two purposes:

  • securing network communications between two parties
  • establishing the identity of the party which serves the other party a certificate.

SSL/TLS connections rely on the existence of a key pair.

SSL/TLS keys

An SSL/TLS key pair consists of a private key and a public key. These two keys are related to one another by means of a cryptographic algorithm. The private key is “private” to the server which receives the incoming SSL/TLS connection and must be kept secret. The server introduces itself to the client by handing over its certificate. The certificate is a signed (“certified”) container that includes the server’s public key.

SSL/TLS certificates

In order to ensure the authenticity of the public key that is contained in a certificate, the key must be signed by a trustworthy 3rd party party, a Certificate Authority (CA for short).

SSL/TLS certificates fall into one of two categories:

  • PFX (.pfx) certificates and
  • .cert certificates (.cert, .cer or .crt).

A .pfx file is a PKCS#12 archive.  A .pfx file typically contains a certificate (possibly with additional CA certificates) alongside the corresponding private key. It can also contain additional objects and offers an optional password protection. You would typically extract the certificate and the private key into separate files to use as needed.

A .cert (or .cer or .crt) file usually contains a single certificate, alone and without any wrapping (no private key, just the certificate); it also lacks password protection because there is nothing to protect (the public key does not need protecting).

Filed Under: cybersecurity and cyber warfare, encryption, Uncategorized Tagged With: encryption, SSL, TLS

Trackbacks

  1. Cybersecurity comparison of AWS versus Microsoft Azure | Cloud Insidr says:
    2017-10-27 at 12:28 pm

    […] To ensure the security of data in transit, Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates come into play. They serve a twofold purpose. They are believed to secure network communications and they can establish the identity of the party presenting the certificate (for more on how this works, read A quick introduction to SSL/TLS encryption: understanding certificates and key pairs). […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Join Cloud Insidrs!

Symantec Code Signing (200x200)

Tag Cloud

automation AWS Azure Azure Active Directory Azure Arc Azure Lighthouse Azure Resource Manager certbot certificate clickjacking cron CSRF cyber security DD-WRT DNS over HTTPS DoH domain firmware Gemalto HPKP HSTS IAM letsencrypt log logs MFA MITM Netgear network router SELinux time stamp tip Whois WiFi x509 XSS
Secure Site with EV (160x600)

Pearson Education (InformIT)

Pearson Education (Peachpit)

Thawte Code Signing (200x200)

  • Content purchasing and syndication