Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home cybersecurity and cyber warfare encryption A quick introduction to SSL/TLS encryption: understanding certificates and key pairs
A quick introduction to SSL/TLS encryption: understanding certificates and key pairs

Cloud Insidr 2017-10-20 1 Comment

A quick introduction to SSL/TLS encryption: understanding certificates and key pairs

Confused about SSL/TLS certificates? Here is a quick and dirty introduction to SSL/TLS encryption.

Secure Sockets Layer/Transport Layer Security (SSL/TLS) serves two purposes:

  • securing network communications between two parties
  • establishing the identity of the party which serves the other party a certificate.

SSL/TLS connections rely on the existence of a key pair.

SSL/TLS keys

An SSL/TLS key pair consists of a private key and a public key. These two keys are related to one another by means of a cryptographic algorithm. The private key is “private” to the server which receives the incoming SSL/TLS connection and must be kept secret. The server introduces itself to the client by handing over its certificate. The certificate is a signed (“certified”) container that includes the server’s public key.

SSL/TLS certificates

In order to ensure the authenticity of the public key that is contained in a certificate, the key must be signed by a trustworthy 3rd party party, a Certificate Authority (CA for short).

SSL/TLS certificates fall into one of two categories:

  • PFX (.pfx) certificates and
  • .cert certificates (.cert, .cer or .crt).

A .pfx file is a PKCS#12 archive.  A .pfx file typically contains a certificate (possibly with additional CA certificates) alongside the corresponding private key. It can also contain additional objects and offers an optional password protection. You would typically extract the certificate and the private key into separate files to use as needed.

A .cert (or .cer or .crt) file usually contains a single certificate, alone and without any wrapping (no private key, just the certificate); it also lacks password protection because there is nothing to protect (the public key does not need protecting).

Filed Under: cybersecurity and cyber warfare, encryption, Uncategorized Tagged With: encryption, SSL, TLS

Trackbacks

  1. What domains does Verisign own? - How Is What says:
    2022-09-26 at 12:00 pm

    […] https://www.cloudinsidr.com/content/ssl-tls-encryption-ssltls-certificates/ […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe

SSL/TLS Certificate Square (250 x 250)

Tag Cloud

AWS AWS Billing Dashboard AWS Config AWS Cost Explorer AWS EBS AWS Resource Explorer AWS Tag Editor AWS Trusted Advisor cipher suites cyber security Diffie-Hellman EBS EC2 ECDHE Five Eyes Alliance FLAME HSTS HTTP/2 Java Linux Log4j NGINX NVMe PHP RCE Route 53 SELinux SHA-1 SHA-2 SQL SSL TLS

Pearson Education (InformIT)

SSL/TLS Certificate Medium Rectangle (300 x 250)

©2022 CybrAnalytiqa OÜ

  • Content purchasing and syndication