We know how important security is at all levels, and especially when it comes to communication between different systems across a network connection. In this case, there are technological standards that can come to our aid. And here we talk about SSL, TSL, HTTPS, certificates … But what is it all about?
In this article we’re going to understand together, starting from SSL, what are these security protocols and how they work.
Secure Sockets Layer (SSL) is the technological standard for the security and protection of sensitive data exchanged between two systems. Data is encrypted so that it cannot be read or modified by criminals or hackers.
Transport Layer Security (TLS) is the successor of SSL, it essentially consists of two layers: the TLS record and TLS handshake protocols, and is designed to provide privacy and data integrity between two or more communicating computer applications.
Both SSL and TLS are used in many applications, like email, instant messaging, and VOIP, even if the most evident and known use remains at the level of security in websites, with the HTTPS protocol.
A public key certificate, or digital (identity) certificate, is an is an e-document used for proving the property of a public key. It includes information about the key, the identity of the owner (certificate subject) and the digital signature of a Certificate Authority (CA) which has verified the content of the certificate itself.
Tipically, in email encryption a certificate’s subject is a person or organization, while in TLS it is a computer or another device, although this does not rule out that TLS certificates may also identify organizations or individuals in addition to their basic role concerning devices.
A certificate authority (CA) is an entity that issues digital certificates. A CA acts as a trusted third party by both the subject (owner) of the certificate and those who rely on it.
Certificate authorities can be commercial, like for example, IdenTrust, DigiCert or Sectigo (formerly Comodo CA) or non-profit, like for example Let’s Encrypt.
Key authentication is, simply put, the process that ensures that the key of an user “A” owned by user “B”, actually belongs to “A” and vice versa.
As we have seen, in a public-key infrastructure (PKI) system we have a Certificate Autorithy which acts as a trusted third party for the communicating users, and through specific encryption methods (such as digital signatures), ensures that both public keys belonging to each of the two parties, and presumably held by each other, are actually owned by them.
A root certificate is a public key certificate that identifies a root CA. It is self-signed and used to sign other certificates.
An intermediate certificate must be signed by another intermediate certificate or a root certificate. It is used to sign other certificates.
Server Name Indication (SNI) is an extension to the Transport Layer Security protocol with which a client specifies which hostname it is attempting to connect to at the beginning of the handshaking process. This allows a server to submit multiple certificates on the same IP address and TCP port number, allowing multiple secure (HTTPS) websites (or any other TLS service) to be served from the same IP address without the need to require all sites to use the same certificate.
You can learn more about SNI and how it works in Zimbra, by reading the following article: What is SNI in Zimbra OSE?