SSL Certificates and It's Process
@amolkahat
Amol Kahat
- Associate Software Engineer at Red Hat India Pvt. Ltd.
- Python Developer
- Python Pune meetup Organizer
- Open Source contributer
Who am I?
Overview
Â
- What is Certificates?
- Types
- Cryptography
- CA Authority
- KRA, OCSP
- Process
- Working
- Sub CA's?
It is also known as
PKI
Certificate
is small file which include the cryptographic key a.k.a. (Public Key). It also include
- Version
- Serial
- Subject and Issuer
- Validity
- Usages
- Key Type
- Signing Algo.
Once Certificate
integrated with the server it's URL starts with https.
User knows that this site uses strong encryption to protect his data from the third party attackers.
Multiple types of Certificates
- Self Signed Certificates
- Extended Validation Certificates
- Server Certificates
Â
Certificate Types
Cryptography
- Symmetric Cryptography
- One key to encrypt data
- Asymmetric Cryptography
- Two keys
- Public Key to encrypt data
- Private Key to decrypt data
Process
User
- Need Public & Private Key
- Certificate Request, It includes
- Subject Name
- Public Key
- Validity
- Key Algorithm
- Signing Key
Process (Cont.)
Certificate Authority
- Check for the Certificate Request
- Approve, Reject, Cancel
- Have permission to modify CN,UID
- Have permission to modify Validity
- Can Sign the Certificate request
- Add usages and Policies
- CA Add signature and Issue certificate
DEMO
KRA
- Known as Key Recovery Authority
- Archives the Keys
OCSP
- Known as Online Certificate Status Protocol
- Give certificate status Information
- CA push CRL (Certificate Revocation List) to OCSP at particular time
- Reason why OCSP is CA can do other functionality and Load barring
Working
How certificates works?
- https://google.com ->
- <- Hello, Certificate
- Session Key,Change Cipher Spec ->
- <- Okey, Change Cipher Spec
DEMO
SubCA
- SubCA are intermediate CAs
- They are work like CA but under the RootCA
- They have same functionality as CA
- Exists because of PKI security
DEMO?
Thank You!!
Â
Â
Â
Â
Any Questions??