RIGHT Blogs                                                              

Enterprise Security – Part II – Validate the server (server side SSL)

Certificates are used for a variety of implementations to secure communication from any non intended third party. In this case we are discussing the most generic of the certificates commonly known - server based SSL (secure socket layer) certificate. The purpose of the certificate is to prove beyond doubt that the server is who we think it is. This kind of security is generally setup to work on a security port - usually tied to port 443 (note - it does not have to be) and supported by the browser as "https"; an extension to the standard http protocol.

When a request is initiated for a secure https based website, the website responds with a certificate signature which identifies who it is. The browsers by means of setup root certificate authority (the list of root security certificates is pretty limited), are able to verify the signature provided so we can be sure that the data that is passed from the client browser to the server is encrypted and not pry to any prying eyes.

Various aspects related to corporate root certificate authority, and secure communication based on SSL would be a good read.

Feel free to leave me your comments, or request any other types of security setup we can explore.