SSL

From Hackepedia
Jump to: navigation, search

Originally created by the people at Netscape, the Secure Socket Layer (SSL) has been adopted as a standard for transfering data over the internet. If you've ever been to a website where the URL starts with https:// instead of the typical http://, you are using SSL. This means there is an encrypted tunnel between you and the remote machine, so everything transferred can not be read trivially if someone is sniffing. You will want to install SSL on your webserver if you intend on allowing users to register for anything on your website.

Only enter personal information or credit card information into a website that is using https:// in the URL, this is covered in the User Registration process.

To get an idea of what happens behind the scenes when you surf the web using your browser to an SSL website:

$ openssl s_client -connect http://www.example.com:443

SSL can be used for almost any transport layer protocol, but http is the most common.

In the case of websites, there can be some confusion over what hostnames ("CommonName" in the certficate parlance) are covered by a certificate issued for a given domain. This table should help to clarify things:

Desctiption of SSL certificate and domain interactions
CommonName listed on certificate
Hostname domain.com *.domain.com alpha.domain.com
domain.com Yes No No
alpha.domain.com No Yes Yes
beta.domain.com No Yes No