Difference between revisions of "SSL"
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | Originally created by the people at Netscape, the Secure Socket Layer (SSL) has been adopted as a standard for transfering data over the internet. If you've ever been to a website where the URL starts with <nowiki>https://</nowiki> instead of the typical <nowiki>http://</nowiki>, you are using SSL. This means there is an encrypted tunnel between you and the remote machine, so everything transferred not be | + | Originally created by the people at Netscape, the Secure Socket Layer (SSL) has been adopted as a standard for transfering data over the internet. If you've ever been to a website where the URL starts with <nowiki>https://</nowiki> instead of the typical <nowiki>http://</nowiki>, you are using SSL. This means there is an encrypted tunnel between you and the remote machine, so everything transferred can not be read trivially if someone is [[sniffing]]. You will want to install SSL on your webserver if you intend on [[Registration:Host| allowing users to register]] for anything on your website. |
| − | Only enter personal information or credit card information into a website that is using <nowiki>https://</nowiki> in the URL, this is covered in the [[User | + | Only enter personal information or credit card information into a website that is using <nowiki>https://</nowiki> in the URL, this is covered in the [[Registration:User|User Registration]] process. |
To get an idea of what happens behind the scenes when you surf the web using your browser to an SSL website: | To get an idea of what happens behind the scenes when you surf the web using your browser to an SSL website: | ||
| − | $ openssl s_client -connect [[variables|http://www.example.com]]:443 | + | $ [[openssl]] s_client -connect [[variables|http://www.example.com]]:443 |
| + | |||
| + | SSL can be used for almost any transport layer protocol, but http is the most common. | ||
| + | |||
| + | In the case of websites, there can be some confusion over what hostnames ("CommonName" in the certficate parlance) are covered by a certificate issued for a given domain. This table should help to clarify things: | ||
| + | |||
| + | {| border="1" cellpadding="5" cellspacing="2" align="center" | ||
| + | |+ Desctiption of SSL certificate and domain interactions | ||
| + | |- | ||
| + | ! | ||
| + | ! colspan="3" | CommonName listed on certificate | ||
| + | |- | ||
| + | ! Hostname !! domain.com !! *.domain.com !! alpha.domain.com | ||
| + | |- align ="center" | ||
| + | ! domain.com | ||
| + | | Yes || No || No | ||
| + | |-align ="center" | ||
| + | ! alpha.domain.com | ||
| + | | No || Yes || Yes | ||
| + | |-align ="center" | ||
| + | ! beta.domain.com | ||
| + | | No || Yes || No | ||
| + | |} | ||
Latest revision as of 21:20, 8 March 2007
Originally created by the people at Netscape, the Secure Socket Layer (SSL) has been adopted as a standard for transfering data over the internet. If you've ever been to a website where the URL starts with https:// instead of the typical http://, you are using SSL. This means there is an encrypted tunnel between you and the remote machine, so everything transferred can not be read trivially if someone is sniffing. You will want to install SSL on your webserver if you intend on allowing users to register for anything on your website.
Only enter personal information or credit card information into a website that is using https:// in the URL, this is covered in the User Registration process.
To get an idea of what happens behind the scenes when you surf the web using your browser to an SSL website:
$ openssl s_client -connect http://www.example.com:443
SSL can be used for almost any transport layer protocol, but http is the most common.
In the case of websites, there can be some confusion over what hostnames ("CommonName" in the certficate parlance) are covered by a certificate issued for a given domain. This table should help to clarify things:
| CommonName listed on certificate | |||
|---|---|---|---|
| Hostname | domain.com | *.domain.com | alpha.domain.com |
| domain.com | Yes | No | No |
| alpha.domain.com | No | Yes | Yes |
| beta.domain.com | No | Yes | No |
