Digital certificates for SSL secure communications
Use this information to learn how to use certificates so that your applications can establish secure communication sessions.
You can use digital certificates to configure applications to use the Secure Sockets Layer (SSL) for secure communications sessions. To establish an SSL session, your server always provides a copy of its certificate for validation by the client that requests a connection. Using an SSL connection:
- Assures the client or end-user that your site is authentic.
- Provides an encrypted communications session to ensure that data that passes over the connection remains private.
The server and client applications work together as follows to ensure data security:
- The server application presents the certificate to the client (user) application as proof of the server's identity.
- The client application verifies the server's identity against a copy of the issuing Certificate Authority (CA) certificate. (The client application must have access to a locally stored copy of the relevant CA certificate.)
- The server and client applications agree on a symmetric key for encryption and use it to encrypt the communications session.
- Optionally, the server now can require the client to provide proof of identify before allowing access to the requested resources. To use certificates as proof of identity, the communicating applications must support using certificates for user authentication.
SSL uses asymmetric key (public key) algorithms during SSL initial processing to negotiate a symmetric key that is subsequently used for encrypting and decrypting the application's data for that particular SSL session. This means that your server and the client use different session keys, which automatically expire after a set amount of time, for each connection. In the unlikely event that someone intercepts and decrypts a particular session key, that session key cannot be used to deduce any future keys.
Parent topic:
Planning for DCMRelated concepts
Digital certificates for user authentication