A certificate is used to ascertain the identity of the servers and also to encrypt the connection between a client and a server.
Types of encryption:
For the symmetric encryption, the same key is used to encrypt and decrypt the data, so the key is shared across the network between the communicating parties.
The asymmetric encryption uses two set of encryption keys, a private and a public key.
The public key is used to encrypt the data that could only be decrypted using the private key.
Generating the encryption keys:
We generate a private and a public key using the below command on our machine:
We get two files:
Private key : id_rsa
Public key :id_rsa.pub
We then authorize access from our machine to the server by asking the admin of the server to add our public key to the "/.ssh/authorized_keys" file on the server.
To access the server, we use:
The location of the id_ras file is usually "~/.ssh/id_rsa".
Openssl for the http protocol:
We use the below command to generate a public/private key pair on the server:
my_key.key : the private key.
my_key.pem : the public key.
The user gets the public key from the server.
The user encrypts the symmetric key using the server public key, and sends the symmetric key to the server The server de-crypts the data using the private key, and gets the symmetric key.
To be sure that we are communicating with the right server, certificates are used. Certificates have information about the public key, the issuer (organization) of the certificate,..... CAs or certificate authorities (symantec, Digicert,...) for example, are the issuer of the certificates.
We could issue a certificate and send it to the CA, the CA checks the authenticity of the information and signs the certificate. The certificates also have a public and a private key pair.
The CA sign their certificate with the private key.
The server sends the public key with a certificate, the public keys of the CAs live in the browser.
The browser uses these public keys to validate the authenticity of the certificate.
We are all familiar with the below messages that our browser displays when it can't verify the authenticity of a certificate.