Menu
I'm kinda confused. If SSL certificates help to indentify that you are connected to a trusted server, then why is it necessary to use an encrypted ( HTTPS ) connection ? Can I use SSL certificates for HTTP connections?
671
Without HTTPS, any data passed is insecure. This is especially important for sites where sensitive data is passed across the connection, such as eCommerce sites that accept online card payments, or login areas that require users to enter their credentials.
You CAN'T use https without any certificate. You need either to buy a trusted certificate or create a self-signed one for testing. Part of configuring your web server to use https is to point it to the correct key files. Of course, this applies to all web servers not only to iis.
You should always protect all of your websites with HTTPS, even if they don't handle sensitive communications.
HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate.
There's a misconception here. Certificates are not SSL. It's SSL that uses certificates, but certificates were born before SSL. Consequently yes, you can use X.509 certificates without SSL (you can sign the request and put the signature to, for example, HTTP headers). You can use certificates with SSL but without SSL encryption (some of NULL ciphersuites).
The convenience of SSL/TLS is that it's a standard, i.e. it's widely recognized and strictly defined, while with other schemes you'd need to implement something homemade. Yet I can remind you of WS-Security standard which does exactly what you are asking about -- when you send the request to the web server via HTTP and utilize WS-Security, you get certificate authentication without SSL (via plain HTTP).
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
