Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference between https protocol and SSL Certificate

What is difference between https protocol and SSL Certificate that we use in web browser?

Aren't both of these used to encrypt communication between client (browser) and server?

like image 859
user32262 Avatar asked May 13 '09 05:05

user32262


People also ask

What is SSL certificate and HTTPS?

SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website's origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website's public key and the website's identity, along with related information.

How are SSL and HTTPS related?

HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport Layer Security (TLS), although formerly it was known as Secure Sockets Layer (SSL). This protocol secures communications by using what's known as an asymmetric public key infrastructure.

Can you use SSL without HTTPS?

You can use certificates with SSL but without SSL encryption (some of NULL ciphersuites). The convenience of SSL/TLS is that it's a standard, i.e. it's widely recognized and strictly defined, while with other schemes you'd need to implement something homemade.

What are the differences between HTTP HTTPS SSL and TLS?

Let's recap. HTTPS is just the HTTP protocol but with data encryption using SSL/TLS. SSL is the original and now deprecated protocol created at Netscape in the mid 90s. TLS is the new protocol for secured encryption on the web maintained by IETF.


2 Answers

HTTPS is HTTP (HyperText Transfer Protocol) plus SSL (Secure Socket Layer). You need a certificate to use any protocol that uses SSL.

SSL allows arbitrary protocols to be communicated securely. It enables clients to (a) verify that they are indeed communicating with the server they expect and not a man-in-the-middle and (b) encrypt the network traffic so that parties other than the client and server cannot see the communication.

An SSL certificate contains a public key and certificate issuer. Not only can clients use the certificate to communicate with a server, clients can verify that the certificate was cryptographically signed by an official Certificate Authority. For example, if your browser trusts the VeriSign Certificate Authority, and VeriSign signs my SSL certificate, your browser will inherently trust my SSL certificate.

There's some good reading here: http://en.wikipedia.org/wiki/Transport_Layer_Security

like image 177
a paid nerd Avatar answered Sep 28 '22 01:09

a paid nerd


Two pieces of one solution.

https is the protocol that defines how the client and server are going to negotiate a secure connection.

The SSL Certificate is the document that they will use to agree upon the servers authenticity.

like image 29
John Weldon Avatar answered Sep 28 '22 02:09

John Weldon