How Does SSL Work? Step 1

Quick SSL Fact:SSL authentication assures authentication on both ends. It not only encrypts the data but determines whether or not each party (server and client) has the expected authentication.

Though secure certificates can be created independently, getting a secure certificate from a validated certificate authority helps to ensure the parties are trusted.

Can I get an SSL Certificate for an IP address?

This question comes up from time to time where a site would like to have secure access but does not want to use a domain name.

The answer we have at this time is that you can get an SSL certificate for an IP address (entering the IP address anywhere that it asks for FQDN) however the IP address must be registered to the entity requesting the certificate. This means that you most likely would not be able to do this with a Web Trust approved certificate authority since most web site hosting companies have their IP addresses registered to them (the hosting company). Contact your hosting company to discuss IP ownership. You may also want to look into generating your own non-CA certificate.


How does ssl work?
Detailed SSL – Step 1 Determine Secure Communication
( updated 2004-01-15 )

This is page 2 of our SSL articles. You can go back to the SSL overview by clicking here.

Internet communication typically runs through multiple program layers on a server before getting to the requested data such as a web page or cgi scripts.The outer layer is the first to be hit by the request. This is the high level protocols such as HTTP (web server), IMAP (mail server), and FTP (file transfer).Determining which outer layer protocol will handle the request depends on the type of request made by the client. This high level protocol then processes the request through the Secure Sockets Layer. If the request is for a non-secure connection it passes through to the TCP/IP layer and the server application or data.If the client requested a secure connection the ssl layer initiates a handshake to begin the secure communication process. Depending on the SSL setup on the server, it may require that a secure connection be made before allowing communication to pass through to the TCP/IP layer in which case a non-secure request will send back an error asking for them to retry securely (or simply deny the non-secure connection).

This is a good time to answer a question we periodically get: “what does ssl encrypt?”

This question is usually geared toward whether or not the path and query string is encrypted in an HTTPS “get” request (this is where form field responses or program variables are tagged on to the end of the url). These fields are stripped off of the URL when creating the routing information in the https packaging process by the browser and are included in the encrypted data block.

The page data (form, text, and query string) are passed in the encrypted block after the encryption methods are determined and the handshake completes.

A related issue that frequently comes up is whether or not form data is transmited with encryption if the blank form is displayed without https. If the form “action” is set to use https then the ssl handshake will take place before the data is sent. Whether or not the original form is displayed using https has little to do with the form submission unless the form action uses a relative path, in which case the default will be to use the protocol that was used to display the form.

This applies to both the request and the response.