HTTPS Explained
1. Connection Setup
-
The client (like your
web browser) wants to visit a secure website (likehttps//www.example.com) -
The client uses DNS (Domain Name System) to convert the domain name (
www.example.com) into the IP address of the server that hosts the website. -
The client establishes a connection to that IP address.
2. Trust Establishment (Role of CA)
-
The server sends back its SSL certificate. This is like an ID card for the website, and it’s issued by a trusted Certificate Authority (CA).
-
The client checks the certificate to make sure it’s valid and issued by a trusted CA. This is like checking the hologram and other security features on an ID card.
3. Key Exchange (Asymmetric Encryption)
-
The client uses the public key included in the server’s certificate to encrypt a secret key. This secret key is generated by the client for this specific session.
-
The client sends the encrypted secret key to the server.
-
The server uses its private key to decrypt the message from the client and get the secret key.
4. Secure Communication (Symmetric Encryption)
-
Both the client and the server now have the same secret key. They use this key to encrypt and decrypt the messages they send to each other.
-
This way, even if someone else is listening in on the network, they can’t understand the messages because they don’t have the secret key.
5. Connection Closure
- When the client and server are done communicating, they discard the secret key. If the client visits the website again later, a new secret key will be generated.
6. Summary
- DNS is used to find the IP address of the server
- CA is used to ensure trust in the server’s identity
- HTTPS (with the help of asymmetric and symmetric encryption) is used to secure the communication between the client and the server