Join Sean Colins for an in-depth discussion in this video Trusted SSL vs. self-signed SSL, part of Understanding Secure Sockets Layer.
- Here in our introductory chapter I want to go through a fun little exercise where I'm going to try to explain quickly and clearly the difference between the different trust levels we have in our ecosystem of trust here. So, what are they? Well, we have public and private SSL that we need to explain, but before we talk about those, let's talk about people, right? Let's talk about trust starting from its most personal level, going all the way up to its most public. So personal trust, well that's going to be someone you know, maybe it's somebody who you even live in the same house with, right? You say, "Hey, I'm Sean." They say, "Well, yeah, of course you're Sean.
"Hi Sean." There's no ambiguity there, they know you. Done, right? What about private trust by association, right? This is where you are who you say you are and someone else needs to trust that you are who you say you are but they don't know you, okay. But maybe they trust someone else in the middle, right? So if I say, "I'm Sean and I'm an expert." And lynda.com says, "Hey, by the way, "you trust me and I'm out here specifically "because you trust me, offering you lots and lots "of experts, here's Sean, he's and expert." Well, you're going to trust lynda.com and by association, you're going to trust me, right? So what about public trust, right? What about where there is no association really.
It's more of a public thing where you don't have this "I know you" kind of thing going on. You've got more of a "I am gone, I'm out recording a title and I have to have all "of my mail collected by my post office." When I go back to collect my mail, "Hey can I have my mail?" The post office says, "Uh yeah, who are you?" They don't know me, but I can give them my driver's license. My driver's license was issued by the government and because the post office knows that the government has validated my name, and my address and lots of other information before giving me my driver's license, they can trust the driver's license in order to give me my mail.
Boom, done, right? Fantastic, transaction complete. Well, how does that translate to computers? It with computers, you can have personal trust at home, right, you've got one computer, you've got another computer, you send stuff back and forth. You really don't have to worry about security in that environment because it's all closed, right? You don't have anybody else on your network that you don't trust, these computers are just yours. Done, easy. But what about when you don't have that situation? What if you have a private situation like maybe it's a company, small company, maybe a large company, maybe a really big company.
Everybody needs to be able to trust each other but in some cases, people don't even know each other. But you as an administrator will have the ability, because you administer all of those systems to install software on all of those computers that tells them that they can trust each other. We call that software a certificate. You install a root level certificate that is of your own making on all of the computers and then any certificates that you make after that based on that root certificate will be able to chain back to that certificate to be trusted.
Very, very easy. Now, anybody on the outside of your network who you have not administered, will not have that same level of trust. But that's not what we're talking about. This is just private trust. So things can go back and forth, connections can be made, everybody's happy. Now, what if we are talking about public trust? What about that situation where you're this big server in the sky and somebody else has got to go shopping on your server? Well, you can't install a certificate on their machine before they make the connection to you.
That's not the way the time space continuum's working in this case. So, what do you do? Well, you get yourself a certificate and you get it signed by somebody that's trusted out there in the world, like Verisign or some other, Network Solutions, or GoDaddy or some other company that specializes in making certificates and being a trusted authority and because their trusted root certificates are pre-installed on every computer that's ever shipped, your certificate, that is signed by them will properly chain up the chain of command to their certificate that's pre-installed on your client's system, therefore whenever your client makes a connection through that certificate, you can send them stuff and everything works just great.
So as you can see, using a publicly trusted third party certificate authority, we're able to accomplish a publicly trusted, encrypted and verified transaction. So this is what SSL is all about and there is a difference, indeed, between publicly trusted certificates and privately trusted certificates. But as you'll see in movies to come, not as much of a difference as you might think.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.