Implementation Guide › Changing Communication Encryption Methods › SSL, Authentication, and Certificates

SSL, Authentication, and Certificates

Secure Sockets Layer (SSL), including TLS, provides communications between computer programs. SSL helps ensure that communications have the following properties:

• The participants in the communication are authenticated, that is, the participants in the communication are the programs, or users, that they purport to be.
• The data is securely encrypted, and only the participants can read it.

Participants authenticate each other by using X.509 certificates. An X.509 certificate is an electronic document that links the certificate owner's address with a public key. The certificate is not forgeable.

SSL works on a client/server model and uses PKI (public key infrastructure Public Key Infrastructure (PKI) is the technology and set of procedures that uses public keys and certificates issued by trusted certificate authorities to provide secure authentication between computers.). When a client receives an X.509 certificate from a server, it checks if the certificate is valid. If the certificate is valid, the client knows that the server is the program or user that it purports to be, so the server is authenticated. Also, if the client uses the certificate's public key to encrypt data, only the server can decrypt that data, so the data is secure. Conversely, the server uses the X.509 certificate it receives from a client in the same way.