TLS
TLS/SSL functions by a combination of a public certificate and a private key.
- The SSL key is kept secret on the server and encrypts content sent to clients.
- The SSL certificate is publicly shared with anyone requesting the content. It can be used to decrypt the content signed by the associated SSL key.
TLS consists of two phases:
- secure connection establishment
- the use of that encrypted channel for further communication.
A TCP handshake and connection must be established before messages to create a TLS connection are exchanged.
- the handshake is done in one round trip.
- after the first two steps, all messages are encrypted.
TLS involves public-key cryptography to establish a shared secret that is then used to encrypt future communication
TLS (Transport Layer Security) replaced SSL (Secure Sockets Layer), which is deprecated
spec:TLS is an agreement (protocol) between 2 IP addresses (your own and the web server you are connecting to).
Certificates are bound to domain names instead of IP addresses, so the "Not Secure" (ERR_CERT_COMMON_NAME_INVALID
) warning will still appear if you connect via an IP address.
SSL Termination
- the act of data reaching the end of the SSL chain and getting decrypted (or offloaded) so the recipient can read the data.
- happens at the server-side of an SSL connection
- SSL termination helps speed the decryption process and reduces the processing burden on backend servers.
Wildcard SSl Certificate
a single ssl certificate that lets us have SSL on any *.mydomain.com
UE Resources
A common scenario is that we run our REST API behind a reverse proxy. Among other reasons, we might want to do this so our API server is on a different network/IP than our front-end application. Therefore, we can secure this network and only
Children