Listen to this Post
💡An SSL (Secure Sockets Layer) certificate is a digital certificate that provides authentication for a website and enables an encrypted connection. It is a critical component for establishing secure communications over the internet.
1. Establishing Identity
🔦When a website owner purchases an SSL certificate, they must go through a validation process. This process can vary in rigor depending on the type of SSL certificate (e.g., Domain Validation, Organization Validation, or Extended Validation). The certificate provides assurance to visitors that they are communicating with the legitimate website.
2. Public and Private Keys
🔦SSL certificates work using a pair of cryptographic keys:
– Public Key: This key is included in the SSL certificate and can be shared with anyone.
– Private Key: This key is kept secret and is known only to the server. It is used to decrypt information that has been encrypted with the public key.
3. The SSL Handshake
🔦When a user attempts to connect to a website secured with SSL (via HTTPS), the following process occurs:
– Client Hello: The client (user’s browser) sends a request to the server, indicating that it wants to establish a secure connection. It includes the SSL/TLS version, the cipher suites supported, and a randomly generated number.
– Server Hello: The server responds with its own randomly generated number, selects a cipher suite from the client’s list, and sends its SSL certificate (which contains the public key) to the client.
– Certificate Verification: The client verifies the server’s SSL certificate against trusted Certificate Authorities (CAs). If the certificate is valid and trusted, the process continues.
– Pre-Master Secret: The client generates a pre-master secret, encrypts it with the server’s public key, and sends it to the server.
– Session Keys Creation: Both the client and server use the pre-master secret along with the randomly generated numbers to create session keys, which will be used for encrypting the data transmitted during the session.
– Secure Connection Established: Once the keys are established, both parties send a “Finished” message to indicate that the handshake is complete, and the secure connection is established. From this point on, all data transmitted between the client and server is encrypted.
4. Data Encryption
🔦The session keys created during the handshake process are used to encrypt and decrypt the data exchanged between the client and the server. This ensures that even if the data is intercepted, it cannot be read without the corresponding session key.
5. Session Termination
🔦When the session ends, the session keys are discarded. If the client wants to reconnect later, a new SSL handshake will occur, and new session keys will be generated.
# You Should Know:
How to Check SSL Certificate Details in Linux
openssl s_client -connect example.com:443 -servername example.com | openssl x509 -noout -text
This command retrieves the SSL certificate details of example.com.
### **Generating a Self-Signed SSL Certificate**
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
This generates a self-signed certificate valid for 365 days.
### **Testing SSL/TLS Protocols with OpenSSL**
openssl s_client -connect example.com:443 -tls1_2
Tests if the server supports TLS 1.2.
### **Verifying Certificate Chain**
openssl verify -CAfile ca-bundle.crt cert.pem
Ensures the certificate is properly chained to a trusted CA.
### **Extracting Public Key from Certificate**
openssl x509 -in cert.pem -pubkey -noout > pubkey.pem
### **Checking SSL Certificate Expiry**
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates
### **Windows: Checking SSL Certificate via PowerShell**
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; Invoke-WebRequest -Uri "https://example.com"
### **Enforcing HTTPS in Apache**
<VirtualHost *:80> ServerName example.com Redirect permanent / https://example.com/ </VirtualHost>
### **Configuring SSL in Nginx**
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
}
### **Testing SSL Labs Rating**
Visit: https://www.ssllabs.com/ssltest/
# What Undercode Say:
SSL certificates are essential for secure web communications. They encrypt data, verify server identity, and prevent man-in-the-middle attacks. Understanding how SSL works helps in troubleshooting and securing web applications. Always ensure certificates are up-to-date and use strong encryption protocols like TLS 1.2 or higher.
# Expected Output:
Certificate: Data: Version: 3 (0x2) Serial Number: 1234567890 (0x499602d2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=R3 Validity Not Before: Jan 1 00:00:00 2023 GMT Not After : Jan 1 00:00:00 2024 GMT Subject: CN=example.com X509v3 extensions: X509v3 Subject Alternative Name: DNS:example.com, DNS:www.example.com
References:
Reported By: Sina Riyahi – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅



