C: Networking and Security
EDS Device Servers User Guide 142
How SSL Works
SSL uses cryptography to deliver authentication and privacy to message transmission
over the Internet. SSL permits the communication of client/server applications without
eavesdropping and message tampering.
SSL runs on layers between application protocols (HTTP, SMTP, etc.) and the TCP
transport protocol. To set up an SSL connection, a TCP/IP connection must be
established first. The SSL connection sets up a secure channel within the TCP/IP
connection in which all traffic between the client and server is encrypted. All the calls
from the application layer to the TCP layer are replaced with calls to the SSL layer, with
the SSL layer handling communication with the TCP layer.
SSL is most commonly used with HTTP (thus forming HTTPS). Web sites protected by
SSL start with a URL that begins with “https” and displays a padlock icon at the bottom of
the page (and for Mozilla Firefox in the address bar as well).
When a Web browser accesses a domain secured by SSL, an SSL handshake
authenticates the server and client, and establishes an encryption method and a unique
session key. Once this handshake has been completed, the client and server can begin a
secure session that guarantees message privacy and message integrity.
SSL uses Digital-Certificate technology to identify target servers reliably and uses
encryption to protect the confidentiality of information passing between client and server.
You can configure the EDS to use an SSL certificate for the HTTP server. The certificate
can be created elsewhere and uploaded to the EDS, or it can be automatically generated
as a self-signed certificate on the EDS. For more information about uploading a new
certificate or create a new self-signed certificate, see SSL on page 92.
Note: When uploading the certificate and the private key, be sure the private key
is not compromised in transit.
The following steps summarize how SSL works:
1. A client contacts a server secured by SSL.
2. In response to the client request, the server sends its certificate to the client.
3. The client generates a master key, which it encrypts with the server's public key and
transmits the encrypted master key back to the server.
4. The server recovers the master key and authenticates itself to the client by returning
a message authenticated with the master key. Subsequent data is encrypted and
authenticated with keys derived from this master key.
Digital Certificates
Authentication with SSL is achieved with a Digital Certificate issued and signed by a
Certificate Authority (CA) and stored on the server. Without a certificate signed by a CA,
the server cannot be reliably identified to the client, yet a connection can still proceed if
allowed.
The Digital Certificate resides on a secure server and is used to encrypt data and identify
the Web site. The Digital Certificate verifies that a site belongs to who it claims to belong
to and contains information about the certificate holder, the domain that the certificate
was issued to, the name of the Certificate Authority who issued the certificate, the root
and the country it was issued in. In addition to proving the veracity of a site, the Digital