New Training: Certificates and the PKI
In this 7-video skill, CBT Nuggets trainer Keith Barker discusses and demonstrates the functions and methods available with digital certificates, including the Public Key Infrastructure (PKI). Watch this new Cisco training.
Watch the full course: Cisco Certified CyberOps Associate
This training includes:
1.1 hours of training
You’ll learn these topics in this skill:
Intro to Digital Certificates and the PKI
Symmetrical vs Asymmetrical Encryption
Digital Certificates Overview
Creating an HTTPS Session Key
Public Key Infrastructure
Quiz and Review
The HTTPS Connection Process
Secure HTTP connections (HTTPS) are vital to the function of the Internet today. These secure connections are what allow safe communications between a computer and a web server for things like e-commerce. Let's explore how this connection works.
When a computer visits a website that has encryption enabled, that computer and the webserver go through a process called a 'handshake'. Technically, this is a 4-way handshake where both parties send information back and forth.
First, when the client computer lands on a website, the client sends over what it is capable of doing, and the server then decides and responds.
Then the client computer asks the web server to verify its identity. It does this in two ways. First, it examines the security certificate for a website to verify the information on that certificate matches the website. That certificate includes a public encryption key. So, the client sends a blob of data to the web server using that public encryption key to verify that it can decrypt it with its private encryption key.
Providing the web server can decrypt and verify that blob of data, the web server and client computer 'agree' on a session key. Unlike the asymmetric encryption scheme mentioned above, which proves the web server's identity that only allows one-way communication, the session key is a symmetric key. This allows two-way communication so the web server and client can talk to each other. Session keys change each time a client lands on that website and are not re-used except for when using TLS V1.3.
After that process is completed, a computer and a web server can speak to each other mostly in secret. Note that an HTTPS connection does not hide the metadata for packets being sent back and forth.