What is SSL and Installing SSL on Local Server using Local CA
Introduction: This article will include the process to request and install the SSL certificate in the local server using the Local Certificate Authority. Basically, you will get to know what is SSL, and how does it work in a web browser, the need for an SSL certificate. So, we’ll be using windows server 2012 r2 as our machine to install the required SSL certificate.
What is SSL?
SSL certificates allow websites to move from HTTP to HTTPS, which is more secure. SSL certificate is a secure data file that is hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible so that the communication can take place with complete security and they contain the website’s public key and the website’s identity, along with related information. Devices that want to communicate with the webserver will reference this file to obtain the public key and verify the server’s identity. The private key is kept very secret and secure.
SSL is also likely called TLS, which is a protocol for encrypting Internet traffic and verifying server identity. Any website with an HTTPS web address uses SSL/TLS for secure communication.
How do we get SSL?
SSL Certificates must be issued from a trusted Certificate Authority (CA). Many Browsers, operating systems, and mobile devices maintain lists of trusted CA root certificates. Root Certificate must be present on other end user’s machine so as for the Certificate to be trusted. If it’s not trusted the browser will present untrusted error messages to the end-user. In most cases of e-commerce, such error messages end in an immediate lack of confidence within the website and organizations risk losing confidence and business from consumers.
Companies like Global Sign are referred to as trusted Certificate Authorities. This is mostly because the browser and OS vendors like Microsoft, Mozilla, Opera, Blackberry, Java, etc., trust that Global Sign is a legitimate Certificate Authority which it is relied on to issue trustworthy SSL Certificates. The more applications, devices, and browsers the Certificate Authority embeds its Root into, the higher “recognition” the SSL Certificate can provide.
Global Sign was established in 1996 in Europe and remains one of the longest-running Certificate Authorities within the region.
Working of SSL Certificate:
SSL Certificates use something called public-key cryptography.
This particular kind of cryptography harnesses the power of two keys which are long strings of randomly generated numbers. There are two keys public and the other is private. A public key is available in the public domain which is known to the server. It can be used to encrypt any message. If Person1 is sending a message to Person2 she will lock it with Person2’s public key but the only way it can be decrypted is to unlock it with Person2’s private key. Person2 is the only one who has his private key so Person2 is the only one who can use this to unlock Person1’s message. If a hacker intercepts the message before Person2 unlocks it, all they will get is a cryptographic code that they cannot break, even with the power of a computer. If we look at this in terms of a website, the communication is happening between a website and a server. Your website and server are Person1 and Person2.
Security Provided (Public and Private Key):
The keys include simple numbers that are combined with the regular message, commonly known as an algorithm- e.g., RSA, to either encrypt or sign the message.
Almost all encryption methods in use today employ public and private keys. This dual key method is considered to be much more secure than the old symmetrical key arrangement. In the case of the symmetrical key, a single key is used to encrypt or sign the message, and the same key is used to decrypt the message.
With both Public and Private keys, two keys are used that are mathematically related (they are a key pair) which are different. A message which is encrypted with a public key cannot be decrypted with the same public key. To decrypt the message, you require the private key.
A digital certificate provides a link between a public key and an entity (business, domain name, etc) that has been verified (signed) by a trusted third party ( A certificate authority).
Certificate Encodings and Files Extensions:
Certificates can be encoded as:
1. Binary files
2. ASCII (base64)files
Common file extensions in use are:
1) .DER
2) .PEM (Privacy Enhanced Electron Mail)
3) .CRT
4) .CERT
Steps to request and install the SSL certificate in IIS 8.5 using Local Certificate Authority:
1. Firstly, you need to install the ADDS and DNS services in the roles and features of your Windows Server 2012 R2.
2. After that you need to install the Active Directory Certificate Services with which you also have to install the Web Service IIS.
3. While selecting the ADCS, in the Role Services options select all the IIS options.
4. You need to configure your own local Certificate Authority to approve the SSL certificate.
5. While configuring your local CA you need to take care that you select the Enterprise setup type of CA, and the type of CA should be root.
6. You will be prompted to create a new private key where you need to mention the key length and the cryptography method. You also need to give a name for your local CA and then configure it.
7. With the help of the Internet Information Service (IIS) Manager you can request and install the SSL certificate from the created Local CA.
8. Through IIS you need to request a certificate to CA.
9. Once you get the certificate then you are good to go with a secure connection.
