B: Networking and Security
IntelliBox-I/O 2100 User Guide
164
How SSL Works
SSL uses cryptography to deliver authentication and privacy to message transmission
over the Internet. SSL permits the communication of client/server applications without
eavesdropping and message tampering.
SSL runs on layers between application protocols (HTTP, SMTP, etc.) and the TCP
transport protocol. To set up an SSL connection, establish a TCP/IP connection first. The
SSL connection sets up a secure channel within the TCP/IP connection in which all traffic
between the client and server is encrypted. All the calls from the application layer to the
TCP layer are replaced with calls to the SSL layer, with the SSL layer handling
communication with the TCP layer.
SSL is most commonly used with HTTP (thus forming HTTPS). Web sites protected by
SSL start with a URL that begins with “https” and displays a padlock icon at the bottom of
the page (and for Mozilla Firefox in the address bar as well).
When a web browser accesses a domain secured by SSL, an SSL handshake
authenticates the server and client, and establishes an encryption method and a unique
session key. Once this handshake has been completed, the client and server can begin a
secure session that guarantees message privacy and message integrity.
SSL uses Digital-Certificate technology to identify target servers reliably and uses
encryption to protect the confidentiality of information passing between client and server.
You can configure the IntelliBox to use an SSL certificate for the HTTP server. The
certificate can be created elsewhere and uploaded to the IntelliBox, or it can be
automatically generated as a self-signed certificate on the IntelliBox. For more
information about uploading a new certificate or create a new self-signed certificate, see
SSL
.
Note:
When uploading the certificate and the private key, be sure the private key
is not compromised in transit.
The following steps summarize how SSL works:
1. A client contacts a server secured by SSL.
2. In response to the client request, the server sends its certificate to the client.
3. The client generates a master key, which it encrypts with the server's public key and
transmits the encrypted master key back to the server.
4. The server recovers the master key and authenticates itself to the client by returning
a message authenticated with the master key. Subsequent data is encrypted and
authenticated with keys derived from this master key.
Digital Certificates
Authentication with SSL is achieved with a Digital Certificate issued and signed by a
Certificate Authority (CA) and stored on the server. Without a certificate signed by a CA,
the server cannot be reliably identified to the client, yet a connection can still proceed if
allowed.
The Digital Certificate resides on a secure server and is used to encrypt data and identify
the web site. The Digital Certificate verifies that a site belongs to who it claims to belong
to and contains information about the certificate holder, the domain that the certificate
was issued to, the name of the Certificate Authority who issued the certificate, the root
and the country it was issued in. In addition to proving the veracity of a site, the Digital
Содержание I/O 2100
Страница 1: ...Part Number 900 474 Revision B March 2012 IntelliBox I O 2100 User Guide ...
Страница 36: ...5 Getting Started IntelliBox I O 2100 User Guide 36 Figure 5 1 Lantronix DeviceInstaller ...
Страница 86: ...9 Services Settings IntelliBox I O 2100 User Guide 86 Figure 9 7 HTTP Configuration Page ...
Страница 95: ...10 Security Settings IntelliBox I O 2100 User Guide 95 Figure 10 1 SSH Server Host Keys Page ...
Страница 123: ...12 Advanced Settings IntelliBox I O 2100 User Guide 123 Figure 12 3 Email Configuration Page ...
Страница 182: ...E Isolated I O Specifications IntelliBox I O 2100 User Guide 182 Figure C6 Relay Contact position when energized ...