User wants to access ecommerce portal, opens the login page and enters the username and password in login page. The website urls itself has the public key and ssl/tls certificates attached via signed by a certificate authority like digicert or GlobalSign.We can confirm by looking at the browser search bar the lock icon. Click on it and click the connection secure you will find the details of the SSL/TLS certificate details the website being used. The web browser will check that the connection is security showing the lock icon in search bar. The certificate contains lots of information like public key, issuer name, the Validity of certs,What encryption algo is being used mostly RSA, size of the public key,Fingerprints, Serial number, Certificate policies etc.
The credentials are crypted with the public key then send over the internet. The origin webserver receives the encrypted data it decrypts with the private key it holds.
Lets dive deep into it.
Open the terminal type the openssl below command.It will generate a traffic.key file which is the private key file. From this generate the public key using the openssl command. Now the traffic.key is public key and traffic_pub.pem is private key
# generate private key of size 1024
openssl genrsa -out traffic.key 1024
# generate public key for the public key
openssl rsa -in traffic.key -pubout > traffic_pub.pem
# certificate signing request
openssl req -new -key traffic.key -out my-cert.csr -subj "/C=US/ST=CA/O=MyOrg, Inc./CN=mydomain.com"
# after this the Certificate authority team validates and sign with their private key making sure it is valid.
The DevOps engineer will provision the 3rd party authorized certificates and attach them to the Route53/CloudFront/LoadBalancer/APIGateway which ever will be servering to the client. This process involves the asymmetric encyption. Asymmetric encryption uses two keys public key and private key. The public key will be available to the via the SSL/TLS certificates while the clients are accessing the website.
Top comments (0)