For understanding SSL , first thing to understand is Digital Certificate.
Digitally signed CA certificate
Below is the key point which define a digitally signed certificate-
It is standard for verifying a client ,server or any third party.
It has following 4 key elements -
1. Organizational information
This section of the certificate contains information that uniquely identifies the owner of the certificate, such as organizational name and address. You supply this information when you generate a certificate using a certificate management utility.
2. Public key
The receiver of the certificate uses the public key to decipher encrypted text sent by the certificate owner to verify its identity. A public key has a corresponding private key that encrypts the text.
3. Certificate authority's distinguished name
The issuer of the certificate identifies itself with this information.
4. Digital signature
The issuer of the certificate signs it with a digital signature to verify its authenticity. This signature is compared to the signature on the corresponding CA certificate to verify that the certificate originated from a trusted certificate authority.
SSL
SSL is a process used for authenticating a caller using digitally signed certificate .The cert can be signed by third party CA authority or self signed using utility tools.
One-Way SSL
One way SSL is used by clients to authenticate the server
The service provider i.e. the server shares its digital certificate with the client and client store it in its truststore.
Truststore keystore is the certificate repository where the server/client stores all the thirdparty certificates.
Identity keystore is the certificate repository where server/client store its own certificate
Before the actual message is transmitted the handshake needs to be done and establish the connection successfully.
Client has the servers public key ( contained in the certificate that server shared).
One important point to remember is that there is unique private-public key pair which the server has.Public key is present in the certificate and shared with the client .Private key is kept secret.Any message encrypted using a private key can be decrypted only with its unique public key .
Below are the steps to establish connection in case of One way SSL -
1. Client requests for a protected resource from the server.
2. Server sends it's certificate to the client
3. Client validates the digital signature in the received certificate against the digital signature present in the certificate which the client already has in its trust store. If the digital signature match that means the digital certificate is generated from valid CA authority and has not been tampered in between.
4.Client request the server to prove server's identity (ownership).
5. So the server sends back message encrypted using servers private key .
6. Client validates the servers identity using servers public key which was sent as part of digital certificate.
7.On successful validation a handshake is done and connection is established between client and the server.
8. Server sends the requested resource to the client.
This is one way SSL and in case of 2 way SSL ,the server also validates the client similarly.