Home > Ask the Security Experts > Questions & Answers > Digital certificates and SSL
Ask The Security Expert: Questions & Answers
EMAIL THIS

Digital certificates and SSL

Jonathan Callas EXPERT RESPONSE FROM: Jonathan Callas

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 27 September 2002

For using SSL, does the client side need to have a digital certificate (X.509v3)? If so, then why can I access secure Web sites from my computer that seemingly does not have a certificate? If it is not needed, then how does the client send its public key across to the secure server?

>

No, you do not need a certificate to use SSL. If you have one, it can be used to authenticate you to the server, but if you don't, then some other mechanism (like a password) can be used.

When you set up an SSL connection, usually, a Diffie-Hellman key exchange is done, but each side can actually negotiate how it is done.

You can find all the rules for how this is done in RFC 2246, the IETF standardization of SSL called Transport Layer Security. You can find this at http://www.ietf.org/rfc/rfc2246.txt.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Finding the answers to specific SSL questions
News & Analysis: OpenSSL expert details flaws

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts