Your secure server provides security using a combination of the Secure
Sockets Layer (SSL) protocol and (in most cases) a digital certificate
from a Certificate Authority (CA). SSL handles the encrypted
communications as well as the mutual authentication between browsers and
your secure server. The CA-approved digital certificate provides
authentication for your secure server (the CA puts its reputation behind
its certification of your organization's identity). When your browser is
communicating using SSL encryption, the
https:// prefix is used at the
beginning of the Uniform Resource Locator (URL) in the navigation bar.
Encryption depends upon the use of keys (think of them as secret
encoder/decoder rings in data format). In conventional or symmetric
cryptography, both ends of the transaction have the same key, which they
use to decode each other's transmissions. In public or asymmetric
cryptography, two keys co-exist: a public key and a private key. A
person or an organization keeps their private key a secret and
publishes their public key. Data encoded with the public key can only
be decoded with the private key; data encoded with the private key can
only be decoded with the public key.
To set up your secure server, use public cryptography to create
a public and private key pair. In most cases, you send your
certificate request (including your public key), proof of your company's
identity, and payment to a CA. The CA verifies the certificate
request and your identity, and then sends back a certificate for your
A secure server uses a certificate to identify itself to Web
browsers. You can generate your own certificate (called a "self-signed"
certificate), or you can get a certificate from a CA. A certificate from
a reputable CA guarantees that a website is associated with a particular
company or organization.
Alternatively, you can create your own self-signed certificate. Note,
however, that self-signed certificates should not be used in most
production environments. Self-signed certificates are not
automatically accepted by a user's browser — users are
prompted by the browser to accept the certificate and create
the secure connection. Refer to Section 26.5 Types of Certificates for
more information on the differences between self-signed and CA-signed
Once you have a self-signed certificate or a signed certificate from the
CA of your choice, you must install it on your secure server.