Ask Dave Taylor: Tech and Business

Sunday

How SSL works and why your "CA" is so darn important

I'm building a site that has pages with confidential information, and because of that, I use SSL to encrypt the information. But when the user enters the SSL environment (https), an annoying window appears with a security alert saying: "The certificate was issued by an organization, which you haven't selected as trustworthy" How do I get rid of this message?

Fortunately for both of us, I have recently been chatting with Christian Barmala, one of the smartest people I know in the public cryptography field, and he supplied me with a detailed answer to your question:

SSL does two things: First, it encrypts the communication between client and server, so there is no use in tapping the line and wait for the user to type in his secret password. That's what you want to do and that's what works already despite the "annoying message". But how can the user know that the web site, which asks him to type in his secret password actually belongs to you and isn't an imitation meant to seduce him to disclose his password...

Continue reading about How SSL Works at Ask Dave Taylor Tech Support.