SSL Overview

The SSL identifier has four parts:

• A private key that is not used by anyone.

• A public key that you can share with anyone.

  The private and public key forms a consistent pair: everything that you encrypt using one can be decrypted by another, but you cannot decrypt something encrypted using a public key without a private key or vice versa. This is genuine mathematical magic.

• Metadata attached to a public key that indicates what it says. For the server key, this identifies the DNS name of the service that is protected (among other things). Other details here include things such as the intended use (mainly used to limit the amount of damage that someone with a stolen certificate can do) and the expiration date (to limit the duration of use of the stolen certificate).

• Digitally sign a combination of public key and metadata so that they cannot be confused and so that someone else knows how to trust metadata. There are several ways to handle who signs:

  • Signing using a private key (from part 1 above); self-signed certificate. Anyone can do this, but he does not have much trust (precisely because everyone can do this).
  • Getting a group of people who trust each other to vouch for you by signing a certificate; Web trust (so-called because trust is transitive and often symmetrical, as people sign each other’s certificates).
  • Obtaining a trusted third party for signing; Certificate Authority (CA). Identification of the CA is guaranteed by other higher-level CAs in the trust chain back to some root authority that everyone trusts (that is, there is a list built into your SSL library that can be updated during deployment).

  There is no fundamental technical difference between the three types of powers above, but the nature of the trusted people invested in them is extremely changeable. Details of why this is needed will require a very long answer!

Elements 2-4 are a digital certificate.

When the client, B, starts the SSL protocol with the server, A, the server’s digital certificate is transferred to B as part of the protocol. The private key is not sent, but since B can successfully decrypt the message sent by the other end with the public key in the digital certificate, B may know that A has a private key that matches. B can then look at the metadata in the certificate and see that the other end claims to be A, and can verify the signature to see how much trust this statement; if metadata is signed by an authority that B trusts (directly or indirectly), then B can trust that there is an SSL identifier on the other end. If this is what they expected (that is, they wanted to talk to A: in practice, this is done by comparing the DNS name in the certificate with the name that they used when looking for the server address), then they may know that they have a secure channel connection: im good to go.

B cannot personify A with this information, though: B does not receive the private key, and therefore they will all fall apart at the first stage of verification. In order for any third party to impersonate B, they must have (at least) two of:

• Private key. The owner of the identity must ensure that this does not happen, but ultimately it is in their hands.
• A trusted authority that makes false claims. Some flaws happen here - a self-signed authority is never very reliable, a trust network is confronted with problems, because trust is an inconvenient thing that processes transitively, and some CAs are completely unprincipled, while others are too inclined to exclude confusion - but basically it works good enough because most parties tend to not cause problems, often for financial reasons.
• A way to mirror DNS so that the target believes that the other server is indeed an impersonation. Without DNSsec, this is pretty easy, unfortunately, but this particular problem is reduced.

As for your other questions ...

Why use certificate hashing if part of it is already encrypted by CA? Does this not mean that no one can bother with a digital certificate (with a high probability)?

While the keys are quite long, the certificates are longer (first, they include the public key of signers, which usually has the same length as the signed key). Hashing is part of the general algorithm for signing documents anyway, because no one wants to be limited to signing only very short things. Given that an algorithm is necessary, it makes sense to use it for this purpose.

If I am a stackoverflow and I have 3 servers that do the same thing - allowing clients to access, read, identify, etc. - I need to have a different digital certificate for each of the three servers.

If you have several servers serving the same DNS name (there are many ways to do this, one of the simplest of which is circular DNS maintenance), you can set the same identifier for each of them. This slightly reduces security, but only slightly; this is another service that is simply implemented by several servers. In theory, you could give everyone a separate personality (albeit with the same name), but I cannot come up with any good reason for its actual fulfillment; he would rather bother people than an alternative.

Also note that it is possible to have a certificate for more than one service name at a time. There are two mechanisms for this (adding alternative names to the certificate or using a wildcard in the name in the certificate), but CAs usually charge quite a lot for signing certificates with them.

In general, yes, if the cert file is stolen, nothing will stop any of its installation on its server and will suddenly accept the stolen site identifier. However, if the thief does not take control of the DNS settings of the source site, any requests to the site’s URL will still be sent to the source server, and the thief server will remain without work.

This is the equivalent of creating an exact duplicate of the Statue of Liberty in Antarctica with the expectation of the theft of tourism revenue in New York. If you don’t start hacking every travel guide book and history book to replace New York with Antarctica, everyone will still go to New York to see the real statue, and the thief will just have a very big, green, full single icicle.

However, when you receive a certificate from CA, the certificate is password protected and cannot be simply installed on the web server. Some places remove the password, so the web server can reboot without intervention. But the protected site will store the password in place, which means that any restart of the server will kill the site until someone enters the administrator’s console and logs into PW to decrypt the certificate.

I also have some answers.

Q1) If B steals a certificate and tries to impersonate it from A to C.

• C will check the IP address of B and find out that it does not belong to C. Then it will terminate the SSL connection. Of course, even if C sends an encrypted message, then only Real A can decrypt it.

Q2) The certificate is usually presented in plain text using the common X.509 format. All entries can be read by anyone. The hashing process is used to digitally sign a document. Digitally signing the certificate forces the end user to confirm that the certificate has not been modified by anyone since it was created. Hashing and encryption of content using the issuer's private key is performed to create a digital signature.