Changes between Version 2 and Version 3 of faq/security/what-is-an-ssl-certificate
- Timestamp:
- Apr 17, 2009, 10:22:10 PM (17 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
- 
      faq/security/what-is-an-ssl-certificatev2 v3 3 3 Security is a two-way street. When I go to a web site I have prove to the web site that it's really me before the web site gives me access to anything private or restricted (such as access to my email). The most common way that is done is via a login in which I provide a username and a password. Because I supply the correct password, the server knows it really is me, because I'm the only one who knows my password. 4 4 5 But how do I know that the server I'm going to really is the server I want to go to? Just because I type https:// secure.mayfirst.org into my browser, doesn't mean that the server really is the May First/People Link server that I think it is. Any number of things can happen via the Internet between my computer and the server I'm connecting to that might fool my computer into thinking I'm connecting to secure.mayfirst.org when in fact I'm connecting to someone else's server specifically setup to look like the May First/People Link server. If that were to happen, I might type in my username and password on this stranger's server that is acting like secure.mayfirst.org, essentially handing over my identity to a stranger.5 But how do I know that the server I'm going to really is the server I want to go to? Just because I type https://members.mayfirst.org into my browser, doesn't mean that the server really is the May First/People Link server that I think it is. Any number of things can happen via the Internet between my computer and the server I'm connecting to that might fool my computer into thinking I'm connecting to secure.mayfirst.org when in fact I'm connecting to someone else's server specifically setup to look like the May First/People Link server. If that were to happen, I might type in my username and password on this stranger's server that is acting like secure.mayfirst.org, essentially handing over my identity to a stranger. 6 6 7 7 The purpose of SSL certificates is to ensure that the site I'm connecting to really is secure.mayfirst.org. We pay a third party vendor (in this case Dotster, who resells Thawte services) to provide us with a certificate. We then install the certificate on our server. When your browser connects to us, your browser checks the certificate, which says: Thawte has ensured that this certificate was truly issues to the legitimate owners of the domain secure.mayfirst.org. If you trust Thawte (which most browsers are configured to trust by default), then you should trust this site and therefore your browser makes the connection. 

