ssl certificate

Answered Question
Apr 14th, 2008

hi every body

I have few basics questions about ssl certificate.

Here is my understanding about ssl

ssl serves two purposes:

secure the data in transit by public key encryption.

third party certificates validates the side is real not phising side.

now my question is one can copy the certificate belonging to some side and put it on fake side to gain customer trust and fool him into sending his informations such as social security, etc

so how such certificates provide security against this?

thanks alot!

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 8 years 9 months ago

the certificate alone is useless.

You also need the associated private key.

So, if you send encrypted data to sb that has stolen your destination certificate, they won't be able to decrypt the traffic since they don't have the associated private key.

Same if they send you data encrypted with a different private key, you won't be able to decrypt with the certificate.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Tue, 04/15/2008 - 03:30

the certificate alone is useless.

You also need the associated private key.

So, if you send encrypted data to sb that has stolen your destination certificate, they won't be able to decrypt the traffic since they don't have the associated private key.

Same if they send you data encrypted with a different private key, you won't be able to decrypt with the certificate.

Gilles.

Actions

This Discussion