We help IT Professionals succeed at work.
Get Started

How do signed SSL / HTTPS certificates and certificate authorities work?

479 Views
Last Modified: 2012-05-11
My questions are at the bottom of this post, but first the I'll try to explain the situation.


I am troubleshooting an issue for a user that I have isolated to encryption negotiation.

When attempting to load a website, the site intermittently hangs during initial load for approximately 30 seconds.

I ran wireshark while accessing the website.


During attempts that failed, each of the "Client Hello" messages during the encryption handshake were using SSL. The client send a few tcp keep-alive messages. Then traffic halts for approximately 30 seconds. Then, the client reattempts encryption handshake using SSLv2 "Client Hello" and the server responds with SSLv3 "Server Hello" as expected.

During attempts that behave normally / do no fail, the initial encryption handshake appears to be handled using TLSv1.0.



And now for the questions...

What is involved in SSL / HTTPS negotiation?

How does a signed certificate get verified? (i.e. a certificate from thawte)

How do CA bundles / certificate authorities come in to play?

If a web server that is using a https / ssl cert is installed and TCP port 443 is allowed between the web server and the end user, are there ANY other ports that would need to be open? (i.e. for certificate authorities, certificate verification, etc)

Based on the symptoms / troubleshooting that I described, can any other suggestions or conclusions be made?
Comment
Watch Question
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE