<div>
The verification is part of the issuing process See Verisign, Godaddy, Thwate, or any other SSL issuing entity.
</div>


<div>
I agree with Mod_MarlEE, seems like a homework question.<br />
<br />
TLS V1 standard: <a href="http://www.ietf.org/rfc/rfc2246.txt" rel="ugc">http://www.ietf.org/rfc/rfc2246.txt</a><br />
<br />
Baed on SSL V3, SSL was developed by NetScape TLS is the RCF'ed public version of SSL.
</div>


<div>
arnold - based on what you have said, am I correct in assuming that ports 443 (and 80?) would need to be open between the server (or client?) and the issuing entity (i.e. thawte, godaddy, verisign, etc). Otherwise, SSL certs will not authorize correctly?<br />
<br />
Would the inability for the client and/or server to reach the issuing entity cause clients to hang during initial client hello/server hello handshake?
</div>


<div>
No you need to study further.<br />
port 443 just implements a very specific content (HTTP) over an SSL connection.<br />
port 80 does implement HTTP without SSL.is <br />
like 445 implements CIFS (more or less SMB over SSL) &nbsp;and port 139 implements SMB without SSL<br />
port 143 is IMAP and 993 IMAP + SSL &nbsp;etc. etc.<br />
<br />
A good starting point: <a href="http://www.openssl.org/docs/" rel="ugc">http://www.openssl.org/docs/</a>&nbsp; &nbsp;this library + toolkit implements SSL (raw SSL)<br />
for the CA part of things try <a href="http://wiki.cacert.org/" rel="ugc">http://wiki.cacert.org/</a>&nbsp; &nbsp; &nbsp;this organisation has open documentation &amp;&nbsp;sources to create certificates ....<br />
<br />

</div>


<div>
noci - allow me to clarify, I am referring specifically to HTTPS negotiation.
</div>


<div>
The signing Authorities do not and have no reason to access your sites.<br />
When you request a certificate you present a Certificate Signing Request that includes all the information that identify you/the organization/the site depending on the purpose of the certificate. &nbsp;The Signing Autority (Certificate Authority, Verisign, Thwate, etc.) have a process on how they validate that the request for the certificate is coming from the correct entity. &nbsp;Once the documentation/process they have is fullfilled, they use their Certificate to sign your CSR and the result is your certificate. <br />
The distinction between the certificate types comes based on the type of CSR you generate.<br />
I.e. if you use <a href="http://www.somedomain.com" rel="ugc">www.somedomain.com</a>, you will get a web certificate, if you use your name and use the appropriate template, you will get a user certificate. &nbsp;etc.<br />
<br />
There are two ways to verify the certificate, OCSP which &quot;checks&quot; at the time of access to make sure this certificate has not been revoked. &nbsp;The other method deals with checking the signing path to make sure it is Trusted.<br />

</div>


<div>
<div class="content wysiwyg-content">
What are different methods of verifying / authorizing SSL certificates?<br />
<br />
Are there methods that are completed locally on the server and/or client?<br />
<br />
Are there methods that can be completed internally in my organization?<br />
<br />
Are there methods that require the server and/or client to touch the internet?
</div>
</div>


What are different methods of verifying / authorizing SSL certificates?

Are there methods that are completed locally on the server and/or client?

Are there methods that can be completed internally in my organization?

Are there methods that require the server and/or client to touch the internet?

How are SSL certificates verified?

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.