Solved

How SSL works in web traffic?

Posted on 2014-12-06
7
287 Views
Last Modified: 2014-12-07
I was watching a tutorial video related to AD FS in Windows 2012.
When setting up trust relationship between two AD FS servers, I'm not quite understanding how SSL/TLS works in terms of Private/Public Key. Maybe it would be the same situation between a website and users accessing it.
I read various articles related to SSL online, still not clear how SSL works.

My understanding of encryption of SSL traffic between a website and users;
Server has a private key and keep in its key store.
Then, server distribute Public keys to users and users download the Public key when accessing through a web browser.
Then, the user computer encrypts data using the public key and send to the web server.
Then, the web server decrypts data using its private key.
At this stage, the traffic is secured. Any middle man can't not decrypt data on the path.

But, when the web server sends data to the user computer, how the traffic is secured?
The web server encrypts data using private key and sends data to the user computer.
Since public keys are distributed to anyone, a middle man can grab the public key and decrypts data???

I guess the situation is the same between AD FS servers. If there are mutiple AD FS trusts, multiple trust partners have the same Public Keys. How traffic from a private key holder to a public key holder is secured?
0
Comment
Question by:crcsupport
  • 3
  • 2
  • 2
7 Comments
 
LVL 84

Accepted Solution

by:
ozo earned 500 total points
ID: 40485208
The client sends the server a random key, which the client encrypts with the servers public key but which can only be decrypted with the servers private key.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40485210
So the private key is used only once to decrypt the first communication data to extract the random key generated by the client, then use the random key so on?
0
 
LVL 84

Expert Comment

by:ozo
ID: 40485212
Yes.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Author Comment

by:crcsupport
ID: 40485213
I don't know why this very important piece of process is omitted on many online SSL documents.
Thanks!!!
0
 
LVL 77

Expert Comment

by:arnold
ID: 40485217
While ssl/tls are tothe means to secure data exchanges, the AD fs client server setup is different from web traffic.
The AD FS both have to have verifiable certificates (identity assurance)

in web traffic, only the server has a preset private/public key which is presented within the certificate.  During the initial connection, the two sides negotiate the means of communication. the client browser generates a key pair (private/public) that will be used for this session only.
As ozo pointed out, the private key whether preset (server) or randomly generated (client) is the only means by which encrypted data can be decrypted.
Server private key decrypts data sent by the client that used the server public key to encrypt.
The server using client public key to encrypt responses sent to the client
Client uses its randomly generated private key to decrypt encrypted data sent by the server.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40485221
Arnold, I am sorry, I should have waited to give points to you. That's also the important point. A client generates a key pair (private/public key) as well, not just a single random key.
I really had hard time to understand how this works because there's no such means to show how this actually works visually. The only way to understand is by text. Now it all makes sense. The important part is what client does. They also  generate keys as well.


I hope anyone having hard time to understand PKI would find the above two posts are very helpful.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40485479
Not an issue on point awarding, ozo's post answered your question to your satisfaction.

The SSL/TLS is covered in more detail when discussing the mechanics/communication negotiation process that deals with establishing the connection.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now