MIS-Unit 5
MIS-Unit 5
MIS-Unit 5
You won't actually see the entire digital certificate as you connect to a
site. However, you'll easily know it's there. Websites protected by
certificate usually display a lock icon followed by "https" on the leftmost
part of that site's URL when viewed on your browser's URL bar. To view
the contents of the certificate, just click on the lock icon.
How to get Digital Certificate
• To get a certificate, you must
create a Certificate Signing Request (CSR) on your
server. This process creates a private key and public
key on your server.
• The CSR data file that you send to the Certificate
Authority or CA contains the public key. The CA
uses the CSR data file to create a data structure to
match your private key without compromising the
key itself. The CA never sees the private key.
• Once you receive the digital certificate, you install it
on your server.
What is CSR
• A CSR is an encoded file that provides you
with a standardized way to send your public
key as well as some information to CA that
identifies your company and domain name.
• When you generate a CSR, most server
software asks for the following information:
common name (e.g., www.example.com),
organization name and location (country,
state/province, city/town), key type (typically
RSA), and key size (2048-bit minimum).
• The most important part of an SSL
certificate is that it is digitally signed by a
trusted CA, like DigiCert.
• Since the browser trusts the CA, the
browser now trusts that organization’s
identity too. The browser lets the user know
that the website is secure, and the user can
feel safe browsing the site and even
entering their confidential information.
Digital certificate request process
9. Kerberos
• Kerberos is a system for authenticating users and services
on a network. It is built upon the assumption that the
network is “unsafe”. For example, data sent over the
network can be eavesdropped and altered, and addresses
can also be faked. Therefore, Kerberos is a trusted third-
party service which works on the basis of tickets which
allow nodes to communicate over a non-secure network
to prove their identity to one another in a secure way.
This means that there is a third party (the kerberos
server) that is trusted by all the entities on the network
where users and services can authenticate each other.
Kerberos
• It is a client-server model and uses symmetric key
model for encryption and decryption processes.
Kerberos requires trusted third part i.e. key
distribution center (kdc). KDC has two different
processes, one is Authentication server (AS) and
another is Ticket Granting server (TGS). KDC
contains a database of secret keys. For e.g. Let us
suppose one user is there i.e. A and he want to
communicate with B. Now in-order to communicate
with B securely, A will contact with KDC. After the
authentication is completed the KDC will grant
session key to A. Now A will use this session key to
encrypt the transmission and send it to B securely.
Kerberos
• In third-party authentication systems, the password or encryption key itself
never travels over the network. Rather, an authentication server maintains a
database of keys about each registered user. As shown in the figure below,
User A wants to gain access to N/W Services. For this User want service
ticket or session key from key distribution center (KDC).The user requests
for service ticket from the authentication server (AS). The request is
encrypted by user password shared between user and Authentication
Server. After request is made by the user, Authentication Server transmits
Ticket Granting Ticket (TGT), encrypted with the key shared between
Authentication Server and Ticket Granting Server. After this, again TGT is
send by the user to the Ticket Granting Server by requesting service ticket.
Then, Ticket Granting Server (TGS) grant user with the service ticket,
encrypted with key shared between TGS and Network service (the service
user want to access). Now the user sends their service ticket or session key
to the N/W services and then client/server session is initiated.
How Kerberos Work?