From BC$ MobileTV Wiki
Jump to: navigation, search

Secure Socket Layer (commonly abbreviated SSL) is a security mechanism for transmitting data electronically, and is most commonly coupled with the HTTP protocol, resulting in a more secure transport layer security known as HTTPS.




In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove the ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner.

In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company that charges customers to issue certificates for them. In a web of trust scheme, the signer is either the key's owner (a self-signed certificate) or other users ("endorsements") whom the person examining the certificate might know and trust.

[23][24][25][26][27][28][29] [30]


In Public Key Infrastructure (PKI) systems, a Certificate Signing Request (also CSR or certification request) is a message sent from an applicant to a Certificate Authority in order to apply for a digital identity certificate. Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The CSR contains information identifying the applicant (such as a distinguished name in the case of an X.509 certificate) which must be signed using the applicant's private key. The CSR also contains the public key chosen by the applicant. The CSR may be accompanied by other credentials or proofs of identity required by the certificate authority, and the certificate authority may contact the applicant for further information.


Certificate Authority (CA).



Additional part of SSL/TLS spec where you must indicate the Hostname intended to create a connection to prior to initiating the handshake process or sending/receiving any messages.

[33] [34] [35] [36] [37] [38] [39]




Google Tinks

  • Google Tink: (multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse)

[41] [42] [43]



External Links

[46] [47] [48] [49] [50] [51] [52] [53] [54]


  1. Certification Authority Authorization (CAA) now mandated by CA/Browser Forum:
  2. What is an SSL Certificate?:
  3. What are certificates?:
  4. What Are Certificates?:
  5. What is SSL and what are Certificates?:
  6. Public key pinning update to Chrome and all Google web properties (04 May 2011):
  7. Where can I find all SSL CA certificates?:
  8. Firefox certs:
  9. Chrome certs: (NOTE: it uses the default certificates included with the OS)
  10. Opera certs: (installs the most used CAs while installing the application, you can find the rest in the Opera online root repository as linked)
  11. iOS & Mac Safari certs:
  12. Creating Self-Signed SSL Certificates for Apache on Linux:
  13. Apache Tomcat 9 -- SSL/TLS Configuration HOW-TO:
  14. Tomcat Server/Client Self-Signed SSL Certificate:
  15. Self-Signed Cert configuration for Tomcat:
  16. Create a Self-Signed Server Certificate in IIS 7:
  17. How to -- Create Temporary Certificates for Use During Development:
  18. How to -- Create Your Own Test Certificate:
  19. Create and export a self-signed certificate:
  20. When to Use a "Java Keytool" Self-Signed Certificate:
  21. The most common Java "keytool" Keystore commands:
  22. Creating a Keystore File and Keystore Password for HTTPS Connections:
  23. Converting a Java Keystore (.jks) into PEM Format:
  24. How to self-sign certificates:
  25. Signed vs. Self-signed Certificates:
  26. 'keytool' is not recognized as an internal or external command:
  27. Keytool is not recognized as an internal or external command:
  28. Oracle/Sun guide to generating a Keystore, Certificate Signing Request & Certificate:
  29. keytool - Key and Certificate Management Tool:
  30. Let’s Encrypt SSL Security Errors starting Sep 30, 2021 - your connection is not private: (fix could be as simple as removing expired “initial root cert” of LetsEncrypt then restart servers)
  31. CSR creation using OpenSSL in Apache:
  32. When to use Let's Encrypt's webroot and standalone authorization:
  33. Java SSL handshake with Server Name Identification (SNI):
  34. Use cURL with SNI (Server Name Indication):
  35. PHP server-side SNI support: | DOCS
  36. If You Can Read This, You're SNIing:
  37. F5 LoadBalancers -- SNI Routing with BIG-IP:
  38. C# (CSharp) System.Data.SqlClient.SNI SNIHandle Examples:
  39. How to implement Server Name Indication (SNI):
  40. How to determine if OpenSSL and mod_ssl are installed on Apache2:
  41. Cryptography With Google Tink:
  42. Google Tink Example – Google Cryptography:
  43. Guide to Google Tink:
  44. Invoking the Secure Protocol RestService from OSGI Client (AEM is in http protocol) not working:
  45. How to fix -- No subject alternative names present:
  46. Everything (basic thing) You Need To Know About SSL Certificates:
  47. Everything You Need to Know about SSL Certificates:
  48. Everything You Need to Know About SSL/TSL Certificates:
  49. SSL certificate limitations:
  50. Google I/O 2014 - HTTPS Everywhere:
  51. Everything You Wanted to Know about SSL Certificates:
  52. Everything you should know about certificates and PKI but are too afraid to ask:
  53. Important Things to Know before Installing an SSL Certificate:
  54. SSL Certificate Explained -- EV, OV & DV explained - Everything You Need To Know About SSL:

See Also

HTTPS | TLS | Security | DNS