- Pci Dss
- Sox
- Hippa,
- Evaluating Systems
- Evaluating Systems, Goals Of Evaluating Systems
- Tcsec
- Itsec
- Fips
- Common Criteria
- Sse-Cmm
- Law And Information Security
- Historical Evolution Of Computer Related Law In The Us
- Privacy Law And Its Significance To Information Security
- The Uk Dpa And The Eu Gdpr
- Eta Of Nepal
TLS CERTIFICATE
Transport Layer Security (TLS) is an encryption protocol that provides secure connections between servers and applications on the internet.
TLS WORKING
TLS uses public-key cryptography to verify a website's authenticity. Websites utilizing HTTPS (TLS) generate a mathematically linked key pair:
- Private Key: Kept secret and used to sign data.
- Public Key: Available to anyone and used to verify the signed data.
When your browser connects to a website (such as xyz.com), the server generates a digital signature using its private key. The browser then verifies this signature with the corresponding public key. Successful verification confirms that you are connecting to the legitimate server associated with the domain name you are visiting.
TLS certificates usually contain the following information:
- The subject domain name (for example, xyz.com)
- The name of the issuing CA
- Additional subject domain names, including subdomains, if any
- The date of issue
- The expiry date
- The public key used to verify data (the subject organization keeps the private key secret)
Most browsers display a padlock to show that your connection is secure and the site’s TLS certificate is valid.
Question: What are the weaknesses of TLS ?