D
D
Dmitry Makarov2015-10-27 08:53:11
Information Security
Dmitry Makarov, 2015-10-27 08:53:11

How to implement client-server interaction with your own certifying authority?

I'm just starting to understand the issues of secure interaction of programs, encryption, etc. While I'm trying to understand the meaning in general, the scheme ...
It is necessary to provide communication in a client-server application that is protected from listening and unauthorized access. It is planned that the client and server will communicate using WebSockets. Found that in such cases the TLS protocol is used. One of the problems that this protocol solves is the secure exchange of keys between a remote client and server over an open channel. I read in Wikipedia that when establishing a connection, an important participant is the certifying authority. Actually, the reliability of this entire scheme is based on trust in this certification authority, for which the certification authority takes money.
In what follows, I will use the term digital certificate. I'm not sure if I understand it correctly, so I'll write how I understand it. A digital certificate is a public key + a link to a certification authority. Plus, the certificate is signed by a certification authority (encrypted with the private key of the certification authority, and the public key of the certification authority is well known: apparently in the form of a self-signed certificate).
In my case, I have access to the client and the server. The certification authority is, as I understand it, a certain program. As I understand it, I can run it on my server (well, or on some other one, but in this case on the same one).
Now questions:
1. As far as I understand, when setting up a web server, the configs indicate which private key to encrypt and which certificate to give. How to tell the browser (client) that it is necessary to use this certificate to communicate with that server and how to transfer the certificate to the server? 2. I know in the browser you can configure a list of trusted server certificates. Accordingly, how to set up a list of trusted client certificates on the web server? And how to set up access (with this certificate, you can only look here, and with this one, write something else here)? I apologize if I messed up with the terms or if the porridge is written here in general. Unravel me for more clarity. Thank you.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
D
Dmitry Makarov, 2015-10-27
@DmitryITWorksMakarov

I suspect here is the solution to my question. While I was formulating the question, I already understood that I needed to google ...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question