Cybersecurity Frameworks

Key Management Interoperability Protocol

What is TLS/SSL?

When we use HTTPS to communicate with a web server, we use asymmetric encryption. For asymmetric encryption, we would need a public key, and a private key. The authenticity of the public key is unknown, which is where SSL/TLS certificates come in to play.

An SSL/TLS certificate is a certificate signed by a trusted CA. The CA uses their private key to sign the certificate, which includes who the certificate is issued to, the validation period, and the public key. Since the public key is attached to the certificate, it proves the legitimacy of the public key so that it can be used for further secure communication between the webserver and client.

Source 1:

When SSL version 3.0 was updated, instead of it being called SSLv4.0 it was renamed to be TLSv1.0.

The latest standard version is TLSv1.2.

Let's talk