You need to sign in to do that
Don't have an account?
Avinash Kumar 90
Server certificate verification in one way SSL
Hi All,
In a one way ssl scenario, where salesforce is client and is making a ssl callout how does salesforce verify server certificate?
As per documentation, in one way SSL only server certificate is checked. I would like to understand how does salesforce checks server certificate.
P.S.: Am a salesforce newbie and hence this basic question.
-Avinash
In a one way ssl scenario, where salesforce is client and is making a ssl callout how does salesforce verify server certificate?
As per documentation, in one way SSL only server certificate is checked. I would like to understand how does salesforce checks server certificate.
P.S.: Am a salesforce newbie and hence this basic question.
-Avinash
Authentication with SSL:
SSL is the standard security technology for establishing an encrypted link between a web server and a browser. Normally when a browser (the client) establishes an SSL connection to a secure web site, only the server certificate is checked. The browser either relies on itself or the operating system providing a list of certs that have been designated as root certificates and to be trusted as CAs.
One-way SSL authentication (server -> client):
Client and server use 9 handshake messages to establish the encrypted channel prior to message exchanging:
- Client sends ClientHello message proposing SSL options.
- Server responds with ServerHello message selecting the SSL options.
- Server sends Certificate message, which contains the server’s certificate.
- Server concludes its part of the negotiation with ServerHelloDone message.
- Client sends session key information (encrypted with server’s public key) in ClientKeyExchange message.
- Client sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
- Client sends Finished message to let the server check the newly activated options.
- Server sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
- Server sends Finished message to let the client check the newly activated options.
Please mark this as solved if the information helps.Regards,
Nagendra.