2
I have basic ideas of how asymmetric encryption works. I as to HTTPS, all articles makes me confusing. I want to know:
Frozen Flame
Posted 2013-12-13T02:33:05.247
Reputation: 880
3
What's inside a certificate listed in my browser? A public key for a specific site?
A certificate binds a site's public key to the site name. It is also signed by a trusted authority.
Will the browser ask the Certificate Authorities each time I visit some HTTPS:// ?
No. It would only to do so if it wanted to check if the certificate was revoked.
Can a web server for an intranet facilitate HTTPS for security? The clients may have no access to the Internet.
Yes, absolutely.
David Schwartz
Posted 2013-12-13T02:33:05.247
Reputation: 58 310
So where does a client get a certificate? From the web server or CA? I am minding the intranet situation. – Frozen Flame – 2013-12-13T02:49:29.043
@frozen-flame the client gets the certificate from the web server. It then checks that it was signed by a trusted CA (which doesn't require contacting the CA). – Dracs – 2013-12-13T03:10:31.993
@Dracs Do I need to install something manually to each client machine (which have no Internet access)? – Frozen Flame – 2013-12-13T04:10:04.810
@frozen-flame You should only need to install something if the certificate is not signed by an existing trusted CA (your OS should include quite a few by default). If it isn't signed you'll need to manually install the certificate on the client machines to set it as trusted. – Dracs – 2013-12-13T04:16:11.403
Browser will just check CA certificates, so it will ask your OS and OS will ask its storage, but won't go to internet. Can we refer to it as "ask"? – Andrey Regentov – 2013-12-13T07:50:27.867