TLS/SSL Certificates and Keys

TLS (Transport Layer Security) is the standard protocol for securing communication over a network through using certificates and keys to establish trust and encrypt data. It was built on the now deprecated SSL (Secure Sockets Layer).

With TLS, each party (a client and a server) have a pair of encryption keys; a Private Key, which is kept secret and a Public Key, which is shared with others. When someone wants to send you a secure message, they encrypt it using your Public Key. Only you can decrypt this message with your Private Key, ensuring that only you can read it.

To confirm identities, each party uses digital certificates, which include their Public Key and information to verify their identity. These certificates are issued by trusted Certificate Authorities (CAs) that validate the identity information.

There are two types of TLS:

One-way TLS: Server Validation

In this configuration, the server presents a certificate and the client validates the server’s identity.

When HTTPS is enabled on the Iguana Web Server, it utilizes one-way TLS for communication with the web browser (ie. the client).

Open

Two-way TLS: Mutual Authentication (mTLS)

In this configuration, both the client and server present certificates to mutually validate each other's identity. This process, known as Verify Peer, ensures that the certificates were issued by a trusted Certificate Authority (CA) using the CA's root certificate. This verification confirms that both parties are who they claim to be and secures their communication.

This method is often used with data exchange protocols where enhanced security is required.

Open