SSL without certificates

M

MS

I want to use SSL for client to server communication. The server is W2K.

I don't care about server authentication, I just want to encrypt the
connection.

Do I still have to create and install a dummy certificate for the
server, or is there a way to bypass it?

It appears the SSL/TLS standard does not require the server
authentication step during the handshake, but how is it implemented on W2K?

I browsed through the MS Knowledgebase but couldn't find the answer.

MS
 
M

mccarthur

I want to use SSL for client to server communication. The server is W2K.

I don't care about server authentication, I just want to encrypt the
connection.

Do I still have to create and install a dummy certificate for the
server, or is there a way to bypass it?

It appears the SSL/TLS standard does not require the server
authentication step during the handshake, but how is it implemented on W2K?

I browsed through the MS Knowledgebase but couldn't find the answer.
Click to expand...
AFAIA you cannot have SSL without a certficate on the server.
what happens when the client (Internet explorer for example) wishes to
send encrypted data to the server (credit card for example).
the data from the client must be encrypyted using a key that the
server knows about. this is done using the server's public key.
the server then decrypts the data using its private key.

in steps

- install a certificate on the server . this contains a public key and
a private key
- the client wishes to send secure data to the server (https instead
of http)
- the client downloads into the certificate store the public key part
of the server's certificate
- the client cannot download the private key obviously
- the client encrypts the data using the server's public key and sends
it to the server
- the server decrypts the data using its private key
- if an eavsesdropper intercepts the communication he cannot decrypt
it because he doesnt have the private key

that is Public Key Cryptography in a nutshell
 
M

Microsoft

On SSL The Client dont have to has a Certificate on his/her Machine Just a
Server Certificate On a IIS
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SSL Client certificate in IIS 6.0. Different root CAs? 2
Outlook Desktop (latest) stopped syncing IMAP accpounts from selfowned Mail server. 0
TLS Support 4
Entourage support for client SSL certificates 0
Outlook 2003 SSL issue 0
Microsift Outlook 2007 setup for Gamil 2
SMTPS for Exchange 0
Entourage not recognizing valid certificate from Keychain 5

Top