SSL without certificates

  • Thread starter Thread starter MS
  • Start date Start date
M

MS

I want to use SSL for client to server communication. The server is W2K.

I don't care about server authentication, I just want to encrypt the
connection.

Do I still have to create and install a dummy certificate for the
server, or is there a way to bypass it?

It appears the SSL/TLS standard does not require the server
authentication step during the handshake, but how is it implemented on W2K?

I browsed through the MS Knowledgebase but couldn't find the answer.

MS
 
I want to use SSL for client to server communication. The server is W2K.

I don't care about server authentication, I just want to encrypt the
connection.

Do I still have to create and install a dummy certificate for the
server, or is there a way to bypass it?

It appears the SSL/TLS standard does not require the server
authentication step during the handshake, but how is it implemented on W2K?

I browsed through the MS Knowledgebase but couldn't find the answer.
Click to expand...
AFAIA you cannot have SSL without a certficate on the server.
what happens when the client (Internet explorer for example) wishes to
send encrypted data to the server (credit card for example).
the data from the client must be encrypyted using a key that the
server knows about. this is done using the server's public key.
the server then decrypts the data using its private key.

in steps

- install a certificate on the server . this contains a public key and
a private key
- the client wishes to send secure data to the server (https instead
of http)
- the client downloads into the certificate store the public key part
of the server's certificate
- the client cannot download the private key obviously
- the client encrypts the data using the server's public key and sends
it to the server
- the server decrypts the data using its private key
- if an eavsesdropper intercepts the communication he cannot decrypt
it because he doesnt have the private key

that is Public Key Cryptography in a nutshell
 
On SSL The Client dont have to has a Certificate on his/her Machine Just a
Server Certificate On a IIS
 
Back
Top