1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 7:27 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

basic https questions

         

sorcerer

6:05 pm on May 5, 2012 (gmt 0)

10+ Year Member



Hello All,
Following a web tutorial, I have setup a https connection (via a specific port) to a web based app. The app is to monitor scientific equipment. I am having problem in understanding the security part of SSL in particular key encryption.
Here is what I saw:
Using Apache, I generated a private key and a private certificate. When an external user is accessing my web based app using https, the first screen the user sees is to acknowledge the risk and add the exception to the web browser. Then the user is asked to accept the certificate and to confirm security exception. Once this is done, the user can access and run the web app.
Here is where I have questions:
Q1/ When accessing the https site, the external user is asked to accept a certificate. This is the private certificate I generated above. Correct?
Q2/ SSL is about “public key cryptography”. There is supposed to be a public key being generated. Is the private certificate the public key?
Q3/ What I saw was the user can access the web app (after keying in the username and password, but that is from the web app). I am trying to figure out what happens here – in the micro-seconds after the web user accepts the security exception and before the web app is connected, there got to be some exchange of information/validations/handshakes between the user’s computer and the host’s computer. Because the host has to approve this connection first. What are these major information exchanges? Could the following actions be taken place? – the web user decrypted the certificate (and how?) extracted the private key and sent back the acknowledgement to the host. The host examined the private key and try to identify the received private key was indeed the one the host generated. Once the key is verified, the host allowed the secured connection. Correct?
Q4/ Once the connection is established, the user access the web app and do all kind of things with this app including accessing the data and observing the status of the equipment the app is monitoring. Is the data communication for this https connection encrypted? I sure hope it does. If encryption is used, where in the certificate generation can I specify the level (such as 128 bits, 256 bits) of encryption?
Q5/ In one of the many web tutorials, it said the user can generate his own SSL certificate and send it to the host to have it validated. Does Apache server have this additional security feature?
Thanks in advance.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 7:27 pm May 1, 2026