Cisco Cisco ISA550W Integrated Security Appliance Installation Guide
© 2012 Cisco Systems, Inc. All rights reserved.
Page 2 of 15
Step 2.
The web server sends its public key and certificate.
Step 3.
The browser verifies whether the certificate was issued by an untrusted or trusted source (such
as Verisign), confirms that the certificate is still valid, and verifies that the information is
relevant to the site. For an untrusted certificate, the browser prompts an “exception” that asks
the user to accept or reject the certificate.
as Verisign), confirms that the certificate is still valid, and verifies that the information is
relevant to the site. For an untrusted certificate, the browser prompts an “exception” that asks
the user to accept or reject the certificate.
Step 4.
Once the certificate is verified and accepted, the browser generates a random symmetric
key and encrypted symmetric key information by using the public key. The browser then sends
the keys to the server with the encrypted URL in addition to other encrypted HTTP data.
key and encrypted symmetric key information by using the public key. The browser then sends
the keys to the server with the encrypted URL in addition to other encrypted HTTP data.
Step 5.
Using its private key, the web server decrypts the package to obtain the symmetric key.
Step 6.
Both the browser and the server are now using same the symmetric key. This key is used to
encrypt and decrypt package data exchanged by the browser and server until the session is
ended.
encrypt and decrypt package data exchanged by the browser and server until the session is
ended.
285488
WWW
Public
Key
+
+
Certificate
285492
WWW
285487
WWW
Private Key
Symmetric
Key
285509
WWW
WWW