Chapter Summary

Applications can use SSL to provide authentication, data integrity, and encryption for network communications.

When an SSL session is established, the client retrieves the server’s public key and uses it to encrypt a shared secret. The shared secret is then used to encrypt the rest of the session.

SSL and IPSec provide similar functionality. However, SSL is more commonly used on the Internet because it does not require the client to have a public key certificate.

You can obtain SSL certificates from public CAs or issue them yourself by using Windows Server 2003 Certificate Services.

When SSL is used to protect a session, the communications use a different TCP port number. You will have to reconfigure your firewall to allow traffic on the different port number.

Although only the server requires an SSL certificate to establish an HTTPS session, you can use client certificates to authenticate users.

Allowing LDAP queries to be encrypted requires only enrolling the domain controllers with a computer certificate. No manual configuration is required.

SSL certificates can be used to encrypt SQL queries. However, encryption must either be required on the computer running SQL Server or enabled in the SQL client application configuration.

The best way to encrypt messaging communications is to install a computer certificate on the mail server and then configure the mail clients to use SSL encryption.