User manual
Site Management
99
At the network level, the first time the browser connects to a server, the
browser stores the server’s certificate. This is the encryption part of the
secure connection. Each time the browser “thinks” that it is
communicating with this same server, it verifies that this same
certificate is used to assure the secure connection.
At a higher level, a server’s certificate is “signed” by a trusted external
authority that the browser knows about, such as VeriSign or Thawte.
This is the authentication part of the secure connection. The server
information (country, state, city, organization) is encoded into the
certificate and certificate request. The external authority signs your
request and guarantees that your server information is legitimate.
For example, if a Web site sends a signed certificate saying that it comes
from Cobalt Networks in Mountain View, California, United States, the
end user can trust (due to the signed certificate from the external
authority) that this Web site is indeed run by this company located in
this city.
A self-signed certificate is a certificate that has not been signed by an
external authority. A self-signed certificate simply ensures that an
encrypted Web connection is in place; it does NOT provide
authentication to a user that the server is who they say they are.
For more information on authentication, encryption and SSL, refer to
Appendix F, “Glossary”.