Test the Secure Web Server Configuration (HTTPS) Part 1

in linux •  7 years ago 


Source Image

1.Understanding Web server

Web server or in English called web server is a software (software) in the server that serves to receive requests (requests) in the form of web pages through the HTTP protocol and or HTTPS from the client better known by the name of the browser, then send back (response ) the results of the request into the form of web pages that are generally in the form of HTML documents.
From the above understanding, it can be concluded that the web server is a waiter (service provider) for web client (browser) such as Mozilla, Chrome, Internet Explorer, Opera, Safari and so forth, so the browser can display the page or data you requested.

2.Web Server Function

The main function of the web server is to transfer or move files requested by the user through a particular communication protocol. Because in a single web page it usually consists of various types of files such as
images, videos, text, audio, files and so forth, then the use of web server also functions to transfer the entire aspect of the filing within the page, including text, images, video, audio, files and so on.
When you want to access a website page, you typically typed the page in a browser like mozilla, chrome and others. After you have requested (usually by pressing enter) to access the page, the browser will make a request to the web server. This is where the web server plays a role, the web server will find the requested data browser, then send the data to the browser or reject it if it turns out the requested data is not found.

Some of the most widely used examples of web servers are:
Apache
Apache Tomcat
Microsoft Internet Information Services (IIS)
Nginx
Lighttpd
Litespeed
Zeus Web Server

The standard features of web server are:
HTTP
Logging
Virtual Hosting
Bandwidth Settings
Automation
Content Compression
HTTPS

HTTP (Hypertext Transfer Protocol) is a protocol used by web servers and web browsers to be able to communicate between each other. While HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP. Usually HTTP protocol uses port 80 and HTTPS protocol using port 443. To recognize and distinguish between them, you can see when you access a website page whether http : // or https: //.
Web servers are usually equipped with a script language translator engine that allows web servers can provide dynamic site services, ie sites that can interact with visitors by utilizing additional libraries such as PHP and ASP.

3.How Web Server Works

The simplest task of the web server is to receive a request from the client and send back the file requested by the client.
As already informed above that the client in question here is a desktop computer that has or has installed web browsers such as Chrome, Mozilla, Opera and others that can connect to a web server over the Internet or intranet.
The web server software is located on the server computer, and in this computer the data files are stored neatly. Similarly with the client computer, the server computer must also be connected to the internet network or intranet network to be accessible by the client.

When the client requests the web page data to the server, the browser's request for data requests will be packaged inside TCP which is a transport protocol and sent to an address in this case the next protocol of Hyper Text Transfer Protocol (HTTP) and or Hyper Text Transfer Protocol Secure (HTTPS). The requested data from the browser to the web server is called an HTTP request which will then be searched by the web server on the server computer. If found, the data will be packaged by the web server in TCP and sent back to the browser for display. Data sent from server to browser is known as HTTP response. If the data requested by the browser is not found by the web server, the web server will reject the request and the browser will display a 404 or Page Not Found error notification.

Although the process or workings of the above web server as very complicated, but in practice the process is going very quickly. You may even not realize that when you ask for a web page, it turns out it requires a very long process until the page you can see in your browser.

4.The distinction between a web server and a safe web server (HTTP and HTTPS)

Some real contrasts amongst http and https, beginning with the default port, the 80 for http and 443 for https. Https works with typical http collaboration transmission through an encoded framework, so in principle, data can not be gotten to by parties other than the customer and the end server. There are two basic sorts of encryption layers: Transport Layer Security (TLS) and Secure Socket Layer (SSL), both of which encode the information records that are traded.


Source Image

5.How HTTPS Works

Https isn't a different convention, however it alludes to a blend of typical HTTP communications by means of a SSL (Secure) Secure Layer Sck Layer Security or Transport Layer Security (TLS) transport system. This guarantees sensible insurance from spies and (if they are appropriately executed and top level confirmation experts carry out their activity well) assaults.

TCP default port https: URL is 443 (for HTTP unsecured, default is 80). To set up the web-server for association the collector must be https executive and make an open key declaration for the web server. This endorsement can be made for Linux based servers with apparatuses, for example, SSL Open SSL or SuSE gensslcert. This endorsement must be marked by a some frame authentication expert, expressing that the testament holder is who they propose. Web programs are by and large appropriated with the marking of authentication of the primary testament specialist, so they can check the declaration marked by them.

When utilizing https association, the server reacts to the underlying association by offering a rundown of bolstered encryption strategies. Accordingly, the customer chooses the association strategy, and the customer and server trade testament for their character confirmation. When this is done, the two gatherings trade scrambled data in the wake of guaranteeing that both utilize a similar key, and the association is shut. For a https association have, the server must have an open key testament, which installs key data by checking the personality of the key proprietor. Most Certificates are checked by an outsider so the customer trusts that the key is secure.

6.The benefit of utilizing HTTP over HTTPS

To secure correspondence amongst program and web server. By what method can? The accompanying short outline will reply: When you get to a web server that uses the HTTPS convention, the page sent to you has been encoded by this convention. And all the data you send to the server (enrollment, character, stick number, installment exchange) will be scrambled too so nobody can listening in your information while the exchange is in advance. At that point your information exchange turns out to be more sheltered. HTTPS convention can be found on keeping money locales, web based business, enrollment shape, and so on. Since around here region is helpless against happen listening in by outsiders. That is the reason you require a SSL endorsement.

7.Comprehension and capacity of SSL

SSL Certificate (Secured Socket Layer) is utilized to secure information transmission through the site. Information transmission, for example, Visa data, account username and secret key, all other delicate data must be secured to avoid listening stealthily, information robbery amid online exchange handling, et cetera. SSL declarations can secure information connected through the site just as well as in email transmission can be secured by SSL ini.Dengan SSL Certificate information so scrambled before transmission over the web. Encoded information can be decoded just by the server which really sends itself. This is a certification that data submitted to the site won't be stolen or messed with.

SSL Certificate itself is a major mystery code, ie with sizes running from 1,024 Bit, 2048 Bit, to 4096 Bit.SSL Certificate of this code must be introduced on the server where the area name site is run. When you get to a secured site with an endorsement, you will see a brilliant lock in your program. Another marker that we have associated with a protected site is https:/toward the start of its URL address. Destinations that don't have a declaration establishment at the URL address are recorded just http:/as it were. On the off chance that tapped on the blue/green bar it will seem more data about the SSL Certificate it employments.

Follow Me
@linuxsteem

Continue To Part 2

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!