Lazy Hacker

The website holder generates the “public key” and “private key”. The website holder sends the “public key” with some other information like holder name, subject, serial number, signature algorithm, signature, etc to the certificate authority. The certificate authority verifies the data provided by the Website holder then builds the certificate and finally digitally signs it for the holder. A certificate is a document that contains necessary information about the website holder like the holder's public key, expiration date, name of the certificate holder, and the digital signature of the certificate-issuing authority. CA send the certificate to the website holder. The holder configures the certificate in the server.

  A digital signature is a mathematical way of verifying the authenticity of digital messages or documents. The steps followed in creating a digital signature are:

  Domain Name System Security Extensions (DNSSEC) is used to protect the integrity and authenticity of the data in DNS by establishing a chain of trust. Before an understanding of DNSSEC, first, understand the basics of DNS: What are the DNS functionalities? DNS is used to translate the domain names to IP addresses or vice-versa. DNS works on both TCP and UDP but normally works on UDP port 53. TCP port 53 used when very large requests and responses, for example, Zone Transfer. www.example.com  = 192.168.1.10 192.168.1.10 =  www.example.com Why DNS? Domain names are alphabet and they are easier to remember that is why we user domain name. In the old solution, the host.txt file needs to be regularly update that was distributed to all hosts on the Internet. Issues with old solutions are: The file becomes huge after some time Need to regularly update Need to maintain name uniqueness How does it work? When you enter a domain name in the browser ( www.google.com ), it first tries to resolve