A certificate is a vessel for a server to provide authentication - information.
+A certificate is a vessel for a domain to provide authentication + information. More specifically, and perhaps most importantly, a certificate + is the package which transfers a key. TLS relies entirely upon Public-Key + Authentication to setup a secure connection. The challenge with Public-Key + Authentication is often sharing keys in a verifiable and secure manner. + This is to say that, despite public keys being public, you still need to + verify the owner of the key. This is where certificates, and Certificate + Authorities come in. Each certificate is tailored to a specific domain. It + includes not only the public key for a user to connect to the server with, + but also meta-data about the certificate: a UUID, and information about the + Certificate Authority; a signature authorizing the certificate, as well as + the encryption used for the signature; a thumbprint of the key, and details + of the algorithm used to hash the key; and a purpose for the certificate. + Certificates may contain additional details, but the aforementioned list is + required.
-A cipher is the algorithm used to encrypt the information - to be transmitted.
+A Certificate Authority (CA) is a trusted third-party repository of + signed keys. The purpose of a CA is very specific: verification. A CA will + generate and issue a key-pair to a domain. The domain can then share the + public key using a certificate. How specifically a CA verifies the domains + and keys is out of scope of this discussion, but Wikipedia provides many + details on the techniques used.
+ +A cipher is the algorithm used to encrypt information. Ciphers are + incredibly complex mathematical formulae, and are well beyond my + understanding. However, it is important to note that the strength of a key + is only as strong as the cipher suite used to generate it. Likewise, the + strength of a certificate is only as strong as the cipher used to sign + it. Keep this in mind when you generate and work with keys.
Big topic, very important!
+The most important part of TLS is public-key authentication. I would + argue that public-key authentication is one of the most important facets of + the technical world. Because of this, I want to recap in more general terms + how public-key authentication works:
+ +Now, whenever one of the two parties wants to securely communicate with + the other, they "sign" (encrypt) the communication with their private key. + The second party can then use the public key of the first party to verify + the identify of the sender, and decrypt the message. + +
Security is a very deep and involved topic, but one I feel every + Sys-Admin should know a bit about. While these posts are only meant to serve + as a high-level overview of TLS, there are many more-detailed sources + available. I would suggest a visit to your local Wikipedia as a good first + step. Thanks for reading.